Update/Add permissions to Security Groups (Complete List Attached)
I've noticed quite a number of granular permission levels that are missing, and a few others that are too vague / not specific enough. What I’ve deduced is that almost every subject matter needs at least 5 basic levels (list/search, view details, create, edit, delete) and some need additional special levels (merge, edit specific subset, etc). While some are perfect, I've come up with (what I believe is) a more complete list. Note, my list is grouped in order of most important:
Customers - List/Search
Customers - View Details
Customers - Create
Customers - Edit
Customers - Edit (block hours)
Customers - Edit (credits)
Customers - Delete
Customers – Merge
Tickets - List/Search
Tickets - View Details (only ‘their’ tickets)
Tickets - View Details
Tickets – Create
Tickets – Edit
Tickets - Delete
Ticket Comments – Create
Ticket Comments – Email (from customers detail page)
Ticket Comments – Delete (only ‘their’ comments)
Ticket Comments – Delete
Assets - List/Search
Assets – View Details
Assets - Create
Assets - Edit
Assets - Delete
Appointments – List/Search
Appointments – View Details
Appointments – Create
Appointments – Edit
Appointments – Delete
Line Item - View Details (category, tax note, cost, tech)
Line Item – Create (add from inventory, bundle or barcode/serial)
Line Item – Create (add manual item)
Line Item - Edit (description)
Line Item - Edit (retail price)
Line Item - Edit Details (category, tax note, cost, tech)
Line Item - Delete
Estimates - List/Search
Estimates - View Details (only ‘their’ estimates)
Estimates - View Details
Estimates – Create
Estimates – Clone
Estimates – Convert (to invoice)
Estimates – Edit (includes ‘change assignee)
Estimates - Delete
Invoices - List/Search
Invoices - View Details (only ‘their’ invoices)
Invoices - View Details
Invoices - Create
Invoices - Clone
Invoices – Edit (includes ‘change assignee)
Invoices - Delete
Invoices - Refund
Recurring Invoices – List/Search
Recurring Invoices – View Details
Recurring Invoices - Create
Recurring Invoices - Edit
Recurring Invoices - Delete
Payments – List/Search
Payments - View Details
Payments – Create
Payments – Edit (includes ability to ‘clear’ payment)
Payments - Delete
Payments - Refund
Payments – Void
Products - List/Search
Products - View Details (including cost)
Products - Create
Products - Edit
Products - Edit (quantities on hand)
Products – Delete (disable)
Logistics - List/Search
Logistics – View Details
Logistics – Create
Logistics – Edit
Logistics – Delete
Purchase Orders - List/Search
Purchase Orders - View Details
Purchase Orders - Create
Purchase Orders – Edit
Purchase Orders – Receive/Check-in
Purchase Orders - RMA
Purchase Orders – Delete
Vendors – List/Search
Vendors - View Details
Vendors - Create
Vendors - Edit
Vendors – Delete
Leads - List/Search
Leads – View Details
Leads – Edit (process)
Leads – Delete
Marketr - List/Search
Marketr – View Details
Marketr - Create
Marketr - Edit
Marketr - Delete
Wiki – List/Search
Wiki - View Details
Wiki - Create
Wiki - Edit
Wiki - Delete
Contracts - List/Search
Contracts – View Details
Contracts - Create
Contracts - Edit
Contracts – Delete
POS - Allow Usage
Printers - Edit
Reports - View (toggle granular reports list)
Snail Mail - Send
Another needed permission is the ability to control which tabs are displayed on the top of the screen, If a specific user doesn't have any Invoice permission including listing or viewing than the Invoices tab is useless, it should be disabled, and the same goes for other tabs like purchase orders tab and admin tab which is not accessible for regular users.
ALSO: Need to break the "Line Items" security groups across these 3 types:
Recurring Tickets – List/Search
Recurring Tickets – View Details
Recurring Tickets - Create
Recurring Tickets - Edit
Recurring Tickets - Delete
PLEASE! ANY update of ANY kind?
Tim Nyberg commented
A few more that might be nice are
Allow access to IOS App, (if off would not be able to use iOS app at all)
Allow access to RSr outside office hours, (would have to define hours)
Allow access outside a set IP address by tech, (so some techs could see RSr outside the office and some techs would never has access outside the office at all. And to define what hours it would be available even to those that can see it outside the office.) Currently is it all or none and that doesn't work well.
Can access RMM alerts
Can access CC info and add / remove CCs
Access to invoice list - currently it is wide open. They can see everything for the last 30 days. It would be nice if we could set the number of days back they could see invoices in that list. We can always go to the customer file to look things up but having a list wide open is a little bit of a security risk.
Allow to view / list clients in list view. (No reason for bench techs to have access to a list of clients names in a simple printable or screen shotable list. It is ok to search one at a time when needed to create tickets etc but no reason to go to customers and view a list. This should be a restrict-able. this should include the app, no one should be able to view all the customers in the list via the app unless they have the permission to do so.
More options for restrictive permissions would be good. Business owners need to protect their client lists.
Allow access to VIEW tabs, it would be nice if clients didn't have permission to access what is behind a tab, like DOMO or Purchase orders that they also couldn't see the tab in the first place. Security though obscurity.
Thanks for looking at all these, security is a big area that needs some attention.
Can these please be updated/organized/fixed?
@Tim & Eric: Agreed on both points. Please add any additional permissions you'd like to see as well.
Tim Nyberg commented
Good comment Eric, please see my post on iOS security which I feel you may be interested as well.
We'd like to see the ability to have different pages in the wiki available to different levels of users as well. We like to use the wiki as a place for how to's, but the how to's for the office manger and the how to's for the accountant are different and may contain confidential information.
This is great, it would be nice to have a greater level of granularity or detail on permissions. I have one I'd like to add that we would find useful.
Tickets - View Resolved
We can't have our techs looking at all the tickets, we only want them doing ones assigned to them. However sometimes we have a tech work on a job that a different tech had done work on months ago. I would like for the new tech to be able to look at the old resolved ticket from last time to see if there is any information that could be useful for the current job.
Products - View Details
This would be a really great permission level so standard techs could view the specific prices/serials for serialized inventory items. The only place the price/serial is viewable is in the product details page, which we have locked off to hide cost and to disable users from editing price/details.
Hi RS. Still very eager for any form of upgrade on this topic. There have been a plethora of new features added and having a security setting for them is CRITICAL! I think just an hour of TLC on security groups would be greatly appreciated by all RS users. Some new ideas on this:
1. Now that 'Credits' appear to be upgraded to the customer account, it could use it's own set of permissions (including migrating Block Hours out of 'Customers'):
>Credits - Add
>Credits - Edit Block Hours
>Credits - Apply to Invoice
>Credits - Delete
2. Other modules we'd like to lock down with security privelages:
>AutoPrintr - Authenticate (their locations)
>AutoPrintr - Authenticate (all locations)
>Customer Purchases - List/Search
>Customer Purchases - View Details
>Customer Purchases - Create
>Customer Purchases - Edit
>Customer Purchases - Complete Purchase
>Customer Purchases - Delete
>Refurbs - List/Search
>Refurbs - View Details
>Refurbs - Create
>Refurbs - Edit
>Refurbs - Add to Inventory
>Refurbs - Delete
3. Other permissions that would be helpful for financial security:
>Allow Usage of Discount Type - (dropdown list of discount "codes" for invoices)
>Allow Usage of Payment Type - (dropdown list of all payment types)
>Payments - Edit (eg. change type from cash to check)
>Products - Delete (serialized inventory stock)
We'd really appreciate a quick look at this. Thanks!
Additional permission that would be hugely appreciated:
Canned Responses - Create
Canned Responses - Edit
Canned Responses - Delete
@ILAN - Thank you for your feedback. I do my best to input a good 4-8 hours of feedback per month. One day RS is going to pro-rate my account for how much value I've helped add to their product ;)
@RS - Just wanted to reiterate that we need the ability to have view product DETAILS (like cost/price), but NOT EDIT those details. This is needed because some features are only visible from with inside the actual products detail page (like product label PDFs). So, please make sure both of these permissions exist separately:
Products - View Details
Products - Edit Details
ILAN ELIYAHU commented
Hi Ryan, thank you for your suggestions, I'm switching to RS in the beginning of 2016 and I see how those missing granular permission levels will be a big pain for me in managing my employees in their different levels of responsibilities. The suggested granular permission levels are crucial for this kind of complete management system.
Please rush this idea.
THANK YOU AND HAPPY NEW YEAR!!
Hey guys, hoping for a positive update on this to Planned or Started :)
This would be a MAJOR help for us right now. As a global admin, I'm finding the only times I'm being bothered for help in the system are by managers who need access to security features that aren't currently available. If we can just get some final security options set, it would greatly help our managers be more effective in having control of what they need to manage.
Specifically, these are some issues and solutions we're experiencing DAILY:
"I need to un-apply a payment to modify an invoice that has been paid" : Payments – Edit
"I accidentally sent a ticket update to the wrong customer" : Ticket Comments - Strikeout
"Someone marked this payment as cash when it was paid by check" : Payments - Delete
"I made my PO at the wrong location and need to fix that" : Purchase Orders - Edit
And one more great privilege level for ALL of the above categories: " - View Change History Log"
Any expediting we can do on this topic would be extremely appreciated. These are obviously features that are going to happen; so the sooner they happen, the better. :)
In relation to the below security groups, they should not fully "delete"; but should instead show with a strikeout over the text. This is because public comments are email/posted to the customer portal (and may have been seen by the customer), but are no longer visible in the ticket PDF or customer portal.
In the future, we should be able to fully delete any private/internal comments, and only strikethough any public/emailed comments. There are even more possibilities if one day we make read receipts in the customer portal and emails that are sent.
Ticket Comments – Delete (only ‘their’ comments) --- strikethough if public/emailed
Ticket Comments – Delete --- strikethough if public/emailed
Additional security group as per recent forum posts:
"Ticket Custom Fields - View Audit Logs"
PC Mike commented
Also, the ability to "View - Audit Logs" for tickets, estimates, invoices, etc.