Skip to main content

Manage Roles and Permissions

Roles and Permissions in OPS-COM provide granular control over what administrative users can access and do within the system. This feature allows administrators to define specific responsibilities, enhance security, and ensure that each user has appropriate access levels, streamlining operations and maintaining data integrity.

Using this Feature

  1. Click, System Configuration, Admin Management and click Manage Roles.
Creating and Managing Roles

Roles are central to the permissions system, acting as templates for sets of permissions.

  1. The Manage Administrator Roles screen will display. The Primary Administrator role is pre-defined and allows you to create new roles and assign them to other admin users.
  2. To create a new role, click the Add New Role button.
  3. Enter a descriptive Role name and a description for that role.
    • The description will appear as a rollover tooltip when you mouse over the Edit Role button for that role.
  4. Click Save Role to save your new role.FVUimage.png
Editing Existing Roles

You can modify the name and description of any role (except the Primary Administrator role).

  1. On the Manage Administrator Roles screen, click the Edit Role button next to the role you wish to update.
  2. Make your desired changes to the Role Name and/or Description.
  3. Click Save Role to save your edits.
Assigning Permissions to a Role

Once a role is created, you'll define what actions users assigned to that role can perform by setting its permissions. Refer to this article for more detailed Permissions information.

  1. On the Manage Administrator Roles screen, click the Permissions button next to the role you want to configure. The Editing Permissions screen will display.
  2. The top bar displays various icons, mirroring the OPS-COM menu structure. The number next to each icon indicates how many permissions within that category have been selected for the current role.
  3. Click an icon (e.g., a "Permit" icon, a "Violations" icon) to display the specific permissions available within that category.
  4. To grant a permission, enable the checkbox next to that permission's name.
  5. Once you have navigated through each icon and selected all the necessary permissions for the role, click Save Permissions. The role, with its defined permissions, is now created and ready for assignment.
Assigning Roles to Admin Users

After roles are defined, you can assign them to your administrative users.

  1. Click, System Configuration, Admin Management and click Edit Admin Users. The Manage Administrator Users screen will display.
  2. From the dropdown list, select an existing user you wish to modify, or choose to create a new user.
  3. Click Retrieve to display the user's options below.
  4. On the left side of the screen, add or confirm the User Information (e.g., name, email).
  5. On the right side, select the role(s) you wish to apply to that user from the available options.
  6. You can also add a Comment for any relevant notes about the user's role or status.
  7. Click Update User when you have finished making your changes.

Best Practices & Considerations

  • Principle of Least Privilege: Always adhere to the principle of least privilege. Grant users only the permissions absolutely necessary for them to perform their job functions. This minimizes security risks and potential for accidental errors.
  • Role-Based Access Control: Utilize roles to manage permissions efficiently. Instead of assigning individual permissions to each user, create roles (e.g., "Enforcement Officer," "Permit Manager," "Finance Admin") and assign users to those roles. This simplifies onboarding, offboarding, and auditing.
  • Clear Role Descriptions: Use the role description field to clearly state the purpose of the role and the types of permissions it encompasses. This helps administrators understand what each role is intended for.
  • Regular Review: Periodically review your defined roles and user assignments to ensure they remain appropriate as job responsibilities change or staff join/leave your organization.
  • Test New Roles: Before deploying a new role to active users, test it with a test administrator account to confirm that the assigned permissions function as expected and do not inadvertently grant too much or too little access.
Back to top