Assigning Security Permissions to User Roles

Once a role is created, security permissions must be assigned to it. These permissions customize the role to allow users only to see and access designated areas of the system. To assign permissions to a role, navigate to the Users App > Security.

There are three ways to apply security settings to a role:

Category: Enable / disable all security permissions for an area of the system for the role indicated. This is the quickest and most comprehensive means of role setup, but it does not allow you to specify details on what to include or exclude within the category.

Example: E.g., enabling all “Accounting” security permissions for an “Accounting Management Team” role.
Piecemeal: Enable / disable security permissions one at a time. This allows the greatest level of control, but takes the most time and testing to configure.
Combination: Using the Category and Piecemeal setup methods to customize the role. This method combines the best of both by allowing you to assign permissions by category, then adjust specifics piecemeal.

Caution: Permissions should never be removed from the Administrator role. If you require a role with slightly fewer permissions than "Administrator," create a separate role by copying the Administrator role.

Note: When configuring a role, it is always recommended that Impexium Administrators test the role being configured to ensure proper access to necessary features. This can be done by assigning the role being tested to a test account and by logging in as that test user.

Assigning Permissions by Category

Under Users App > Security, click App Categories Security.
Locate the area of the system to expose to the role-holder and click Security.
In the Role-Based Access Security window, all roles in the system are listed. Locate the role to which permissions should be added. Click Full, View, or No Access to set the appropriate permissions for that role in that area of the system.

Assigning Permissions Piecemeal

If the role should not allow permission to all aspects of an app category—e.g., the “Accounting Management-Level 2” role should be able to view a batch but not create one—these finer adjustments must be made under the Apps Security tab.

Click the Apps Security tab.
Sort security permissions by category, by clicking the App Category column header.
Click the Security button next to the desired setting.
Click View or Save if the role should allow view-only or editing to the user for this setting.

Tip: If the security permission displays a check mark in the Shows in Site Menu column, that option corresponds to a top-level option in the site menu. Enabling or disabling a Shows in Site menu option is a quick way of managing access to that menu option as well as all options under it.

Assigning Special Permissions

Special permissions are unique among security permissions, in that they can be set per user as well as per role.

These permissions include:

Accounting.DonationPurchaseProfile.CancelRecurringDonation: Permission to cancel recurring donations on the Customer Record.
Accounting.PaymentProfile.VoidPayment: Permission to void payments accessible via the payment profile.
Crm.ChapterProfile.BillHighway: Permission to access the Billhighway platform from the Chapter Profile.
Crm.IndividualProfile.CreateUser: Permission to create a user record for an individual.
Crm.IndividualProfile.RightToBeForgotten: Permission to show / hide the “Right to be Forgotten” feature on the Individual Record.
Crm.UserRoles.Impersonate: Permission to control the ability to impersonate other users.
Dashboard.Qrvey.Create: Permission to create a dashboard for Qrvey.

To allow a role or user access to a special permission:

Click the Special Permissions tab.
Click Edit next to the desired permission.
To make the special permission available to an entire role, select the role under the Roles tab. To make it available to a certain user, select the user under the Users tab. (Only users with a role in the system appear in this list.)