Asset Intelligence and Management

Asset Intelligence and Management

Custom Roles in EZOfficeInventory

While the system has predefined user roles, every company is different and might want to configure unique roles for each user. This is now possible with the Custom Roles feature in EZOfficeInventory.

1.Enable Custom Roles

Enable Custom Roles from Settings → Add Ons → Custom Role and hit ‘Enabled’.

2. Create a new Role

Once you’ve enabled Custom Roles, you can now create new roles or edit existing ones by going to Members → Roles.

Once you click ‘Add New Role’, the following form opens up:

Begin by selecting a Base Role for your new custom role. This will apply some system permissions in addition to the customized permissions you set.

3. Role Restrictions

Next, you have to specify what kind of restrictions will you apply to this role. There are two types of Role Restrictions. Both of these are discussed in detail here:

3.1. Item Restrictions

Item Restrictions limit the user’s access to certain items. There are four possible ways to restrict item access by:

Item restrictions

Note: You can choose multiple Groups and Locations. Here’s how you can ensure Custom Roles assigned to a certain Location are able to view all Asset Stock available at their Location.

3.2. User Restrictions

User Restrictions limit the role from interacting with certain users and taking actions for them. You can restrict user access by:

User restrictions

Note: You may choose multiple Teams.

3.3. Create Teams

Teams are associated with Custom Roles and are automatically disabled when the Custom Roles Add On is disabled. To create a new team, go to More → Teams and click on ‘Add New Team’. The following overlay appears:

4.Permissions

Based on the Role Restrictions selected above, you can set detailed permissions for the role. These permissions include a multitude of options for various items and modules. We will discuss these in detail later on.

4.1. Default permissions

Instead of specifying all the permission settings available, you can keep things simple and start off with the following Default Permissions:

  1. Administrator
  2. Staff User

For example, when you select Administrator from the dropdown menu, the system automatically selects all Administrator permissions.

This way, whichever default role you select, all relevant checkboxes will automatically be selected. Then, you only need to edit checkboxes you require changing.

Once done, hit the ‘Create’ button!

4.2. Customized permissions

You can also specify all permissions from scratch. Here’s an overview of all the modules you can specify permissions for:

At the end, you can even grant permission to a role to change company settings and add ons (excluding billings page and change account user setting). However when this setting is checked and overlay will appear asking for password authentication. You can even turn on the access to manage and create Reports.

5. Permissions for Assets, Asset Stock, Inventory, Packages

To get comfortable with the permissions available, let’s look at an expanded view of the Assets module:

The Assets module contains both Users and Item Restrictions. This means you can limit the role to work with certain users and carry out actions for them, and take actions on certain items.

An understanding of the Assets module will also apply to the following modules since they have similar permissions:

  • Asset Stock
  • Inventory
  • Packages

Note: The permissions for check-in, checkout, transfer custody, reserve, and service and maintenance for Assets also extend to Packages. Therefore, what you choose for these permissions under Assets will also map to Packages automatically.

5.1. ‘Within Item Restrictions’ vs. ‘Without Item Restrictions’

Let’s say you’re creating a Custom Role that needs to have the authority to delete all Assets. In such a case, you will select the ‘Without Item Restrictions’ checkbox as shown below:

This enables the Custom Role to delete any Assets irrespective of what group or location they’re in. If you want the Custom Role to only delete Assets within the specified Item Restrictions, select the ‘Within Item Restrictions’ checkbox instead.

Keep in mind that you can only choose one checkbox in a row out of the two for ‘Within Item Restrictions’ and ‘Without Item Restrictions’.

5.2. Understanding the ‘For What’ and ‘For Who’ columns

For certain permissions, you will be able to see the ‘For What Items’ column. Here’s a visual of one such instance:

This column lets you take actions on Items or Packages that are assigned to the Custom Role user. In the above visual, if you select the ‘Only Self’ checkbox, the user will be able to view all Assets that have been assigned to them.

Note: In case you don’t select Item Restrictions, the role will be able to view all Assets without any limitations. However, in case you select the above option of ‘Items assigned to self’, then preference will be given to this option. This means that the user will be able to only view Assets assigned to them, even if the role has no item restrictions applied to it.

When either ‘Within Item Restrictions’ or ‘Without Item Restrictions’ are chosen, then the role will be able to view all Assets without any limitations because you didn’t specify  any Item Restrictions.

Custom Roles are mainly defined through two main columns ‘For What Items’ and ‘For Who’. These two columns are further divided into a total of 5 columns that can be set to define a user role. You can only select one column for each ‘For What Items’ and ‘For Who’ columns. 

Whenever the ‘For What Items’ column is introduced, it means that in addition to carrying out the action for other users, the user can now also define restrictions.

In case you select ‘All Items no item restriction’ when specifying Item Restrictions, the role will be able to view all Assets without any limitations. 

Let’s break the above visual into two parts to better understand the set of actions it allows the role to take:

The first set of actions available to the role are highlighted above. The role can take any of the two actions:

  1. Reserve items for themselves within the set Item Restrictions
  2. Reserve items for themselves without being limited by Item Restrictions

Similarly, let’s look at the set of permissions available when checking out Assets for better understanding:

Here are the possible actions the role can take using the permissions within the ‘For This User’ column:

  1. Checkout items for themselves within Item Restrictions.
  2. Checkout items for themselves without being limited by Item Restrictions.

Here are all the other possible actions the role can take within with the permissions above:

  1. The role can checkout items for those users who exist within the set team restrictions. The items checked out must be within set Item Restrictions.
  2. The role can checkout items for those users who exist within the set team restrictions. The items checked out do not have to be limited by any Item Restrictions.
  3. The role can checkout items for any user without being limited by team restrictions. The items checked out must be within set Item Restrictions.
  4. The role can checkout items for any user without being limited by team restrictions. The items checked out also do not have to be limited by any Item Restrictions.

6. Permissions for Carts, Members, Purchase Orders, Work Orders

To get comfortable with the permissions available, let’s look at an expanded view of the Carts module:

The Carts module does not contain any Item Restrictions. However, it does contain User Restrictions. This means you can restrict who the role can work with, carry out actions for, etc. Here’s an example:

Let’s assume there is a custom role called IT Support. This role is also a part of two teams –  Network Team and Hardware Team. With these permissions, you can choose whether IT Support users will have:

  1. The authority to update Carts that were created by IT Support user themselves.
  2. The authority to update Carts created by other users within team restrictions, i.e. other users that exist within the two teams, Network Team and Hardware Team, that IT Support is also a part of.
  3. The authority to update Carts created by all other users without any limitations.

Let’s take an example from the above options. In case of the option ‘Update Carts created by this user’, if you select ‘Only Self’. This means the user will be able to update only those Carts that have been created by them.

The same is applicable in all the conditions where the following phrases are used:

  • Created by this user
  • Assigned to this user
  • Reviewed by this user
  • Approved by this user
  • Requested by this user

An understanding of the Carts module will also apply to the following modules since they have similar permissions:

  • Members
  • Purchase Orders
  • Work Orders

Read More: Carts in EZOfficeInventory: Equipment Management for Jobs and Events

7. Permissions for Groups & Subgroups, Vendors, Locations, Documents

To get comfortable with the permissions available, let’s look at an expanded view of the Groups and Subgroups module:

The Groups and Subgroups module does not contain items restrictions or user restrictions. Instead, all the permissions have to do with basic actions such as the ability to create, delete, update and view Groups and Subgroups.

Let’s look at an example:

With this permission, the custom role you are creating simply gets the authority to create Groups and Subgroups.

An understanding of the Groups and Subgroups module will also apply to the following modules since they have similar permissions:

  • Vendors
  • Locations
  • Documents

Read More: Managing Access Control for Large Teams

Note: Within the permissions for Documents, you can restrict whether the custom role can attach a document or not. If this permission is left unchecked, it means the role will not be able to attach documents anywhere within the system, with any module.

8. Assign the Custom Role to a Member

Method 1: Via Members Details page

Once you’ve created the Custom Role, it’s time to assign it to a Member. To do so, either create a new Member from the ‘Members’ tab or open the existing one you wish to update.

From the Member Details Page, click on ‘Edit’. Then choose the Custom Role you just created from the Role dropdown menu as shown below:

All you have to do then is scroll down and hit ‘Submit’ to assign the new Role to the Member.

Method 2: Via Role Details page

You can also assign a Custom Role to a Member using another method. To do so, go to Members → Roles and open up the Custom Role you want to assign. Click the ‘Add or Remove Users’ button shown below:

This opens up the following overlay. Here, you can choose which member you want to assign the role to from a list of available users. Once you’re done, simply hit the ‘Change Custom Role’ button to save your changes.

Note: You can assign several members to the same Custom Role.

9. Alerts for Custom Roles

When alerts are enabled for a user in custom roles, they will receive an alert whenever an admin assigns the user an item. For example if checkout alert is enabled for a custom role user and an admin checks out an item to that particular user. The user will receive the checkout alert. Such alerts apply to the following modules:

  • Check-in
  • Checkout
  • Cart check-in/checkout
  • Assigned WO
  • Assigned PO
  • Transfer custody
  • Custody approved/denied
  • Reservation approved/denied
  • PR approved/denied

10. Overview of restrictions within all modules

To get a better understanding of which modules have user and item restrictions and which don’t, here’s a simple overview:

Overview of all types of restrictions in various modules

11. What happens when you disable Custom Roles?

When you disable Custom Roles, the following dialog box appears:

The concerned user must be assigned some role now that the custom role has been disabled. As the dialog box clarifies, each concerned user will be assigned a role according to the selected permissions.

Keep in mind that the Default Permissions you chose from the dropdown menu do not decide what role the system will assign to the user after you disable Custom Roles. Instead, the permission checkboxes do. If all the permission checkboxes selected are blue, the user will be assigned the role of a Staff User. However, if you select even a single pink box, the user will be assigned the role of an Administrator.

Let’s look at an example. Here, the Default Permission from the dropdown menu is set to Staff User but an Administrator action is selected from the permission checkboxes:

The custom role is authorized for one Administrator-level action. Therefore when the Custom Roles are disabled, the user will be assigned the role of an Administrator.

Have any questions?

For more assistance, drop us an email at support@ezo.io.