Frontline Portal permissions and roles

Updated by Leigh Hutchens

This document is a quick-start guide to understanding how roles and permissions are handled in Quinyx WFM and the Frontline portal.

Frontline Portal toggleable features

In Quinyx, every user is required to have a Staff Category, which assigns them a basic system permissions. In the Frontline Frontline Portal.

Frontline Portal toggleable features

In Quinyx, every user is required to have a Staff Category, which assigns them a basic system permissions. In the Frontline Portal module the Staff Category can control access to modules (e.g. Stories, Forms). The Staff Category is also the role label associated with each user for distribution purposes (i.e. if you want to distribute a resource you can choose to distribute to a particular Staff Category).

If additional access is needed, a user can also be assigned one or more Manager Roles, configured under Role Management. The permissions within roles allow control the creation and sending of resources, access to reports, and widget management.

The list of Frontline Portal modules that can be toggled follows:

  • Events.
  • Forms.
  • Reports.
  • Stories.
  • Widgets.

How permissions work in WFM

Quinyx WFM currently has a dual permission system. Each user can either be a member of a staff category, in which case they’ll only be assigned the special system role Employee or a Manager. The users will be assigned one or more roles, configured under Role management, in addition to the staff category one.

Each employee in the system has to have a single Staff Category assigned. Each staff category has its own permissions, which can be configured under Mobile and staff portal permissions. These permissions are the only ones a staff member can have and are superseded by the manager in case an employee has both.

Roles

Manager user: When we use the term manager, we refer to users responsible for administering the platform and distributing content to those below them in the organization hierarchy.

Manager users require a role in addition to the default Employee role.

Employee user: When we use the term Employee, we refer to users who receive content distributed by Manager users and do not create or distribute content themselves.

It is possible to grant an Employee access to create and distribute content if required.

Role permissions

This set of permissions enables or disables FLP functionality in both the web application and the mobile application for Manager users. Role permissions are relevant only to Manager users and are not applied to employees.

Click here to read more about Role management.

General rules

Given a user can be granted a combination of Role AND Staff Category permissions, there are some general rules to be aware of regarding how these permissions interact:

  • Quinyx will always query both Role AND Staff Category permissions to inform the rights a user has in the system
  • Conflicting permissions will always bias towards the positive. For example, if a user has ‘Stories’ enabled in Staff Category permissions but disabled in Role permissions, Stories will be enabled for the user
  • Role levels e.g. Level 1 vs Level 2 have no impact on FLP permissions - this is relevant only for Quinyx WFM customers. For example, if a user has ‘Stories’ Role permission disabled for a Level 1 role but enabled for a Level 2 role, Stories will be enabled for the user

Staff categories

Given an Employee will not be granted role permissions, this additional set of permissions govern the visibility of features in both the web application and the mobile application for Employees. Staff Categories also govern which FLP side menu options are visible to a user (both Manager and Employee) in the mobile application. As a result, Manager users may also need to be granted some Staff Category permissions, e.g. in order to grant a Manager user visibility of the ‘Stories’ side menu option in the mobile application.

Click here to read more about Staff categories.

Difference between role and staff category permissions

There are some permissions that the staff categories can't give. The permissions in question are:

  • Widget management.
  • Create and/ or distribute content.
  • Reporting.
  • Comment moderation.

Master Role Permissions

There are two master Role permissions which grant Manager users the following:

  • Frontline Portal (called task management in role permissions today)

OFF - turns Frontline Portal OFF for a user

READ - turns Frontline Portal ON for a user

WRITE - turns Frontline Portal ON and enables a user to CREATE resources

If a user has WRITE permissions for task management, they can create tasks and stories. However, to distribute these, the distribution permission must also be set to WRITE.

When WRITE permissions are granted for distribution, it applies to any enabled module, such as Events, Forms, or Stories. For example, a user with WRITE permissions for both distribution and Stories can create and distribute stories.

To create and distribute forms, a user requires WRITE permissions for task management and distribution, as well as READ permissions for Forms.

For an approver with “full rights user=distribution” access to approve a submission, they must be in the same collaboration group as the submitter, not at a higher level.
  • Distribution - controls whether a user can DISTRIBUTE resources. 

OFF - disables distribution of resources for a user

WRITE - enables a user to DISTRIBUTE resources

If set to WRITE, this permission will be applied to any module enabled e.g. Tasks, Forms, Stories. For example, if a user is granted WRITE Distribution and Tasks Role permissions, they will be able to distribute Tasks. 

Module Role Permissions

There are a further four Role permissions which grant Manager users the ability to VIEW the following modules:

  • Stories.
  • Forms.
  • Events.
  • Reports.

Used in isolation, these Role permissions offer a user VIEW only access to each module. In other words, a user would need to be given master permissions to also create or distribute. For example, permission must be given to both the Frontline Portal and Stories to enable users to create Stories.

There is no Tasks module role permission, as tasks are visible by default for all users with access to the Frontline Portal and cannot be turned off.

Permissions configuration

The following are the recommended permissions settings for Managers vs Employees for each module e.g. Events, Tasks, Forms etc.

Events

Manager:

Level of Access

Role permission

Staff Category permission

Off

Events (view)

Events (view)

View only

Events (view)

Events (view)

Frontline Portal (enables FLP)

Frontline Portal (enables FLP)

Create and distribute

Events (view)

Events (view)

Distribution (distribute)

Frontline Portal (create and enables FLP)

Frontline Portal (enables FLP)

Please note - ‘Events’ must be set to ‘read’ in Staff Category AND/OR Role permissions - only one is required, both also fine.

Employee:

Level of Access

Role permission

Staff Category permission

Off

Events (view)

Events (view)

View only

N/A

N/A

Events (view)

N/A

N/A

Frontline Portal (enables FLP)

Please note - for Employee users, ‘Events’ Staff Category is only permission required to make Events visible.

Tasks

Manager

Level of Access

Role

Staff Category

Off

Not possible

-

Not possible

-

View only

NB - user also able to complete a task and forward

Frontline Portal (enables FLP)

Frontline Portal (enables FLP)

Create only

Frontline Portal (create and enables FLP)

Frontline Portal (enables FLP)

Distribution (distribute)

Create and distribute

Frontline Portal (create and enables FLP)

Frontline Portal (enables FLP)

Distribution (distribute)

Employee

Level of Access

Role

Staff Category

Off

Not possible

-

Not possible

-

View only

NB - user also able to complete a task and forward

Frontline Portal (enables FLP)

Frontline Portal (enables FLP)

Stories

Manager

Level of Access

Role

Staff Category

Off

Stories (view)

Stories (view)

View only

Stories (view)

Stories (view)

Frontline Portal (enables FLP)

Frontline Portal (enables FLP)

Create

Stories (view)

Stories (view)

Frontline Portal (create and enables FLP)

Frontline Portal (enables FLP)

Create and distribute

Stories (view)

Stories (view)

Frontline Portal

(create and enable FLP)

Frontline Portal (enables FLP)

Distribution (distribute)

Please note - stories must be set to ‘read’ in Staff Category AND/OR Role permissions - only one is required, both also fine.

Employee

Level of Access

Role

Staff Category

Off

Stories (view)

Stories (view)

View only

N/A

N/A

Stories (view)

N/A

N/A

Frontline Portal (enables FLP)

Please note - for Employee users, ‘Stories’ Staff Category is only permission required to make Stories visible.

Forms

Manager

Level of Access

Role

Staff Category

Off

Forms (view)

Forms (view)

View only

NB - user also able to complete a form

Forms (view)

Forms (view)

Frontline Portal (enables FLP)

Frontline Portal (enables FLP)

Create and distribute

Forms (view)

Forms (view)

Frontline Portal (create and enables FLP)

Frontline Portal (enables FLP)

Distribution (distribute)

Please note - forms must be set to ‘read’ in Staff Category AND/OR Role permissions - only one is required, both also fine.

Employee

Level of Access

Role

Staff Category

Off

Forms (view)

Forms (view)

View only

NB - user also able to complete a form

N/A

N/A

Forms (view)

N/A

N/A

Frontline Portal (enables FLP)

Please note - for Employee users, ‘Forms’ Staff Category is only permission required to make Forms visible.

Reports

Manager

Level of Access

Role

Staff Category

Off

Reports (view)

N/A

N/A

On

Reports (view)

N/A

N/A

Frontline Portal

(enables FLP)

N/A

N/A


How Did We Do?