Creating and editing custom permission levels

Operandio includes the ability to allow administrators to create and edit custom permission levels for their organization.

We understand that businesses might want to use different names for their permission levels or that they might need to add additional permission levels to their account. These custom permission levels can be fine-tuned to allow or deny users access to certain parts of the system.

Managing permission levels should be done only at a senior level within your business, and changes to existing roles should be minimized whenever possible. Frequent changes to permissions might prevent your staff from performing their tasks effectively.

Overview

Access in Operandio works on the basis of Permissions and Permission Levels (or Roles) to determine which users can see which parts of the system.

Permissions are individual rules that toggle access to functionality or areas of Operandio such as being able to view, create, update and delete an item. Some examples of permissions are:

  • action_create allows a user to create an Action
  • knowledge_read allows a user to view the Knowledge Base
  • location_delete allows a user to delete a Location in the organization

There are a large number of permissions available to customise.

Permission Levels (Roles) are essentially a group of permissions and are usually how you would refer to staff in your business. Examples of permission levels are Regional Manager or Employee.

Operandio includes 4 built-in permission levels as standard, which are:

  • Full Administrator
  • Regional Manager
  • Location Manager
  • Employee

You cannot modify or delete the built-in Operandio permission levels.

Creating a custom permission level

To access the Permission levels area:

  1. When logged in to Operandio, click your profile image in the top right corner of the main navigation
  2. Select Settings in the dropdown menu
  3. In the left hand navigation menu in the Settings screen, select Permission levels

If you can't see this section in the left hand navigation, it's likely you don't have access to this area.

Within this section, there are two tabs, Custom and Built-in. The Built-in tab lists the standard Operandio permission levels mentioned earlier which you can view for reference, but for now we'll look at the Custom tab.

In the example below, we have two custom roles in our business already, Team Leader and Worker. We can add another custom permission level for our Supervisors.

On the Custom tab, click the Add custom permission level button which will display a form with the following:

  • Name: The name of the new permission level. This will be used elsewhere in Operandio such as in the People section.
  • Description: A description for the permission level
  • Can create role(s): Select the roles that you want this custom permission level to be able to create. Please see the section on creating and managing other roles for more information. Note that the user_create permission is also required for user creation.
  • Can mention role(s): Select the roles that you want this custom permission level to be able to access when creating and assigning things in Operandio. For example, if a user with a custom permission level is assigning an action to someone, the roles selected here will determine who it can be assigned to.

Permissions

In the Permissions section of the form, there are the following options:

  • Inherit permissions from other role(s): Select any roles that you want to inherit a base set of permissions from. See the section on inheriting permissions for more information.
  • Permissions list: This list displays all the permission flags that are available to modify. You can toggle these on or off as required. If you've inherited some permissions, they'll be fixed to "on".

As an example, a new role for a Supervisor could look like this:

Once you've set all the permissions you want, select Save permission level. Your new role should now be visible in the list on the Custom tab.

Inheriting permissions from other roles

When creating a custom role, you can use another role as a "base" to add a number of permissions.

For instance, if you want to create a custom role that has all the Employee level permissions but with some extra functionality on top, you can select to inherit from the Employee role.

You can inherit from multiple roles when creating custom roles. Permissions inherited from these roles will be shown in the permissions list with an "Inherited" badge next to them.

In the example below, we've inherited the ability to see the Assets area and view them, and we've also added a new permission that allows us to create new assets too.

Creating and managing other roles

When you create a custom role, you can set which roles they are allowed to assign to other users. In general, this would usually be all roles equivalent to, and beneath it, in terms of your staff hierarchy. You might also not want Employees to be able to create other Employees.

This can be best shown in the image below:

Be careful what you select here! Granting permission to create any available roles can give full access to Operandio, which might not be what you intend.

Assigning permission levels

You can assign your custom permission levels to users in the People area of Operandio. You can either assign a role when adding new users or you can edit existing users to change their permission level.

Still need help? Contact Us Contact Us