About Permissions, Roles, and Role Templates

Access control in CStoreOffice® is role-based. It means that users are given access to application resources based on their job functions or roles, and management of individual user rights becomes a matter of simply assigning an appropriate role to the user's account. This approach simplifies common operations, such as adding a user, and provides easier review process.

Permissions

Permissions determine what information users can access and what tasks they can perform within CStoreOffice®.

For more information on how to work with the roles permissions, see Roles Management Permissions.

Each permission grants or denies access to an object. Depending on the object, there are three permission types, which can help you to control users' access at a broad or granular level.

Permission Type	Description
Access to modules	Modules in CStoreOffice® are large parts of the application—complex, with extensive functionality and capabilities. Example: Price Book or Reports. When you grant access to a module, you grant access to all its related components, unless you specifically deny access to some of them.
Access to components	Components are smaller pieces of functionality designed to present information. Example: Promotion Setup Form or Shift Report. Usually they appear within a module they are related to, but in some cases a component may be displayed outside the related module.
Access to tasks	Example: “Allow users to see inventory reports and forms” or “Allow users to change retail price”.

You delegate permissions to a user by assigning the user an appropriate role. When a new role is created based on the existing role template, all temlpate's permissions are granted to this new role automatically.

If you want to change a specific permission for a user, you can create a new custom role that would incorporate the desired permission and assign this role to the user.

For our customers who have not switched to role-based permission management yet, we retain the ability to assign permissions directly to users in the employee properties. For more information, see Employees. Note, however, that it is a legacy feature, and we recommend avoiding it when you manage permissions for a new user and using roles instead. Role-based model provides better control over permissions within your account.

Roles

A role is a set of permissions required to perform a specific job. Every employee is assigned a role, and all the permissions for the role are automatically applied to him.

You can create roles for your account, modify, or remove them in order to align them more closely to the actual roles users hold within your company.

Every role is created based on one of the built-in role templates. You can override the default permissions and customize the role to fit your business needs. Overridden permissions can be restored to the default state at any moment. When you customize a role, all the users with this role are affected.

You cannot create a new role based on the existing role. Only the role template can be used as a template.

To learn how to create roles, define permissions for them, and assign roles to users, see Managing Roles.

Role Templates

Role templates are a set of fifteen predefined roles that reflect typical user roles in Petrosoft products. They are common for all accounts and cannot be edited, except by system administrators with the highest level of access.

With these templates you can quickly define roles for your account without having to create them from scratch. Just add a new role based on the template with similar permissions and adjust it to your needs if necessary.

For more information on how to manage the role templates, see Managing Role Templates.