AIO - Frontline Portal permissions and roles

Updated by Victor Jespersen

This document is meant as a quick start guide to understand how roles and permissions are handled in both WFM and the Frontline Portal.

Frontline Portal roles

The Frontline Portal currently supports several roles, each with specific permissions. The roles are currently not configurable in the Frontline Portal, but users can be assigned more than one role.

The complete list of roles follows:

  • Admin: Users with this role can configure a tenant (create categories, configure SSO, groups, users, etc.). Only Quinyx superusers will be assigned this role once you start using both the WFM and Frontline Portal.
  • Content Manager: Users with this role are the only ones allowed to create and configure Widgets. It’s typically granted to a handful of HQ users as widgets are global objects, visible to every user in the tenant.
  • Gatekeeper: A gatekeeper is a user who can create and distribute content.
  • Staff Manager: Users with this role can create or update users at their level and below. If you use both the WFM and Frontline Portal, this will be managed in the WFM manager portal. So, users with this role will have access to the WFM manager portal, where you can create/ update users.
  • Submitter: A Submitter is a user who can create content but not distribute it. It’s typical for a customer to have some users who can author tasks and other comms (submitters), which will require the approval of other users (gatekeepers) for distribution.
  • Viewer: A viewer is a user who can only view content that has been distributed to them.
In the Frontline Portal, no roles currently restrict read/write/distribute beyond viewer/submitter/gatekeeper. For instance, it’s not possible to have a user who can create new tasks but not stories.

Frontline Portal toggleable features

In the Frontline Portal, several features can be toggled on or off on a per-customer basis. This is somewhat similar to Quinyx modules. The modules will now be toggled on or off based on the permissions each roles have within the WFM, therefore making the modules toggled on or off on a per-role basis instead of a per-customer basis. This allows users to have more control over who can use what functionalities within the Frontline Portal.

The list of Frontline Portal modules that can be toggled follows:

  • Events
  • Forms
  • Reports
  • Stories
Files and tasks are supposed to be toggleable, but they are not currently in the Frontline Portal. The relative permission removes the files or tasks option but only in the mobile app.

How permissions work in WFM

Quinyx WFM currently has a dual permission system. Each user can either be a member of a staff category, in which case they’ll only be assigned the special system role Employee or a Manager. The users will be assigned one or more roles, configured under Role management, in addition to the staff category one.

Each employee in the system has to have a single Staff Category assigned, and each staff category has its own permissions which can be configured under Mobile and staff portal permissions. These permissions are the only ones a staff member can have and are superseded by the manager in case an employee has both.

Staff categories

Quinyx staff categories are mapped in the Frontline Portal onto Role Types, also known as Job Descriptions. The Quinyx staff categories are used as a label for users that are used by the Frontline Portal distribution to target specific categories of users (e.g. send a task to all Store Manager employees).

Groups associations

In Quinyx WFM, a user must have a home unit on which they’ll have the Employee role by default. Additionally, a user can be given multiple roles that each apply to a group in the organization hierarchy (e.g. an employee can have a role in District 1 and another one in Unit 1 and Unit 2). Each of these groups can be associated with a single Collaboration Group, which will be the group the user will belong to in the Frontline Portal.

In the Frontline Portal, users can only belong to one group in the hierarchy, which means that we have to default to a single collaboration group. To do that, the Frontline Portal will consider the employee home unit as their default organization group and use the associated Collaboration group as their Frontline Portal group.

The only exception to this rule is when an employee is directly associated with a Collaboration group, in which case that group is considered regardless of what their home unit is associated with.

Permissions matrix

  • No permission
  • Read permission
  • Write permission

Multiple icons in the same cell mean either permission can be set to enable the role/feature on the corresponding column. All permissions indicated in a column are required to enable the role/feature.

A "-" indicates that the permission is irrelevant for that column and that any value will do. 

WFM role permissions to Frontline Portal Role Matrix

Admin

Content Manager

Gatekeeper

Staff Manager

Submitter

Viewer

All

All

-

-

-

-

-

People

-

-

-

-

-

Task Management

-

Distribution

-

-

-

Widgets

-

-

-

-

-

You can click here to read more about the WFM role management functionality.
You can click here to read more about the access rights in WFM.


How Did We Do?