Roles and Permissions
Learn about roles and permissions and how to manage them in Rose Rocket.
Overview
This guide covers information about roles and permissions within Rose Rocket. View your team’s roles and manage their permissions within the organization. You can edit access for any role and any object within Rose Rocket to manage permissions at a granular level.
For example, at XYZ Freight Corporation, the system administrator has the Admin role and can manage full access for the company. The system administrator then manages the Operations roles to have visibility on customer status and not have access to financial data. In this case, Operations roles can update delivery date and times, but don’t have the ability to view fields like margins or other specific financial line items.
About Roles
Roles are categories for your users within your Rose Rocket organization settings. Each role has its own description as well as specific access. The account owner or system administrator for the organization can modify and update roles as an Admin in Rose Rocket.
To manage roles within your account through the user interface, see the steps below.
- Navigate to Settings > Users, Roles, Groups.
- Select the Roles tab.
- Select a role under the Name column to modify and update.
Rose Rocket has built-in roles for your organization. View the list of roles and example descriptions below.
- Admin - Full access for account owners and system administrators
- Customer (Guest) - Limited access for your customers
- Driver - Specific for company driver or owner operator
- External - For public viewing of shared information
- Guest - Provides guests with limited access
- Manager - Almost full access, restricted from changing organizational or subscription settings
- Operations - Limited financial data access
- Partner (Guest) - Limited access to tracking and providing updates
- Sales - Limited financial data access
After navigating to a specific role, you can then update and manage permissions for that role. See the section below on About Permissions.
NOTE: Admin can also edit access for their own roles. Keep in mind the role to manage for any specific access and permissions.
About Permissions
Permissions are for the object access that roles have within your Rose Rocket organization. Permissions are available for all objects and can be managed for any specific role.
As an example, XYZ Freight Corporation’s account owner is going to manage permissions for the company’s Sales roles. The account owner has changed access for the Sales roles so that this role can’t create or delete any records. In this situation, Sales roles are only able to view and edit existing records for the company.
Set permissions for roles
To set specific permissions, navigate to the role to manage. After selecting the role, the Permissions page displays the object access collection. Select an object to manage the permissions for the role.
Each of the permissions has sections to manage the board, record, and data. Select the Edit button to update that specific section. See the list below for descriptions on these sections.
- Board - For objects with boards, defaults to only specific shared boards
- Record - Change permissions to allow create and delete access
- Data - Manage access to data as full, read-only, or a custom configuration
- Specify individual object and field access for the role on the detailed view
For example, when the XYZ Freight Corporation system administrator updates permissions for the Partner roles, such as no access to pay stub objects, the navigation and visibility are also updated. The Partner roles no longer can view pay stub information in Rose Rocket.
Manage roles and permissions with the Rose Rocket API
Use the Rose Rocket API to programmatically update roles and permissions. Use and modify the URL below according to your organization’s roles and permissions to manage. Update the {{role}}
and {{object}}
values in the request URL for your use case.
https://sample.roserocket.com/api/v2/platformModel/permissions/roles/{{role}}/objectKey/{{object}}
Update permissions for a role
To update permissions, make a POST request to the appropriate URL. Use the payload example below for structuring your JSON data configuration.
{"boards":[{"key":"contact","isDisabled":false}],"record":{"isCreateAllowed":true,"isDeleteAllowed":false},"data":{"option":"noAccess","fields":[{"key":"fullId","description":"An incrementing identifier for each record","permissionType":"viewer","isDerived":false,"isDisabled":true,"isSystemGenerated":true,"isConnection":false},{"key":"firstName","description":"First name of the contact","permissionType":"viewer","isDerived":false,"isDisabled":true,"isSystemGenerated":true,"isConnection":false},{"key":"lastName","description":"Last name of the contact","permissionType":"viewer","isDerived":false,"isDisabled":true,"isSystemGenerated":true,"isConnection":false},{"key":"email","description":"Email of the contact","permissionType":"viewer","isDerived":false,"isDisabled":true,"isSystemGenerated":true,"isConnection":false},{"key":"phone","description":"Phone number of the contact.","permissionType":"viewer","isDerived":false,"isDisabled":true,"isSystemGenerated":true,"isConnection":false},{"key":"name","description":"First and last name of the contact","permissionType":"viewer","isDerived":true,"isDisabled":true,"isSystemGenerated":true,"isConnection":false},{"key":"dateCreatedLabel","description":"Date the contact was created as a label string","permissionType":"viewer","isDerived":true,"isDisabled":true,"isSystemGenerated":true,"isConnection":false},{"key":"isPrimary","description":"True if the this a primary contact when associated to another object.","permissionType":"viewer","isDerived":false,"isDisabled":true,"isSystemGenerated":true,"isConnection":false},{"key":"status","description":"Status of the contact.","permissionType":"viewer","isDerived":false,"isDisabled":true,"isSystemGenerated":true,"isConnection":false},{"key":"contactRole","description":"Role of the contact.","permissionType":"viewer","isDerived":false,"isDisabled":true,"isSystemGenerated":true,"isConnection":false},{"key":"customer","permissionType":"viewer","isDerived":false,"isDisabled":true,"isConnection":true},{"key":"partner","permissionType":"viewer","isDerived":false,"isDisabled":true,"isConnection":true},{"key":"formattedContact","description":"Formatted contact field contains a summarized contact info blob","permissionType":"viewer","isDerived":true,"isDisabled":true,"isSystemGenerated":true,"isConnection":false},{"key":"canvas","description":"Rich text document attached to this record","permissionType":"viewer","isDerived":false,"isDisabled":true,"isConnection":true},{"key":"isActive","description":"Whether this object is active or not.","permissionType":"viewer","isDerived":false,"isDisabled":true,"isSystemGenerated":true,"isConnection":false}]}}
Restrictions on roles and permissions for the API
Users requesting record information when their roles and permissions are restricted can only view limited information. When a role or permission has limited access to objects, Rose Rocket only displays the applicable object records to the user.
Requesting object records with a restriction returns the 403
error. View the descriptions from the list below.
- Restricted access for editing a field
- Widgets not allowed for role
Next steps
After managing roles and permissions for your organization, view the recommended next steps to continue improving your customer experience.
- Add new roles
- Manage detail views
Updated 4 months ago