If you want more information about how roles work, click here.
- Click Manage.
- Under User Admin, click Roles.
Remember that roles are created at a specific level in the organisation hierarchy. If you create the role higher up in the hierarchy it will typically be for more administrative users. Where you put this role, is where it can be used in the system.
Duplicate a role
- Click on the downward facing arrow next to the specific role and select duplicate.
Users can duplicate roles used in their own security group if they have "Roles - Access and Update" permission and can only make the role available in organisation groups on the same level or lower.
Create a new role
- Click the Add roles button.
- Complete all the required fields.
Role Name - enter a descriptive name for the role, which is akin to the roles purpose, e.g. Tasks access and create.
Profile - in the dropdown select the profile type which matches the role.
Organisation Group - Select the organisation groups where this role must be made available by clicking on the name of the organisation. (Use the + if you need to expand the list.) Any users with the relevant permissions within ALL the selected groups will be able to edit this role. Users with relevant permissions within any of the groups will be able to make use of this role when creating users.
The role cannot be assigned to the users' own security group.
- A new role is created and allocated to the organisation groups selected.
- The role can be shared with many groups. When you share a role to another dealer or to a group in the organizational hierarchy where you may not have editing rights, you may not be able to edit the role in future.
- The list of organisations available for selection is dependent on the user who is creating the role and his/her permissions.
- The role will be visible to anyone who has "view role" access to the group(s) that the role is allocated to.
- Any user that has access to the organisation group can make use of this role when they are creating users.
Description - enter a description for the role.
- Click Next.
- The permissions page will now be displayed.
- Start by enabling the features that must be made available for the role by clicking the enable checkbox. Note that the sections are grouped into the features and functionality as they are displayed in MiX Fleet Manager as menu times, e.g. The Activity Timeline section groups together the functionality as found under the Activity Timeline menu under Monitor.
Also note that you get functional permissions and permissions to data. A functional permission could, for example give users the ability to import contacts and when you give access to the contacts permission you give permission to data, in other words to access, update or delete the contacts data. Read more about the data permission below.
Please note that you need to give a role access login permissions to either the web or mobile applications in the General feature. Giving a role permissions to any of the features below will not mean that the users can then automatically also login to the web or various mobile apps.
- Once you have enabled the feature, you can assign access, create, update or delete permissions. To enable the create, update and delete permissions you must first select an access permission for a specific function.
- You can also disable the entire feature again by clicking the box at the top:
- Click Save.
Quick select/deselect Option
The quick select/deselect option is available for selecting multiple permissions at once. This function should be used with care.
- Click on the relevant boxes to enable the specific features/sections, e.g. General, Config Admin, Hours of Service, etc.
- Now scroll to the quick select/deselect buttons at the top and click in the individual boxes to enable the specific rights across all the sections.
- Click Save.
See below for a demonstration:
Data permissions
As explained above, a data permission gives access to data, e.g. to the assets data or to the driver data, where a functional permission gives permissions to a function, e.g. to export assets or to update the assets' license information.
If the administrator set up the organisation with a role that is only allowed to perform basic tracking (a functional permission) and assigned this role to a group of users who do not have permissions to access the assets data they will not be able to view any assets details in Live tracking and therefore not be able to perform their job, which is to monitor vehicles within Live tracking.
Therefore, in order for the user to successfully track their assets in Live tracking, the assets data permission will automatically be assigned in the background, which means the user will be able to view assets in the Live tracking feature, but will not still be able to view the assets module as they do not have the functional permission to assets.
By virtue of the fact that you have permission to see Live tracking, you also have the ability to plot the events on the trial. You need a data permission to see the events, but you won't be able to access the events in the Config groups module if you haven't been given access to functionality.
Thus, this data permissions is automatically assigned in certain modules, e.g. if a user has not been granted access to the contacts module but need to set up subscriptions to reports in the Insights module. They now need a data permission in Insights to access the contacts data. They will not automatically gain access to the Contacts module however.