Skip to main content
Employee Sign in

Create a role

Marisa Potgieter
  • Updated

Read More about roles for an introduction to the feature.

  • Click Manage.
  • Under User Admin, click Roles.

Keep in mind that each role is created at a certain level in your organisation’s hierarchy. If you create it higher up, it will usually apply to more administrative users. The level at which you add the role determines where it can be used in the system.

Duplicate a role

  • Click on the three dots menu next to the specific role and select Duplicate.

DuplicateARole.png

You can duplicate roles used in your own security group if you have the "Roles - Access and Update" permission. You can only make the role available in organisation groups on the same level or lower.

Create a new role 

  • Click the Add roles button. CreateNew.png
  • Complete all the required fields. 

Role Name - Enter a descriptive name for the role, describing the roles purpose, e.g. Tasks access and create

Profile - In the dropdown, select the profile type which matches the role - System administator, General administrator, advance user, web user. 

Organization Group - Select the organization groups where this role must be made available by clicking on the name of the organization. (Use the + if you need to expand the list to view groups in the main group.) Any users with the relevant permissions within all the selected groups will be able to edit this role. Users with relevant permissions within any of the groups will be able to make use of this role when creating users.

The role cannot be assigned to the user's own security group.

  • A new role is created and allocated to the selected organization groups.
  • The role can be shared with many groups. When you share a role with another dealer or to a group in the organizational hierarchy where you may not have editing rights, you may not be able to edit the role in future. 
  • The list of organizations available for selection depends on the user creating the role and their permissions.
  • The role will be visible to anyone who has "view role" access to the group(s) the role is allocated to.
  • Any user with access to the organization group can use this role when they create users.

 Description - enter a description for the role.

  • Click Next at the top right corner.          
  • The permissions page will now be displayed. 
  • Start by enabling the features that must be made available for the role by clicking the Enable checkbox.  Note that the sections are grouped into the features and functionality as they are displayed in On-Road IoT as menu times, e.g. The Activity Timeline section groups together the functionality as found under the Activity Timeline menu under Monitor. 

EnableFeatureForRole.png

There are functional permissions and permissions to data.

A functional permission could, for example, give users the ability to import contacts or to create new drivers. When you give access to the contacts permission however you give permission to view the contact data, i.e. to access, update or delete the contact data. Read more about the data permission below.

  • Once you have enabled the feature, you can assign access, create, update or delete permissions where relevant. To check the create, update and delete permissions, you must first select an access permission for a specific function. 
  • You can also disable the entire feature again by clicking the box at the top.

Please note that you need to give a role access permissions to either the Login - web application or Login - mobile applications in the General feature. Giving a role permissions to any of the features below will not mean that the users can then automatically also log in to the web or various mobile apps. 

 

AssignPermissionsAndDisable.png

  • Click Save.

Quick select/deselect Option

The quick select/deselect option is available for selecting multiple permissions at once. This function should be used with care.

  • Click on the relevant boxes to enable the specific features/sections, e.g. General, Config Admin, Hours of Service, etc. 
  • Now scroll to the quick select/deselect buttons at the top and click in the individual boxes to enable the specific rights across all the sections. 
  • Click Save. 

See below for a demonstration:

QuickPermissions.gif

 

Understanding Data and Functional Permissions

As explained above, data permissions provide access to specific types of data — for example, asset data or driver data — while functional permissions provide access to specific actions or features, such as exporting assets or updating an asset’s licence information.

If an administrator creates a role that only includes a functional permission (e.g. basic tracking) and assigns it to users who do not have access to asset data, those users will not be able to view any asset details in Live Tracking. As a result, they won’t be able to perform their core task of monitoring vehicles.

To ensure that users can track assets successfully in Live Tracking, the asset data permission is automatically assigned in the background. This allows users to view assets within the Live Tracking feature, even though they still cannot access the Assets module itself since they don’t have the functional permission for that module.

Similarly, users who can access Live Tracking can plot events on the map because they have the necessary event data permission. However, without functional access to configuration features, they won’t be able to view or manage events in the Config Groups module.

In the same way, some data permissions are automatically assigned across modules when needed. For example, a user without access to the Contacts module may still need to reference contact data when setting up report subscriptions in Insights. In such cases, a background data permission allows access to the contact data within Insights but not to the Contacts module itself.

Related articles