Table of Contents

User Role Creation & Best Practices

Mitchell Paul-Soumis Updated by Mitchell Paul-Soumis

What are User Roles?

In Sonar, User Roles represent a collection of permissions attributed to general categories of individuals, defining which actions can be performed by these groups. When creating a role, you're presented with a list of permissions that can be enabled or disabled. Each individual permission is part of an overall module, and each module interacts directly with a portion of your Sonar instance.

Where are Roles Created?

Roles are created under Settings -> Security -> Roles

Common Roles & Permissions

From a practical point of view, there are certain permissions that need to exist in the instance, and others that you're very likely to use. In this section, we'll be going over the default Account Role, and some very common custom created roles - with their most common associated permissions.

Super-Admin

The Super-Admin Role is not a visible Role, but supersedes Role selection during User Creation. If a user is granted Super Admin level permission, they have full access to the instance and cannot be limited in any way. The first user created for the instance will always be a Super Admin, but can be modified in the future.

Created Roles

In Sonar, you're able to create a series of customized roles to apply to users on your instance, and each of these roles can be modified by making use of the variables contained in the instance.

In the following sections, we'll be reviewing the roles by the most commonly enabled modules, rather than reviewing each and every permission. For more information on creating custom roles or if you need a hand with their creation, give our support team a call at 702.447.1247
If you'd like to create these roles using GraphiQL instead of within the User Interface, you can take a look at our Role Creation using GraphiQL article
Customer Portal

Module

Should Have

Account

Add and remove account services

Perform an action that creates an account transaction (e.g. a payment, debit, discount.)

View all account transactions

Update an account transaction

View accounts and related entities

Update an account and related entities

Contact

Create a new contact

Update a contact

Delete a contact

Contract

View all contracts

Update a contract

Data Usage History

View all data usage history entries

Inbound Mailbox

View all inbound mailboxes

Invoice Attachment

View all invoice attachments

Invoice Message

View all invoice messages

Package

View all packages

Payment

View configured payment processors

Create a new payment method (e.g. credit card.)

View all payment methods

Update a payment method

Delete a payment method

Create a new payment

Service

View services

Ticket

View all non-private tickets

Create a ticket

Update a ticket

Misc

Create a data usage top off

Support Agent

The Support Agent Role is assigned to users who deal primarily in handling inbound communication with your customers

Module

Should Have

Inventory

View All Inventory

Can assign inventory to accounts, yourself, or a vehicle you drive

Account

Add and remove account services

Modify account service parameters, such as quantity, name override, and proration

Update the billing parameters on an account

Perform an action that creates an account transaction (e.g. a payment, debit, discount.)

View all account transactions

Update an account transaction

Whether a user can reverse transactions

Create a new account, and related entities

View accounts and related entities

Update an account and related entities

Account Group

View account groups

Account Status

View account statuses.

Account Type

View account types.

Address

Create a new serviceable address

View serviceable addresses

Address Lists

View

Billing Defaults

View

Call Log

View all call logs

Create a call log

Update a call log

Canned Replies

View all canned replies

Update a canned reply

Create a new canned reply

Contact

All

Contract

View

Custom Field

All

Data Usage History

All

Email Message

All Except delete

File

Create, Update, Read, Delete

Inbound Mailbox

View

Inventory Item

All

Job

View, Update, Create, Delete

Job Type

View

Mass Email

View

Network Site

View

Note

All

Package

View, Update, Create

Payment

View Processors, Create New Method, View Methods,

Update Methods, Delete method, Create New Payment

RADIUS Account

View, Create, Update

Scheduled Event

View, Update, Create

Service

View

Ticket

View, Create, Update

Ticket Category

View

Misc

Issue Payment Refunds, Create Data Usage Top-Off

Sales Agent

The Sales Agent Role is assigned to users who field incoming calls from potential customers and sell your services, potentially also creating the serviceable addresses and accounts

Module

Should Have

Inventory

View all inventory

Can assign inventory to accounts, yourself, or a vehicle you drive

Account

All except Delete an Account transaction

Account Group

View

Account Status

View

Account Type

View

Address

All

Call Log

View, Create, Update

Canned Reply

View

Contact

All

Contract

All

Contract Template

View

Custom Field

View

File

Create New, Update, Delete, Read

Job

View, Update, Create, Delete

Job type

View

Note

Create, Update, Delete

Package

View

Payment

View Processors, Create New Method, View Methods,

Update Methods, Delete method, Create New Payment

RADIUS Account

View, Create, Update

Scheduled Event

View, Update, Create

Service

View

Ticket

View, Create, Update

Ticket Category

View

Misc

Update Links between accounts and invoices, issue payment refunds

Field Technician

The Field Technician role is assigned to users who are set to be visiting customer addresses and installing or maintaining their service(s)

These are also the minimum role permissions that would be expected for any user that is using the Sonar field app

Module

Should Have

Inventory

View All Inventory

Can assign inventory to accounts, yourself, or a vehicle you drive

Account

Add and remove account services

Modify account service parameters, such as quantity, name override, and proration

Perform an action that creates an account transaction (e.g. a payment, debit, discount)

View all account transactions

Update an account transaction

View accounts and related entities

Update an account and related entities

Address

Create a new serviceable address

View serviceable addresses

Update a serviceable address

Address List

View all address lists

Alerting Rotation

View all alerting rotations

Call Logs

View all call logs

Contact

Create a new contact

Update a contact

Contract

View all contracts

Custom Field

View all custom fields

File

Create a new File

Update a File

Delete a File

Read Files

Inventory Item

Update an inventory item

Job

View all jobs

Update a job

Allows a user to check themselves in to a job

Allows a user to complete their own job

Note

Create a new note

Update a note

Delete a note

Package

View all packages

Payment

Create a new payment method (e.g. credit card.)

View all payment methods

Update a payment method

Create a new payment

RADIUS Account

View all RADIUS accounts

Create a RADIUS account

Update a RADIUS account

Delete a RADIUS account

Scheduled Event

View all scheduled events

Task

Create a new task

Update a task

Ticket

View all non-private tickets

Create a ticket

Update a ticket

Uninventoried MAC Address

View all uninventoried MAC addresses

Create an uninventoried MAC address

Update an uninventoried MAC address

Misc

Update the Drivers of a Vehicle

The "Whether a user can complete tasks that are not assigned to them" permission is not required for the app, however this permission is useful if your technicians travel in teams sometimes.

Best Practices for Adding Roles

  • When adding Roles, don't be afraid of adding too many! If your business is compartmentalized and structured, it's possible that you end up with 50 distinct roles, and that's okay.
  • If your Roles don't exactly align with the examples, not to worry. Every organization will have different needs when it comes to role creation - which is why creation is so flexible.
  • Roles don't need to be fixed - if you find that users under a certain role are suffering from insufficient permissions, modifying that role will affect everyone under it.

How did we do?

Removing a Terminated Employee In Sonar

Contact