Frontline Portal permissions and roles

Updated by Victor Jespersen

This document is a quick-start guide to understanding how roles and permissions are handled in Quinyx WFM and the

Frontline Portal toggleable features

In Quinyx, every user is required to have a Staff Category, which assigns them a basic system permissions. In the Frontline Frontline Portal.

Frontline Portal toggleable features

In Quinyx, every user is required to have a Staff Category, which assigns them a basic system permissions. In the Frontline Portal module the Staff Category can control access to modules (e.g. Stories, Forms). The Staff Category is also the role label associated with each user for distribution purposes (i.e. if you want to distribute a resource you can choose to distribute to a particular Staff Category).

If additional access is needed, a user can also be assigned one or more Manager Roles, configured under Role Management. The permissions within roles allow control the creation and sending of resources, access to reports, and widget management.

The list of Frontline Portal modules that can be toggled follows:

  • Events
  • Forms
  • Reports
  • Stories
  • Widgets

How permissions work in WFM

Quinyx WFM currently has a dual permission system. Each user can either be a member of a staff category, in which case they’ll only be assigned the special system role Employee or a Manager. The users will be assigned one or more roles, configured under Role management, in addition to the staff category one.

Each employee in the system has to have a single Staff Category assigned. Each staff category has its own permissions, which can be configured under Mobile and staff portal permissions. These permissions are the only ones a staff member can have and are superseded by the manager in case an employee has both.

Roles

Manager user: When we use the term manager, we refer to users responsible for administering the platform and distributing content to those below them in the organization hierarchy.

Manager users require a role in addition to the default Employee role.

Employee user: When we use the term Employee, we refer to users who receive content distributed by Manager users and do not create or distribute content themselves.

It is possible to grant an Employee access to create and distribute content if required.

Role permissions

This set of permissions enables or disables FLP functionality in both the web application and the mobile application for Manager users. Role permissions are relevant only to Manager users and are not applied to employees.

General rules

Given a user can be granted a combination of Role AND Staff Category permissions, there are some general rules to be aware of regarding how these permissions interact:

  • Quinyx will always query both Role AND Staff Category permissions to inform the rights a user has in the system
  • Conflicting permissions will always bias towards the positive. For example, if a user has ‘Stories’ enabled in Staff Category permissions but disabled in Role permissions, Stories will be enabled for the user
  • Role levels e.g. Level 1 vs Level 2 have no impact on FLP permissions - this is relevant only for Quinyx WFM customers. For example, if a user has ‘Stories’ Role permission disabled for a Level 1 role but enabled for a Level 2 role, Stories will be enabled for the user

Staff categories

Given an Employee will not be granted role permissions, this additional set of permissions govern the visibility of features in both the web application and the mobile application for Employees. Staff Categories also govern which FLP side menu options are visible to a user (both Manager and Employee) in the mobile application. As a result, Manager users may also need to be granted some Staff Category permissions, e.g. in order to grant a Manager user visibility of the ‘Stories’ side menu option in the mobile application.

Master Role Permissions

There are two master Role permissions which grant Manager users the following:

  • Frontline Portal (called task management in role permissions today)

OFF - turns Frontline Portal OFF for a user

READ - turns Frontline Portal ON for a user

WRITE - turns Frontline Portal ON and enables a user to CREATE resources

If set to WRITE, this permission will be applied to any module enabled e.g., Events, Forms, Stories. For example, if a user is granted WRITE Distribution and Stories Role permissions, they will be able to distribute Stories.

  • Distribution - controls whether a user can DISTRIBUTE resources. 

OFF - disables distribution of resources for a user

WRITE - enables a user to DISTRIBUTE resources

If set to WRITE, this permission will be applied to any module enabled e.g. Tasks, Forms, Stories. For example, if a user is granted WRITE Distribution and Tasks Role permissions, they will be able to distribute Tasks. 

Module Role Permissions

There are a further four Role permissions which grant Manager users the ability to VIEW the following modules:

  • Stories
  • Forms
  • Events
  • Reports 

Used in isolation, these Role permissions offer a user VIEW only access to each module. In other words, a user would need to be given master permissions to also create or distribute. For example, permission must be given to both the Frontline Portal and Stories to enable users to create Stories.

There is no Tasks module role permission, as tasks are visible by default for all users with access to the Frontline Portaö and cannot be turned off.

Permissions configuration

The following are the recommended permissions settings for Managers vs Employees for each module e.g. Events, Tasks, Forms etc.

Events

Manager:

Level of Access

Role permission

Staff Category permission

Off

Events (view)

Events (view)

View only

Events (view)

Events (view)

Frontline Portal (enables FLP)

Frontline Portal (enables FLP)

Create and distribute

Events (view)

Events (view)

Distribution (distribute)

Frontline Portal (create and enables FLP)

Frontline Portal (enables FLP)

Please note - ‘Events’ must be set to ‘read’ in Staff Category AND/OR Role permissions - only one is required, both also fine.

Employee:

Level of Access

Role permission

Staff Category permission

Off

Events (view)

Events (view)

View only

N/A

N/A

Events (view)

N/A

N/A

Frontline Portal (enables FLP)

Please note - for Employee users, ‘Events’ Staff Category is only permission required to make Events visible.

Tasks

Manager

Level of Access

Role

Staff Category

Off

Not possible

-

Not possible

-

View only

NB - user also able to complete a task and forward

Frontline Portal (enables FLP)

Frontline Portal (enables FLP)

Create only

Frontline Portal (create and enables FLP)

Frontline Portal (enables FLP)

Distribution (distribute)

Create and distribute

Frontline Portal (create and enables FLP)

Frontline Portal (enables FLP)

Distribution (distribute)

Employee

Level of Access

Role

Staff Category

Off

Not possible

-

Not possible

-

View only

NB - user also able to complete a task and forward

Frontline Portal (enables FLP)

Frontline Portal (enables FLP)

Stories

Manager

Level of Access

Role

Staff Category

Off

Stories (view)

Stories (view)

View only

Stories (view)

Stories (view)

Frontline Portal (enables FLP)

Frontline Portal (enables FLP)

Create

Stories (view)

Stories (view)

Frontline Portal (create and enables FLP)

Frontline Portal (enables FLP)

Create and distribute

Stories (view)

Stories (view)

Frontline Portal

(create and enable FLP)

Frontline Portal (enables FLP)

Distribution (distribute)

Please note - stories must be set to ‘read’ in Staff Category AND/OR Role permissions - only one is required, both also fine.

Employee

Level of Access

Role

Staff Category

Off

Stories (view)

Stories (view)

View only

N/A

N/A

Stories (view)

N/A

N/A

Frontline Portal (enables FLP)

Please note - for Employee users, ‘Stories’ Staff Category is only permission required to make Stories visible.

Forms

Manager

Level of Access

Role

Staff Category

Off

Forms (view)

Forms (view)

View only

NB - user also able to complete a form

Forms (view)

Forms (view)

Frontline Portal (enables FLP)

Frontline Portal (enables FLP)

Create and distribute

Forms (view)

Forms (view)

Frontline Portal (create and enables FLP)

Frontline Portal (enables FLP)

Distribution (distribute)

Please note - forms must be set to ‘read’ in Staff Category AND/OR Role permissions - only one is required, both also fine.

Employee

Level of Access

Role

Staff Category

Off

Forms (view)

Forms (view)

View only

NB - user also able to complete a form

N/A

N/A

Forms (view)

N/A

N/A

Frontline Portal (enables FLP)

Please note - for Employee users, ‘Forms’ Staff Category is only permission required to make Forms visible.

Reports

Manager

Level of Access

Role

Staff Category

Off

Reports (view)

N/A

N/A

On

Reports (view)

N/A

N/A

Frontline Portal

(enables FLP)

N/A

N/A


How Did We Do?