REST Roles and Permissions
Permissions
Group | Permission ID | Description |
---|---|---|
Accounts | account:delete |
|
account:read |
| |
account:write |
| |
Account Locations | accountloc:delete |
The list of account locations that can be deleted is further restricted to those in work centers the logged in user is allowed to mange. |
accountloc:read |
The list of account locations that can be viewed is further restricted to those in work centers the logged in user is allowed to manage. | |
accountloc:write |
The list of account locations that can be updated is further restricted to those in work centers the logged in user is allowed to manage. | |
Alert | alert:create |
|
Asset | asset:delete |
|
asset:read |
| |
asset:write |
| |
Field-Fields | flexfield:delete |
|
flexfield:read |
| |
flexfield:write |
| |
Flex-Forms | flexform:delete |
|
flexform:read |
| |
flexform:write |
| |
Gantt | gantt:read |
|
plannermap:read |
| |
Reports | report:geolocation |
|
report:timesheet |
| |
report:timesheetsummary |
| |
System Categories | syscat:delete |
Some system categories have reserved codes that can not be deleted from the system. Please refer to the system category documentation for specific details. |
syscat:read |
In order for the system to run, every user has read access to all system categories. This permissions is simply controlling whether or not the System Category Management section in the Nexus UI is visible. | |
syscat:write |
Each system category can impose further rules on write access. Please refer to the system category documentation for specific details. | |
Timecard | timecard:approve |
|
timecard:decline |
| |
timecard:read |
| |
timecard:reopen |
| |
User Management | user:changepassword |
It is not recommended to allow another user (even admin) to specifically set a user's password. The preferred way is to use the reset password feature. This will prevent the admin from ever knowing a user's password. |
user:delete |
| |
user:read |
| |
user:resetpassword |
When a user's password is reset, and email it sent to the user with a link instructing them to reset their password. | |
user:write |
| |
user:assignroles |
This permission should only be assigned to an administrator. | |
Work Center Management | workcenter:read |
|
workcenter:delete |
| |
workcenter:assignmanager |
| |
workcenter:write |
| |
Work Order Management | workorder:delete |
The list of work orders that can be deleted is further restricted to those in work centers the logged in user is allowed to manage. |
workorder:read |
The list of work orders that can be viewed is further restricted to those in work centers the logged in user is allowed to manage. | |
workorder:write |
The list of work orders that can be updated is further restricted to those in work centers the logged in user is allowed to manage. |
Default Roles
ServiceMobility is installed with several default roles with default permissions. Except for the admin role and of the other default roles can me modified or deleted.
Admin Role
Any user assigned to this role will have unrestricted access to the system and all data. If you are currently logged in with admin role the system will prevent you from removing yourself from the role. This is to prevent you from possibly being locked out of the system.
The default admin
role can not be deleted.
Manager Role
The Manager
role has the following default permissions.
- account:read,write,delete
- accountloc:read,write,delete
- workorder:read,write,delete
- gantt:read
- plannermap:read
- report:timesheet,timesheetsummary,geolocation
- user:read,write,delete,resetpassword,changepassword
- workcenter:read,write,delete,assign managers
- flexfield:read,write,delete
- flexform:read,write,delete
- syscat:read,write,delete
Planner Role
The Planner
role has the following default permissions.
- account:read,write
- accountloc:read,write
- workorder:read,write
- gantt:read
- plannermap:read
- report:timesheet,timesheetsummary,geolocation
- user:read,write,resetpassword
- work center:read
- flexfield:read
- flexform:read
- syscat:read