Table of Contents
User Role Creation & Best Practices
Updated
by Mitchell Ivany
Read Time: 9 mins
What are User Roles?
In Sonar, user roles are groups of permissions assigned to different types of users. These roles control what actions each group can take.
When you create a role, you can turn individual permissions on or off. Each permission belongs to a module, and each module controls access to a specific part of your Sonar instance.
Where are Roles Created?
Roles are created under Settings -> Security -> Roles
Common Roles & Permissions
In practice, some permissions are essential, while others are commonly used. In this section, we’ll review the default Account role and several common custom roles, along with the permissions they usually include.
Super-Admin
The Super Admin role is not a selectable role during user creation, but it gives a user full access to the entire instance.
Users with Super Admin access cannot be restricted by role permissions. The first user created in an instance is always a Super Admin, though this can be changed later.
Created Roles
In Sonar, you can create custom roles for users in your instance and adjust each role using the available permission settings.
Customer Portal
Module | Should Have |
Account | Add and remove account services Perform an action that creates an account transaction (e.g. a payment, debit, discount.) View all account transactions Update an account transaction View accounts and related entities Update an account and related entities |
Agreement | View all agreements Update an agreement |
Contact | Create a new contact Update a contact Delete a contact |
Data Usage History | View all data usage history entries |
Inbound Mailbox | View all inbound mailboxes |
Invoice Attachment | View all invoice attachments |
Invoice Message | View all invoice messages |
Package | View all packages |
Payment | View configured payment processors Create a new payment method (e.g. credit card.) View all payment methods Update a payment method Delete a payment method Create a new payment |
Service | View services |
Ticket | View all non-private tickets Create a ticket Update a ticket |
Misc | Create a data usage top off |
Support Agent
The Support Agent role is for users who mainly handle incoming communication from customers.
Module | Should Have |
Inventory | View All Inventory Can assign inventory to accounts, yourself, or a vehicle you drive |
Account | Add and remove account services Modify account service parameters, such as quantity, name override, and proration Update the billing parameters on an account Perform an action that creates an account transaction (e.g. a payment, debit, discount.) View all account transactions Update an account transaction Whether a user can reverse transactions Create a new account, and related entities View accounts and related entities Update an account and related entities |
Account Group | View account groups |
Account Status | View account statuses. |
Account Type | View account types. |
Address | Create a new serviceable address View serviceable addresses |
Address Lists | View |
Agreement | View |
Billing Defaults | View |
Call Log | View all call logs Create a call log Update a call log |
Canned Replies | View all canned replies Update a canned reply Create a new canned reply |
Contact | All |
Custom Field | All |
Data Usage History | All |
Email Message | All Except delete |
File | Create, Update, Read, Delete |
Inbound Mailbox | View |
Inventory Item | All |
Job | View, Update, Create, Delete |
Job Type | View |
Mass Email | View |
Network Site | View |
Note | All |
Package | View, Update, Create |
Payment | View Processors, Create New Method, View Methods, Update Methods, Delete Method, Create New Payment |
RADIUS Account | View, Create, Update |
Scheduled Event | View, Update, Create |
Service | View |
Ticket | View, Create, Update |
Ticket Category | View |
Misc | Issue Payment Refunds, Create Data Usage Top-Off, Update Links Between Accounts and Invoices |
Sales Agent
The Sales Agent role is for users who handle calls from potential customers, sell services, and may also create serviceable addresses and customer accounts.
Module | Should Have |
Inventory | View all inventory Can assign inventory to accounts, yourself, or a vehicle you drive |
Account | All except Delete an Account transaction |
Account Group | View |
Account Status | View |
Account Type | View |
Address | All |
Agreement | All |
Agreement Template | All |
Call Log | View, Create, Update |
Canned Reply | View |
Contact | All |
Custom Field | View |
File | Create New, Update, Delete, Read |
Job | View, Update, Create, Delete |
Job type | View |
Note | Create, Update, Delete |
Package | View |
Payment | View Processors, Create New Method, View Methods, Update Methods, Delete method, Create New Payment |
RADIUS Account | View, Create, Update |
Scheduled Event | View, Update, Create |
Service | View |
Ticket | View, Create, Update |
Ticket Category | View |
Misc | Update Links between accounts and invoices, issue payment refunds |
Field Technician
The Field Technician role is for users who visit customer locations to install or maintain services.
Delete an Inventory Item. Only add this when necessary, since it also allows them to delete any inventory item in the instance.Module | Should Have |
Inventory | View All Inventory Can assign inventory to accounts, yourself, or a vehicle you drive |
Account | Add and remove account services Perform an action that creates an account transaction (e.g. a payment, debit, discount) View all account transactions View accounts and related entities Update an account and related entities Optional (But Recommended): Delete an account transaction Whether a user can reverse transactions |
Address | View serviceable addresses |
Agreement | View all agreements |
Alerting Rotation | View all alerting rotations |
DHCP Server | View all DHCP servers |
File | Create a new File Update a File Delete a File Read Files |
Inline Device | View all inline devices |
Inventory Item | Create an Inventory Item Update an inventory item |
IP Assignment | View all IP assignments Create an IP assignment Update an IP assignment Delete an IP assignment |
Job | View all jobs Update a job Allows a user to check themselves in to a job Allows a user to complete their own job |
Network Monitoring Template | View all network monitoring templates |
Network Site | View all network sites |
Note | Create a new note Update a note Delete a note |
Package | View all packages |
Payment | Create a new payment method (e.g. credit card.) View all payment methods Update a payment method Create a new payment |
Phone Number Type | View phone number types |
RADIUS Account | View all RADIUS accounts Create a RADIUS account Update a RADIUS account Delete a RADIUS account |
Scheduled Event | View all scheduled events |
Service | View services |
Task | Update a task |
Ticket | View all non-private tickets Create a ticket Update a ticket |
Misc | Optional (But Recommended): Update the drivers of a vehicle |
Read Only - Full Instance
This read-only role can be used for someone like a third-party developer who only needs to view your Sonar instance.
Module | Should Have |
Inventory | View all inventory Only view inventory assigned to accounts and network sites that you have permission to view, to yourself, or assigned to a vehicle that you are a driver of |
Reports | View generated FCC Form 477 reports. Create a FCC Form 477 report View account reports. View financial reports. |
Account | View all account transactions View accounts and related entities |
Account Group | View account groups |
Account Status | View account statuses |
Account Type | View account types |
ACH Batch | View all ACH batches |
Address | View serviceable addresses |
Address List | View all address lists |
Agreement | View all agreements |
Agreement Template | View all agreement templates |
Alerting Rotation | View all alerting rotations |
Logs | View all log files, regardless of the entity they are attached to |
Application Firewall Rule | View all application firewall rules |
Billing Default | View billing defaults |
Cable Modem Provisioner | View all cable modem provisioners |
Call Log | View all call logs |
Canned Reply | View all canned replies |
Custom Field | View all custom fields. |
Data Usage History | View all data usage history entries |
Delinquency Exclusion | View all delinquency exclusions |
Deposit Slip | View all deposit slips |
DHCP Server | View all DHCP servers |
DID | View all DIDs |
DID Assignment | View all DID assignments |
Email Category | View email categories |
Email Domain | View all email domains |
Email Message | View email messages |
External Marketing Provider | Read an external marketing integration |
FCC Form 477 Report | View generated FCC Form 477 reports. |
File | Read Files |
General Ledger Code | View general ledger codes |
Geofence | View all geofences |
GPS Tracking Provider | View all gps tracking providers |
Inbound Mailbox | View all inbound mailboxes |
Inline Device | View all inline devices |
Invoice Attachment | View all invoice attachments |
Invoice Message | View all invoice messages |
IP Assignment | View all IP assignments |
Job | View all jobs |
Job Type | View all job types |
LTE Provider | View all LTE providers |
Netflow Endpoint | View all Netflow endpoints |
Network Monitoring Template | View all network monitoring templates |
Network Site | View all network sites |
Non-Inventory Item | Read all non-inventory items |
Package | View all packages |
Password Policy | View password policy |
Payment | View configured payment processors View all payment methods |
Phone Number Type | View phone number types |
Poller | View all pollers |
Printed Invoice Batch | View all printed invoice batches |
RADIUS Account | View all RADIUS accounts |
RADIUS Group | View all RADIUS groups |
RADIUS Server | View all RADIUS servers |
Scheduled Event | View all scheduled events |
Schedule Address | View all schedule addresses |
Schedule Availability | View all schedule availabilities |
Schedule Blocker | View all schedule blockers |
Schedule Time Off | View all schedule time offs |
Service | View services |
SNMP Override | View all SNMP overrides |
Task Template | View all task templates |
Tax | View taxes |
Tax Exemption | View tax exemptions |
Tax Provider | View tax providers |
Ticket | View all non-private tickets |
Ticket Category | View all ticket categories |
Ticket Group | View all ticket groups |
Tower Coverage Configuration | View TowerCoverage integration |
Tower Coverage Submission | View all TowerCoverage submissions |
Triggered Email | View triggered emails |
Uninventoried MAC Address | View all uninventoried MAC addresses |
Vendor | Read all vendors |
Vendor Item | Read all vendor items |
Voice Provider | View all Voice Providers |
Webhook Endpoint | View webhook endpoints. |
Event | View webhook endpoint events. |
Misc | View all timeseries data |
Best Practices for Adding Roles
- Don’t worry about creating too many roles. If your business is well organized, having 50 different roles can be completely fine.
- Your roles also do not need to match common examples exactly. Every organization is different, so role setup is designed to be flexible.
- Roles can always be updated later. If a group of users requires more access, you can change that role, and the update will apply to everyone assigned to it.
