Overview

Security Roles are required for each user who received a User license.  

Each security role determines what the user can see and do inside the program.
Each user assigned to a Security Role will receive the exact same permissions and clearance as every other user assigned to that same role.

 Each licensed user is assigned a specific security role per entity.  If the user has access to multiple entities, they could have the same security clearance for each entity, but also have the option to be assigned a different security role for each entity.  

Roles
To access Security Role Management, go to
Settings > Administration / Security Roles
The default security roles in Role Management are:
Administrator, Full User, No Access, and Read Only
You can also create additional roles by clicking on the blue + button up in the top left corner of the module
Module Access

By default, the Administrator role is the only one to give you access to all six main Module permissions:

Create, Edit, Delete, View, Reports, and Configure.

  • Create:  Allows the user to create a new record that did not exist previously.
  • Edit:  With this permission, the user can add or alter documentation to an existing record (including change names, correct errors, add notes, change ID's, etc).
  • Delete:  The record can be deleted entirely, with no possibility of recovery. NOTE:  Even if you have Delete rights, most modules will block you from deleting a record, if that record has any recorded history on it. This includes: Assets, Budgets, Employees, Inventory, PMs, Users, and Vendors
  • View:  User can view any/all of the details of that module.  Unless they have additional rights granted, this is all they can do inside the selected module.
  • Reports: User can run any of the reports of the selected module.  
  • Configure: This grants the user permission to change the settings of the selected module, and amend what options all other users will be able to see in the module.
    Those with configure rights can go to Admin > Module Settings to see all the modules they have permission to reconfigure.


For Example:

Those with CREATE rights can create a new asset.


If they have EDIT rights, they add the Manufacturer and Model of the asset if it is available in the drop-down menu. 

 

If the model you want is not available, only those with CONFIGURE rights can add it as a new option to select from.



KEY LEARNING  

If you turn on Full Admin Access at the top of the page, access to the Module Settings is granted. It is the same as manually granting the user Configure rights on all modules.  


Full Admin Access will also grant you access to these tools and administration areas on the Settings Page: 

Full Admin Access is NOT necessary if the user only requires Configure rights to one or more modules.  However, if they will also need control of Administration Tools, or global settings (such as Company addresses, Inventory warehouse setup, Asset Group/Location setup, etc.), Full Admin Access will be required.  

 

What about those Module Specific security settings?

On the right side of the screen, you will notice security settings that are unique for specific modules.  Let's clarify a few of these.

Use this Feature To...
  • Limit who can be an administrator!  You don't want too many chefs in the kitchen.  Limiting access to configuration rights, helps prevent well-intentioned users from messing up settings or configuration for others.
  • Allow only certain roles to update or change inventory quantities, thereby keeping the integrity of your inventory numbers.
  • Reduce the amount of cleanup you have to do.  If a user who is less familiar with Lightning is granted access to reconfigure the database, it could impact every other user in the program.
  • Gain greater control over who can see what, where they can see it, and when they can access it