Understanding Security Roles

Please Note: Ticket View Settings have moved and are no longer defined in the same area as Security Roles. Please read the documentation listed here to learn how to modify Ticket View Settings for users.

Security roles allow you to custom-craft specific permissions for the users loaded into your CloudRadial tenant. Permissions affect the overall visibility and general functionality of every feature within your portal.

To customize these security roles, navigate to your Partner > Security tab from the left-hand feature set. Roles will be the first of three tabs at the top of this area.

• System Roles, Explained
• Deeper Security Role Documentation
• Common Use Cases for Custom Roles
• Security Role Limitations by CloudRadial Product Version
• Type Mapping Security Roles

System Roles, Explained

Four pre-loaded system roles, denoted simply as system roles, cannot be deleted or modified, as they are foundational to CloudRadial operations.

The four system roles are:

• User - the lowest user permission level. Has limited access to view everything in Home, Company, Support, and University. Commonly used for most users in the portal who don't need to see reporting.
  
  
• Company Reporting - a role used to give read-only access to everything except the Partner tab and commonly used for points of contact and other upper-tier users within a client company. 
  
  
• Company Administrator (formerly Impersonation) - a custom role used by Partner-level admin users as they impersonate generic admins to manage specific clients. Has access to every module enabled in a company Feature Set with full permissions except the Partner tab.
  
  
• Partner Administrator (formerly Owner) - the highest permission tier. Has full access to add, edit, and delete everything in the portal, including within the Partner area.

Deeper Security Role Documentation

To learn more about how to perform a specific action, please choose from the following articles:

• Setting a Default Security Role
• Adding, Cloning, and Reviewing Security Roles
• Removing Security Roles
• Understanding Role Assignments

Security Role Limitations by CloudRadial Product Version

Security Roles are generally limited to 10 total roles per CloudRadial tenant. The 4 roles defined previously are system default, leaving 6 total roles open for customization. 

Enterprise CSA clients can enjoy unlimited security roles, giving more flexibility and customization to Partners that require it. 

Common Use Cases for Custom Roles

• Enhanced Account Manager Control: Partner Account Managers can be granted administrator rights for specific companies or Company Groups (available with Enterprise CSA-only) while retaining a lower (or no) role concerning other companies.
  
  This enables full client service for their own portfolio while protecting the security and privacy of other companies.
  
  
• Specialized Access Roles: Partners can create specialized roles (such as a Billing Contact role) that are applied in addition to other user roles, enabling access to view invoices only for specified companies.
  
  Through CloudRadial's Type Mapping feature, users tagged as Billing Contacts in your PSA can be assigned the Billing Contact role, enabling them (and only them) to get elevated permissions without adding complex security roles
  
  
• Superior Client Approval Workflows: Client approval permissions can be granted to roles for specific companies, maintaining appropriate boundaries while enabling necessary workflows.

Type Mapping Security Roles

To expedite the process of assigning your custom roles to your CloudRadial users, you can use the Type Mapping functionality.

This takes the user types from your PSA tools (if supported) and "maps" them over to CloudRadial, allowing you to take your existing PSA infrastructure as a basis for which users should have what permissions. 

• For specific information on type mappings and how to set them up, please see this article.