Configuring user roles
User access is controlled by user roles (for groups with similar responsibilities) and user accounts (for individual users). Roles are configured at two levels:
- System—for general access to the application
- Container—for specific access to data containers, their records (items), fields, and workflow processes
Several system user roles are provided, and you can create others as needed to support your business processes. In addition, a basic set of user roles is generated for each container when it is created. All user roles can be configured to provide customized access. For more information about built-in roles, see Built-in user roles.
There are three types of roles supported in FootPrints:
In FootPrints, there are built-in Agent and Customer roles which are different from the above role types. You can create an unlimited number of Agent and Customer type roles. The system role of Agent type must be used fro the users that require an Agent type access to at least one container. This role can also be assigned to the users who require to access or edit records to which they are not linked as a contact. A user configured to use this type of role requires a license.
System Roles of type customer must be used for those users who are customers for each container that they can access. At a container level, the customers can access records that are within the container to which they have access. The Guest role at the system level and Portal Guest role at the Container level are used for those users who can access the system without authenticating. There can only be one role of this type for the system added for each container.
When creating roles for your users, you can select Agent or Customer system role types, configure the default permissions as needed, assign the roles to containers (such as address books and workspaces), and further configure permissions in those containers. For more information about the available user permissions, see User permissions.
You can copy user roles and modify the copies to provide the appropriate permissions for each type of user in your environment. In fact, copying the provided roles is the easiest way to create a group of user roles with similar permissions. You only need to copy one of the built-in roles to create a new role that already has the basic permissions needed for that type of user.
Assign permissions carefully
Use caution when customizing permissions. You may accidentally allow actions that a particular user role should not be allowed to perform.
For example, if an Agent user role is allowed to access the Users administration page, that user role can add, edit, and delete user accounts without restriction.
Also, when you create a new container manually or by using a business process template, by default, all the user roles in the container are assigned access to the out-of-the-box items.