Roles Use Case: The Billing User

Security roles enable you to tailor specific permissions for users loaded into your CloudRadial tenant. Permissions affect the overall visibility and general functionality of every feature within your portal.

This article explains how to create and manage a Billing User role using CloudRadial's Security Roles and Role Assignments feature, with multiple methods for applying roles at scale.

Table of Contents

• Prerequisites
• Use Case Overview
• Creating a Billing User Role
  • Step 1: Create the Role
  • Step 2: Configure Permissions
  • Step 3: Save the Role
• Assigning the Role to Users
  • Method 1: Through Role Assignments
  • Method 2: Through Individual User Management
  • Method 3: PSA Type Mappings (Advanced)
• Testing the Billing User Role
• Important Considerations
  • Access Levels
  • Security Notes
  • Scaling Role Assignments

Prerequisites

Before following these instructions, ensure that you meet these prerequisites to ensure a smooth experience:

• You have top-level access to the CloudRadial CSA portal (not applicable to Portal 365)
• You have administrator permissions to create roles and assignments
• You have a basic understanding of user management

At a minimum, you should familiarize yourself with security roles before following this article.

Use Case Overview

The Billing User role is designed to provide enhanced permissions for users who need access to financial and billing information without full administrative privileges. This role allows users to:

• Access billing-related features and information
• View invoices, agreements, and quotes
• Maintain limited access to prevent unauthorized system changes
• Bridge the gap between basic users and full administrators

Key benefits of this role include:

• More permissions than a basic user
• Fewer permissions than an administrative user
• Scalable application across multiple companies
• Reusable role template for consistent access control

Creating a Billing User Role

Step 1: Create the Role

1. Navigate to Partner > Security in your CloudRadial portal
2. Click on the Roles tab at the top right
3. Click Add Role to create a new role
   
   
   
   
4. Configure the role settings:
   • Role Name: Billing User (or your preferred naming convention)
   • Description: "Provides access to billing features including invoices, agreements, and quotes." (or your preferred description)
   • Default Role: Leave unchecked (this should not be a default role)

Step 2: Configure Permissions

For a Billing User role, configure the following permissions:

User Permissions:

• Impersonate Users: Disabled (billing users typically don't need this capability)
• Partner Level Permissions: None required

Module Permissions:

• Invoices: Read access
• Agreements: Read access
• Quotes: Read access
• All other modules: No additional access (roles stack with existing user permissions)

Note: CloudRadial roles stack on top of each other. The billing user will retain their basic user role permissions plus the additional Billing User permissions. You can either minimize all other permissions for clarity or add specific billing permissions to the base user set - both approaches work effectively.

Step 3: Save the Role

Click Save to create the role.

The new Billing User role is now available for assignment and should provide users with expanded access to billing-related features.

Assigning the Role to Users

Once you have created the appropriate role with the necessary permissions, you'll need to assign it to your specific user(s). CloudRadial offers multiple methods for role assignment:

Method 1: Through Role Assignments

This method is ideal for managing bulk assignments and coordinating across companies.

To assign the role:

1. Navigate to Partner > Security
2. Click on the Role Assignments tab (you'll land there by default)
3. Click Add Role Assignment 

For Company-Specific Access:

1. Scope Type: Select Company
2. Company: Choose the specific company (e.g., "Azurative Technology")
3. Role: Select Billing User (or whatever you named your role)
4. User: Select the target user(s) (e.g., Diane and Jim)
5. Click Save

For Multiple Companies:

• Repeat the process for different companies
• Select users from the company list
  • Note: You may see members of your own company in the list - this is normal for cross-company access scenarios.
• Bulk select multiple users within each company scope

Method 2: Through Individual User Management

This method provides a more hands-on approach for individual user management.

To assign the role:

1. Navigate to Partner > Clients
2. Click on the Users tab
3. Find and click on the specific user to assign the role to
4. Navigate to their Role Assignments tab
   
   
   
   
5. Add the Billing User role while keeping their existing User role
6. The user will now have layered permissions: basic user + billing permissions

Method 3: PSA Type Mappings (Advanced)

For organizations managing roles at scale with PSA integration, type mappings provide the most efficient solution.

• Before following these instructions, be aware that Type Mappings is not supported in all PSAs.
• Please read the Type Mapping article before proceeding.

Prerequisites:

• PSA integration enabled (works well with ConnectWise, Autotask, and other supported PSAs)
• User types configured in your PSA system
• Type mapping feature access

To set up type mappings:

1. Create your Billing User role (as outlined above)
2. Navigate to Partner > Settings
3. Under the Configuration column, select Type Mappings
   
   
   
   
4. Click Add Mapping
5. Configure the mapping:
   • PSA Contact Type: Select the corresponding type from your PSA (e.g., "Finance User" in ConnectWise)
   • CloudRadial Role: Select your Billing User role
   • User Groups: Add to relevant groups if desired
6. Save the mapping

Benefits of Type Mappings:

• Automatic role assignment based on PSA user types
• Centralized management through your existing PSA system
• Eliminates manual, one-by-one user selection
• Scales efficiently with large user bases

Testing the Billing User Role

After creating and assigning the role, it's important to verify functionality:

Verification Steps:

1. Check Role Assignment: Confirm the role appears in the user's Role Assignments
2. Test User Impersonation: Use the impersonate function to view the user's portal experience
3. Verify New Access: The user should now see:
   • Additional Account tab in their navigation
   • Access to the Invoices, Agreements, and Quotes sections (or whatever you specifically gave them based on your role preferences)
   • Expanded permissions beyond basic user limitations

Important Considerations

Access Levels

• Billing users maintain their base user permissions with additional billing access
• Role stacking means the most permissive set of permissions applies
• Users cannot access administrative functions unless explicitly granted

Security Notes

• Billing users should not have impersonation capabilities
• Consider the scope of access when assigning roles (company-specific vs. global)
• Financial data visibility depends on the specific permissions granted

Scaling Role Assignments

• Multiple role assignments can be stacked for broader access
• Company Groups (Enterprise) allow efficient management at scale
• No limit to the number of role assignments per user