AIO - Frontline Portal permissions and roles
Updated
by
Victor Jespersen
This document is a quick-start guide to understanding how roles and permissions are handled in Quinyx WFM and the Frontline Portal.
Frontline Portal toggleable features
In Quinyx, every user is required to have a Staff Category, which assigns them a basic system permissions. In the Frontline Portal module the Staff Category can control access to modules (e.g. Stories, Forms). The Staff Category is also the role label associated with each user for distribution purposes (i.e. if you want to distribute a resource you can choose to distribute to a particular Staff Category).
If additional access is needed, a user can also be assigned one or more Manager Roles, configured under Role Management. The permissions within roles allow control the creation and sending of resources, access to reports, and widget management.
The list of Frontline Portal modules that can be toggled follows:
- Events
- Forms
- Reports
- Stories
- Widgets
How permissions work in WFM
Quinyx WFM currently has a dual permission system. Each user can either be a member of a staff category, in which case they’ll only be assigned the special system role Employee or a Manager. The users will be assigned one or more roles, configured under Role management, in addition to the staff category one.
Each employee in the system has to have a single Staff Category assigned. Each staff category has its own permissions, which can be configured under Mobile and staff portal permissions. These permissions are the only ones a staff member can have and are superseded by the manager in case an employee has both.
Roles
Manager user: When we use the term manager, we refer to users responsible for administering the platform and distributing content to those below them in the organization hierarchy.
Employee user: When we use the term Employee, we refer to users who receive content distributed by Manager users and do not create or distribute content themselves.
Role permissions
This set of permissions enables or disables FLP functionality in both the web application and the mobile application for Manager users. Role permissions are relevant only to Manager users and are not applied to employees.
General rules
Given a user can be granted a combination of Role AND Staff Category permissions, there are some general rules to be aware of regarding how these permissions interact:
- Quinyx will always query both Role AND Staff Category permissions to inform the rights a user has in the system
- Conflicting permissions will always bias towards the positive. For example, if a user has ‘Stories’ enabled in Staff Category permissions but disabled in Role permissions, Stories will be enabled for the user
- Role levels e.g. Level 1 vs Level 2 have no impact on FLP permissions - this is relevant only for Quinyx WFM customers. For example, if a user has ‘Stories’ Role permission disabled for a Level 1 role but enabled for a Level 2 role, Stories will be enabled for the user
Staff categories
Given an Employee will not be granted role permissions, this additional set of permissions govern the visibility of features in both the web application and the mobile application for Employees. Staff Categories also govern which FLP side menu options are visible to a user (both Manager and Employee) in the mobile application. As a result, Manager users may also need to be granted some Staff Category permissions, e.g. in order to grant a Manager user visibility of the ‘Stories’ side menu option in the mobile application.
Master Role Permissions
There are two master Role permissions which grant Manager users the following:
- Frontline Portal (called task management in role permissions today)
OFF - turns Frontline Portal OFF for a user |  |
READ - turns Frontline Portal ON for a user |  |
WRITE - turns Frontline Portal ON and enables a user to CREATE resources |  |
If set to WRITE, this permission will be applied to any module enabled e.g., Events, Forms, Stories. For example, if a user is granted WRITE Distribution and Stories Role permissions, they will be able to distribute Stories.
- Distribution - controls whether a user can DISTRIBUTE resources.
OFF - disables distribution of resources for a user | |
WRITE - enables a user to DISTRIBUTE resources | |
If set to WRITE, this permission will be applied to any module enabled e.g. Tasks, Forms, Stories. For example, if a user is granted WRITE Distribution and Tasks Role permissions, they will be able to distribute Tasks.
Module Role Permissions
There are a further four Role permissions which grant Manager users the ability to VIEW the following modules:
- Stories
- Forms
- Events
- Reports
Used in isolation, these Role permissions offer a user VIEW only access to each module. In other words, a user would need to be given master permissions to also create or distribute. For example, permission must be given to both the Frontline Portal and Stories to enable users to create Stories.
Permissions configuration
The following are the recommended permissions settings for Managers vs Employees for each module e.g. Events, Tasks, Forms etc.
Events
Manager:
Level of Access | Role permission | Staff Category permission | ||
Off | Events (view) | | Events (view) | |
View only | Events (view) | | Events (view) | |
Frontline Portal (enables FLP) | | Frontline Portal (enables FLP) | | |
Create and distribute | Events (view) | | Events (view) | |
Distribution (distribute) | | |||
Frontline Portal (create and enables FLP) | | Frontline Portal (enables FLP) | |
Please note - ‘Events’ must be set to ‘read’ in Staff Category AND/OR Role permissions - only one is required, both also fine.
Employee:
Level of Access | Role permission | Staff Category permission | ||
Off | Events (view) | | Events (view) | |
View only | N/A | N/A | Events (view) | |
N/A | N/A | Frontline Portal (enables FLP) | |
Please note - for Employee users, ‘Events’ Staff Category is only permission required to make Events visible.
Tasks
Manager
Level of Access | Role | Staff Category | ||
Off | Not possible | - | Not possible | - |
View only NB - user also able to complete a task and forward | Frontline Portal (enables FLP) | | Frontline Portal (enables FLP) | |
Create only | Frontline Portal (create and enables FLP) | | Frontline Portal (enables FLP) | |
Distribution (distribute) | | |||
Create and distribute | Frontline Portal (create and enables FLP) | | Frontline Portal (enables FLP) | |
Distribution (distribute) | |
Employee
Level of Access | Role | Staff Category | ||
Off | Not possible | - | Not possible | - |
View only NB - user also able to complete a task and forward | Frontline Portal (enables FLP) | | Frontline Portal (enables FLP) | |
Stories
Manager
Level of Access | Role | Staff Category | ||
Off | Stories (view) | | Stories (view) | |
View only | Stories (view) | | Stories (view) | |
Frontline Portal (enables FLP) | | Frontline Portal (enables FLP) | | |
Create | Stories (view) | | Stories (view) | |
Frontline Portal (create and enables FLP) | | Frontline Portal (enables FLP) | | |
Create and distribute | Stories (view) | | Stories (view) | |
Frontline Portal (create and enable FLP) | | Frontline Portal (enables FLP) | | |
Distribution (distribute) | |
Please note - stories must be set to ‘read’ in Staff Category AND/OR Role permissions - only one is required, both also fine.
Employee
Level of Access | Role | Staff Category | ||
Off | Stories (view) | | Stories (view) | |
View only | N/A | N/A | Stories (view) | |
N/A | N/A | Frontline Portal (enables FLP) | |
Please note - for Employee users, ‘Stories’ Staff Category is only permission required to make Stories visible.
Forms
Manager
Level of Access | Role | Staff Category | ||
Off | Forms (view) | | Forms (view) | |
View only NB - user also able to complete a form | Forms (view) | | Forms (view) | |
Frontline Portal (enables FLP) | | Frontline Portal (enables FLP) | | |
Create and distribute | Forms (view) | | Forms (view) | |
Frontline Portal (create and enables FLP) | | Frontline Portal (enables FLP) | | |
Distribution (distribute) | |
Please note - forms must be set to ‘read’ in Staff Category AND/OR Role permissions - only one is required, both also fine.
Employee
Level of Access | Role | Staff Category | ||
Off | Forms (view) | | Forms (view) | |
View only NB - user also able to complete a form | N/A | N/A | Forms (view) | |
N/A | N/A | Frontline Portal (enables FLP) | |
Please note - for Employee users, ‘Forms’ Staff Category is only permission required to make Forms visible.
Reports
Manager
Level of Access | Role | Staff Category | ||
Off | Reports (view) | | N/A | N/A |
On | Reports (view) | | N/A | N/A |
Frontline Portal (enables FLP) | | N/A | N/A |
