Custom Roles in EZOfficeInventory

custom roles banner

While the system has predefined user roles, every company is different and might want to configure unique roles for each user. This is now possible with the Custom Roles feature in EZOfficeInventory.

Contents:

1. Enable Custom Roles
2. Create a new Role
3. Role Restrictions
3.1. Items Restrictions
3.2. User Restrictions
3.3. Create Teams
4. Permissions
4.1. Default permissions
4.2. Customized permissions
5. Permissions for Assets, Asset Stock, Inventory, Packages
5.1. ‘Within Item Restrictions’ vs. ‘Without Item Restrictions’
5.2. What does ‘Assigned To This User’ mean?
5.3. Understanding the ‘For This User’ column
6. Permissions for Carts, Members, Purchase Orders, Work Orders
7. Permissions for Groups & Subgroups, Vendors, Locations, Documents
8. Assign the Custom Role to a Member
9. Overview of restrictions within all modules
10. What happens when you disable Custom Roles?

1. Enable Custom Roles

Enable Custom Roles from Settings → Add Ons → Custom Roles and hit ‘Enabled’.

Enable custom roles

2. Create a new Role

Once you’ve enabled Custom Roles, you can now create new roles or edit existing ones by going to Members → Roles.

Roles tab under Members

Once you click ‘Add New Role’, the following form opens up:

New Custom Role Overview

Begin by specifying a name and description for your new role.

3. Role Restrictions

Next, you have to specify what kind of restrictions will you apply to this role. There are two types of Role Restrictions. Both of these are discussed in detail here:

3.1. Item Restrictions

Item Restrictions limit the user’s access to certain items. There are four possible ways to restrict item access by:

Item restrictions

Note: You can choose multiple Groups and Locations.

3.2. User Restrictions

User Restrictions limit the role from interacting with certain users and taking actions for them. You can restrict user access by:

User restrictions

Note: You may choose multiple Teams.

3.3. Create Teams

Teams are associated with Custom Roles and are automatically disabled when the Custom Roles Add On is disabled. To create a new team, go to More → Teams and click on ‘Add New Team’. The following overlay appears:

Create a new team

4. Permissions

Based on the Role Restrictions selected above, you can set detailed permissions for the role. These permissions include a multitude of options for various items and modules. We will discuss these in detail later on.

4.1. Default permissions

Instead of specifying all the permission settings available, you can keep things simple and start off with the following Default Permissions:

  1. Administrator
  2. Staff User

For example, when you select Administrator from the dropdown menu, the system automatically selects all Administrator permissions.

Choose default permissions for custom roles

This way, whichever default role you select, all relevant checkboxes will automatically be selected. Then, you only need to edit checkboxes you require changing.

The pink boxes represent actions only Administrators can take, whereas the blue boxes represent actions Staff Users can take.

Once done, scroll down and hit the ‘Create’ button!

4.2. Customized permissions

You can also specify all permissions from scratch. Here’s an overview of all the modules you can specify permissions for:

Overview of Permissions for Custom Roles

5. Permissions for Assets, Asset Stock, Inventory, Packages

To get comfortable with the permissions available, let’s look at an expanded view of the Assets module:

Expanded Assets module

The Assets module contains both Users and Item Restrictions. This means you can limit the role to work with certain users and carry out actions for them, and take actions on certain items.

An understanding of the Assets module will also apply to the following modules since they have similar permissions:

  • Asset Stock
  • Inventory
  • Packages

Note: The permissions for check-in, checkout, transfer custody, reserve, and service and maintenance for Assets also extend to Packages. Therefore, what you choose for these permissions under Assets will also map to Packages automatically.

5.1. ‘Within Item Restrictions’ vs. ‘Without Item Restrictions’

Let’s say you’re creating a Custom Role that needs to have the authority to delete all Assets. In such a case, you will select the ‘Without Item Restrictions’ checkbox as shown below:

Delete all Assets permission

This enables the Custom Role to delete any Assets irrespective of what group or location they’re in. If you want the Custom Role to only delete Assets within the specified Item Restrictions, select the ‘Within Item Restrictions’ checkbox instead.

Keep in mind that you can only choose one checkbox in a row out of the two for ‘Within Item Restrictions’ and ‘Without Item Restrictions’.

If you choose both for ‘Within Item Restrictions’ and ‘Without Item Restrictions’, preference is given to ‘Without Item Restrictions’.

Preference when selecting both checkboxes

Therefore, in the above case, the ‘Within Item Restrictions’ checkbox is disregarded and the Custom Role is given the right to take the action without Item Restrictions.

5.2. What does ‘Assigned To This User’ mean?

For certain permissions, you will be able to see an ‘Assigned To This User’ column. Here’s a visual of one such instance:

assigned to this user custom role setting

This column lets you take actions on Items or Packages that are assigned to the Custom Role user. In the above visual, if you select the ‘Assigned To This User’ checkbox, the user will be able to view all Assets that have been assigned to them.

In case you select ‘None’ when specifying Item Restrictions, the role will be able to view all Assets without any limitations. However, in case you select the above option of ‘Assigned To This User’, then preference will be given to this option. This means that the user will be able to only view Assets assigned to them, even if the role has no item restrictions applied to it.

However, when either ‘Within Item Restrictions’ or ‘Without Item Restrictions’ are chosen, then preference is given to ‘None’ as chosen above in Item Restrictions.

5.3. Understanding the ‘For This User’ column

When scrolling through the list of permissions, a new column ‘For This User’ emerges in some instances. Here’s a visual of one such instance:

Different permissions

This may look confusing but is fairly simple once you get the hang of it. Whenever the ‘For This User’ column is introduced, it means that in addition to carrying out the action for other users, the user can now also do so for himself.

Let’s break the above visual into two parts to better understand the set of actions it allows the role to take:

for this user section in custom roles

The first set of actions available to the role are highlighted above. The role can take any of the two actions, in this case, using the ‘For This User’ column:

  1. Check-in items for themselves within the set Item Restrictions
  2. Check-in items for themselves without being limited by Item Restrictions

Moving on to the second set of actions that are highlighted below:

Other permissions for custom roles

This set of actions is just the regular permissions as explained above in section 5.1. Instead of ‘For This User’, these actions affect other users.

Similarly, let’s look at the set of permissions available when checking out Assets for better understanding:

Custom role settings for checking out assets

Here are the possible actions the role can take using the permissions within the ‘For This User’ column:

  1. Checkout items for themselves within Item Restrictions.
  2. Checkout items for themselves without being limited by Item Restrictions.

Here are all the other possible actions the role can take within with the permissions above:

  1. The role can checkout items for those users who exist within the set team restrictions. The items checked out must be within set Item Restrictions.
  2. The role can checkout items for those users who exist within the set team restrictions. The items checked out do not have to be limited by any Item Restrictions.
  3. The role can checkout items for any user without being limited by team restrictions. The items checked out must be within set Item Restrictions.
  4. The role can checkout items for any user without being limited by team restrictions. The items checked out also do not have to be limited by any Item Restrictions.

6. Permissions for Carts, Members, Purchase Orders, Work Orders

To get comfortable with the permissions available, let’s look at an expanded view of the Carts module:

Carts overview of permissions

The Carts module does not contain any Item Restrictions. However, it does contain User Restrictions. This means you can restrict who the role can work with, carry out actions for, etc. Here’s an example:

Carts permissions

Let’s assume there is a custom role called IT Support. This role is also a part of two teams –  Network Team and Hardware Team. With these permissions, you can choose whether IT Support users will have:

  1. The authority to update Carts that were created by any IT Support user.
  2. The authority to update Carts created by other users within team restrictions, i.e. other users that exist within the two teams, Network Team and Hardware Team, that IT Support is also a part of.
  3. The authority to update Carts created by all other users without any limitations.

In case you select ‘None’ when choosing user restrictions, then the user can update all Carts. However, let’s take an example from the above options. In case of the option ‘Update Carts created by this user’, if you select ‘Authorized’, then preference will be given to this option. This means the user will be able to update only those Carts that have been created by them, irrespective of whether you have chosen ‘None’ in user restrictions.

The same is applicable in all the conditions where the following phrases are used:

  • Created by this user
  • Assigned to this user
  • Reviewed by this user
  • Approved by this user
  • Requested by this user

However, in case you select two options as shown below, then preference is given to the ‘None’ you selected above in user restrictions:

How preference is given

An understanding of the Carts module will also apply to the following modules since they have similar permissions:

  • Members
  • Purchase Orders
  • Work Orders
  • Work Logs
  • Checklists

Read More: Carts in EZOfficeInventory: Equipment Management for Jobs and Events

7. Permissions for Groups & Subgroups, Vendors, Locations, Documents

To get comfortable with the permissions available, let’s look at an expanded view of the Groups and Subgroups module:

Overview of groups and subgroups

The Groups and Subgroups module does not contain items restrictions or user restrictions. Instead, all the permissions have to do with basic actions such as the ability to create, delete, update and view Groups and Subgroups.

Let’s look at an example:

Groups and Subgroups permissions

With this permission, the custom role you are creating simply gets the authority to create Groups and Subgroups.

An understanding of the Groups and Subgroups module will also apply to the following modules since they have similar permissions:

  • Vendors
  • Locations
  • Documents

Read More: Managing Access Control for Large Teams

Note: Within the permissions for Documents, you can restrict whether the custom role can attach a document or not. If this permission is left unchecked, it means the role will not be able to attach documents anywhere within the system, with any module.

Attaching Documents

8. Assign the Custom Role to a Member

Method 1: Via Members Details page

Once you’ve created the Custom Role, it’s time to assign it to a Member. To do so, either create a new Member from the ‘Members’ tab or open the existing one you wish to update.

From the Member Details Page, click on ‘Edit’. Then choose the Custom Role you just created from the Role dropdown menu as shown below:

Assign Role to a Member

All you have to do then is scroll down and hit ‘Submit’ to assign the new Role to the Member.

Method 2: Via Role Details page

You can also assign a Custom Role to a Member using another method. To do so, go to Members → Roles and open up the Custom Role you want to assign. Click the ‘Add or Remove Users’ button shown below:

Add or Remove Users

This opens up the following overlay. Here, you can choose which member you want to assign the role to from a list of available users. Once you’re done, simply hit the ‘Change Custom Role’ button to save your changes.

Change Custom Role

Note: You can assign several members to the same Custom Role.

9. Overview of restrictions within all modules

To get a better understanding of which modules have user and item restrictions and which don’t, here’s a simple overview:

Overview of all types of restrictions in various modules

10. What happens when you disable Custom Roles?

When you disable Custom Roles, the following dialog box appears:

Disabling Custom Roles

The concerned user must be assigned some role now that the custom role has been disabled. As the dialog box clarifies, each concerned user will be assigned a role according to the selected permissions.

Keep in mind that the Default Permissions you chose from the dropdown menu do not decide what role the system will assign to the user after you disable Custom Roles. Instead, the permission checkboxes do. If all the permission checkboxes selected are blue, the user will be assigned the role of a Staff User. However, if you select even a single pink box, the user will be assigned the role of an Administrator.

Let’s look at an example. Here, the Default Permission from the dropdown menu is set to Staff User but an Administrator action is selected from the permission checkboxes:

Role assigned to user when custom roles disabled

The custom role is authorized for one Administrator-level action. Therefore when the Custom Roles are disabled, the user will be assigned the role of an Administrator.

Have any questions?

For more assistance, drop us an email at support@ezofficeinventory.com. Visit our Knowledgebase and blog for updates and other tutorials.

Join the Conversation: Twitter | Facebook | LinkedIn

Don't forget to share this post!