Table of Contents

User Role Creation & Best Practices

Mitchell Paul-Soumis Updated by Mitchell Paul-Soumis

Read Time: 6 mins

What are User Roles?

In Sonar, User Roles represent a collection of permissions attributed to general categories of individuals, defining which actions can be performed by these groups. When creating a role, you're presented with a list of permissions that can be enabled or disabled. Each individual permission is part of an overall module, and each module interacts directly with a portion of your Sonar instance.

Where are Roles Created?

Roles are created under Settings -> Security -> Roles

Common Roles & Permissions

From a practical point of view, there are certain permissions that need to exist in the instance, and others that you're very likely to use. In this section, we'll be going over the default Account Role, and some very common custom created roles - with their most common associated permissions.

Super-Admin

The Super-Admin Role is not a visible Role, but supersedes Role selection during User Creation. If a user is granted Super Admin level permission, they have full access to the instance and cannot be limited in any way. The first user created for the instance will always be a Super Admin, but can be modified in the future.

Created Roles

In Sonar, you're able to create a series of customized roles to apply to users on your instance, and each of these roles can be modified by making use of the variables contained in the instance.

In the following sections, we'll be reviewing the roles by the most commonly enabled modules, rather than reviewing each and every permission. For more information on creating custom roles or if you need a hand with their creation, give our support team a call at 702.447.1247
If you'd like to create these roles using GraphiQL instead of within the User Interface, you can take a look at our Role Creation using GraphiQL article
Customer Portal

Module

Should Have

Account

Add and remove account services

Perform an action that creates an account transaction (e.g. a payment, debit, discount.)

View all account transactions

Update an account transaction

View accounts and related entities

Update an account and related entities

Contact

Create a new contact

Update a contact

Delete a contact

Contract

View all contracts

Update a contract

Data Usage History

View all data usage history entries

Inbound Mailbox

View all inbound mailboxes

Invoice Attachment

View all invoice attachments

Invoice Message

View all invoice messages

Package

View all packages

Payment

View configured payment processors

Create a new payment method (e.g. credit card.)

View all payment methods

Update a payment method

Delete a payment method

Create a new payment

Service

View services

Ticket

View all non-private tickets

Create a ticket

Update a ticket

Misc

Create a data usage top off

Support Agent

The Support Agent Role is assigned to users who deal primarily in handling inbound communication with your customers

Module

Should Have

Inventory

View All Inventory

Can assign inventory to accounts, yourself, or a vehicle you drive

Account

Add and remove account services

Modify account service parameters, such as quantity, name override, and proration

Update the billing parameters on an account

Perform an action that creates an account transaction (e.g. a payment, debit, discount.)

View all account transactions

Update an account transaction

Whether a user can reverse transactions

Create a new account, and related entities

View accounts and related entities

Update an account and related entities

Account Group

View account groups

Account Status

View account statuses.

Account Type

View account types.

Address

Create a new serviceable address

View serviceable addresses

Address Lists

View

Billing Defaults

View

Call Log

View all call logs

Create a call log

Update a call log

Canned Replies

View all canned replies

Update a canned reply

Create a new canned reply

Contact

All

Contract

View

Custom Field

All

Data Usage History

All

Email Message

All Except delete

File

Create, Update, Read, Delete

Inbound Mailbox

View

Inventory Item

All

Job

View, Update, Create, Delete

Job Type

View

Mass Email

View

Network Site

View

Note

All

Package

View, Update, Create

Payment

View Processors, Create New Method, View Methods,

Update Methods, Delete Method, Create New Payment

RADIUS Account

View, Create, Update

Scheduled Event

View, Update, Create

Service

View

Ticket

View, Create, Update

Ticket Category

View

Misc

Issue Payment Refunds, Create Data Usage Top-Off, Update Links Between Accounts and Invoices

Sales Agent

The Sales Agent Role is assigned to users who field incoming calls from potential customers and sell your services, potentially also creating the serviceable addresses and accounts

Module

Should Have

Inventory

View all inventory

Can assign inventory to accounts, yourself, or a vehicle you drive

Account

All except Delete an Account transaction

Account Group

View

Account Status

View

Account Type

View

Address

All

Call Log

View, Create, Update

Canned Reply

View

Contact

All

Contract

All

Contract Template

View

Custom Field

View

File

Create New, Update, Delete, Read

Job

View, Update, Create, Delete

Job type

View

Note

Create, Update, Delete

Package

View

Payment

View Processors, Create New Method, View Methods,

Update Methods, Delete method, Create New Payment

RADIUS Account

View, Create, Update

Scheduled Event

View, Update, Create

Service

View

Ticket

View, Create, Update

Ticket Category

View

Misc

Update Links between accounts and invoices, issue payment refunds

Field Technician

The Field Technician role is assigned to users who are set to be visiting customer addresses and installing or maintaining their service(s)

These are the minimum role permissions that would be required for any user to access the Sonar field app.

Module

Should Have

Inventory

View All Inventory

Can assign inventory to accounts, yourself, or a vehicle you drive

Account

Add and remove account services

Perform an action that creates an account transaction (e.g. a payment, debit, discount)

View all account transactions

View accounts and related entities

Update an account and related entities

Optional (But Recommended):

Delete an account transaction

Whether a user can reverse transactions

Address

View serviceable addresses

Alerting Rotation

View all alerting rotations

Contract

View all contracts

DHCP Server

View all DHCP servers

File

Create a new File

Update a File

Delete a File

Read Files

Inline Device

View all inline devices

Inventory Item

Update an inventory item

IP Assignment

View all IP assignments

Create an IP assignment

Update an IP assignment

Delete an IP assignment

Job

View all jobs

Update a job

Allows a user to check themselves in to a job

Allows a user to complete their own job

Network Monitoring Template

View all network monitoring templates

Network Site

View all network sites

Note

Create a new note

Update a note

Delete a note

Package

View all packages

Payment

Create a new payment method (e.g. credit card.)

View all payment methods

Update a payment method

Create a new payment

Phone Number Type

View phone number types

RADIUS Account

View all RADIUS accounts

Create a RADIUS account

Update a RADIUS account

Delete a RADIUS account

Scheduled Event

View all scheduled events

Service

View services

Task

Update a task

Ticket

View all non-private tickets

Create a ticket

Update a ticket

Misc

Optional (But Recommended):

Update the drivers of a vehicle

Read Only - Full Instance

The read-only role is an example role that might be used to provide access to a 3rd party developer who simply needs to look at the UI of your Sonar instance.

This role is only a very generic example - customizing this role is highly recommended, to ensure those with read-only access are only seeing what they need, rather than the full instance.

Module

Should Have

Inventory

View all inventory

Only view inventory assigned to accounts and network sites that you have permission to view, to yourself, or assigned to a vehicle that you are a driver of

Reports

View generated FCC Form 477 reports.

Create a FCC Form 477 report

View account reports.

View financial reports.

Account

View all account transactions

View accounts and related entities

Account Group

View account groups

Account Status

View account statuses

Account Type

View account types

ACH Batch

View all ACH batches

Address

View serviceable addresses

Address List

View all address lists

Alerting Rotation

View all alerting rotations

Logs

View all log files, regardless of the entity they are attached to

Application Firewall Rule

View all application firewall rules

Billing Default

View billing defaults

Cable Modem Provisioner

View all cable modem provisioners

Call Log

View all call logs

Canned Reply

View all canned replies

Contract

View all contracts

Contract Template

View all contract templates

Custom Field

View all custom fields.

Data Usage History

View all data usage history entries

Delinquency Exclusion

View all delinquency exclusions

Deposit Slip

View all deposit slips

DHCP Server

View all DHCP servers

DID

View all DIDs

DID Assignment

View all DID assignments

Email Category

View email categories

Email Domain

View all email domains

Email Message

View email messages

External Marketing Provider

Read an external marketing integration

FCC Form 477 Report

View generated FCC Form 477 reports.

File

Read Files

General Ledger Code

View general ledger codes

Geofence

View all geofences

GPS Tracking Provider

View all gps tracking providers

Inbound Mailbox

View all inbound mailboxes

Inline Device

View all inline devices

Invoice Attachment

View all invoice attachments

Invoice Message

View all invoice messages

IP Assignment

View all IP assignments

Job

View all jobs

Job Type

View all job types

LTE Provider

View all LTE providers

Netflow Endpoint

View all Netflow endpoints

Network Monitoring Template

View all network monitoring templates

Network Site

View all network sites

Non-Inventory Item

Read all non-inventory items

Package

View all packages

Password Policy

View password policy

Payment

View configured payment processors

View all payment methods

Phone Number Type

View phone number types

Poller

View all pollers

Printed Invoice Batch

View all printed invoice batches

RADIUS Account

View all RADIUS accounts

RADIUS Group

View all RADIUS groups

RADIUS Server

View all RADIUS servers

Scheduled Event

View all scheduled events

Schedule Address

View all schedule addresses

Schedule Availability

View all schedule availabilities

Schedule Blocker

View all schedule blockers

Schedule Time Off

View all schedule time offs

Service

View services

SNMP Override

View all SNMP overrides

Task Template

View all task templates

Tax

View taxes

Tax Exemption

View tax exemptions

Tax Provider

View tax providers

Ticket

View all non-private tickets

Ticket Category

View all ticket categories

Ticket Group

View all ticket groups

Tower Coverage Configuration

View TowerCoverage integration

Tower Coverage Submission

View all TowerCoverage submissions

Triggered Email

View triggered emails

Uninventoried MAC Address

View all uninventoried MAC addresses

Vendor

Read all vendors

Vendor Item

Read all vendor items

Voice Provider

View all Voice Providers

Webhook Endpoint

View webhook endpoints.

Event

View webhook endpoint events.

Misc

View all timeseries data

Best Practices for Adding Roles

  • When adding Roles, don't be afraid of adding too many! If your business is compartmentalized and structured, it's possible that you end up with 50 distinct roles, and that's okay.
  • If your Roles don't exactly align with the examples, not to worry. Every organization will have different needs when it comes to role creation - which is why creation is so flexible.
  • Roles don't need to be fixed - if you find that users under a certain role are suffering from insufficient permissions, modifying that role will affect everyone under it.

How did we do?

Role Creation using GraphiQL

Users: Overview

Contact