Configuring Roles & Permissions

Product Team
  • Updated

Overview

Role-based access control allows customers to control access to various functions in Totango. Customers can define individual permissions for account-level access, app-level access, as well create custom Team or Account Assignment roles. Only a Global Admin can set system-wide role permissions.

Common Use Cases

  1. As a Global Admin I want to grant Success Managers the ability to update account information, Tasks, and Touchpoints, but prevent them from accessing the Executive Console.
  2. As a Global Admin I want to grant a manager the ability to perform all the actions on an Account but not have access to the CSM scorecard.
  3. As a Global Admin I want to create a System Admin role for my sysadmins and only grant them access to specific pages in Global Settings.

Note: The Global Admin has all permissions by default and this cannot be changed. Please be cautious in assigning Global Admins.

This article includes the following topics:

Account Level Permissions

The following account level permissions may be granted to account roles as well as team member roles on an account.

Totango_Roles_Account_Permissions_Table.png 

Granting Account Permissions to Roles

A Global Admin can define the permissions to one or more roles in the Global Settings menu, under Permissions.

Totango_Permissions_Account-Based-full_page-Lucid.png.pngEach permission can be assigned in the following ways:

  1. Only Specific Roles — Grant this permission to specific roles that have been specified.
  2. Everyone in Account Assignment — Grant this permission to every role in the Account team. New roles created in the future will also get this permission automatically.
  3. Every member of the Team — Grant this permission to every role in a Team.
  4. No One — No roles will be granted this permission. Global Admins are an exception and have all permissions by default.

Totango_Permissions_Dropdown-Lucid.png

App Level Permissions

The application level permissions allow admins to restrict access to various parts of the Totango application, and grant access to specific pages in global settings.

Application level permissions:

Category

  Description

Functions Controlled

SuccessBLOC
  • Ability to create a SuccessBLOC
  • Access SuccessPlays
  • Access Campaigns
  • Create SuccessBLOC
  • Access SuccessPlays
  • Access Campaigns

Filter Scorecard by individual team members

  View other CSMs performance

CSM performance metrics

Executive console

  Access the executive console

Executive console menu

Global SuccessBLOC

  Access global SuccessBLOC Access global SuccessBLOC menu 

Zoe
  • Access to the "Share via Zoe" option
  • Create & participate in impact step
  • Access to the "Share via Zoe" option
  • Create & participate in impact step

Bulk Edit

  Bulk edit attribute

Decide who can edit attributes with bulk operation in segments

New Accounts

  Create new account

Decide who can create new accounts in the system

Global settings permissions:

Category

Functions Controlled

General

Update General Settings

Engagement

Update Campaign Settings

Engagement

Access and Configure Rapid Insight Forms

Data Management

Update Revenue Center Settings

Data Management

Access and Manage ALL Data Settings. Note: this permission overrides all other data management permissions

Data Management

Design Health Profile and Criteria

Data Management

Access and Configure Customer Data Hub Settings

User Management

Access and Manage ALL Totango Users Settings. Note: this permission overrides all other Totango user management permissions

User Management

Access and Configure Dynamic Assignment Settings Only


Granting App Access Permissions

Totango_Permissions_App-Based_Full_Screen-Lucid.png.png
mceclip1.png

Each permission can be assigned in the following ways:

  1. Only Specific Roles — Grant this permission to specific roles that have been specified.
  2. Every Member of the Team — Grant this permission to every role in a Team.
  3. No One — No roles will be granted this permission. Global Admins are an exception and have all permissions by default.

Totango_Roles_App_Permissions_dropdown.png

Understanding Administrative Roles and Capabilities

There are two out-of-the-box roles that can maintain Team configurations:

Global Admin: The Global Admin’s primary role and function is to determine how Totango is configured and consumed. The Global Admin is responsible for creating and configuring all Teams. Global Admin can define what account and data each Team can access and manage. The Global Settings menu is only available for Global Admins by default, but can be updated in Global Settings>User Management>Permissions>Global Settings Permissions.

Team Admin: The primary function of this role is to manage his/her own team’s overview (team name, avatar, and goal) and manage team members (add/remove team members and add/remove team admins). Team Setting is available only for Global Admins and Team Admins. Team Setting shows only the settings for the selected team.

In addition to these two roles, you may add other Team Roles that can then be used to grant specific permissions to the application. Let's say you only want certain team members to be able to access Campaigns. You might create a specific team role for them and then you can designate that permission only to that role.

Screen_Shot_2019-09-26_at_9.17.02_AM.png

Defining Custom Team Roles

A Global Admin can define custom roles in the system. The following roles are available out of the box. 

  1. Regular User
  2. Team Admin

Navigate to the Global Settings menu > Teams to view or add Team roles.

Note: The Global Admin is a default super user role with full permissions, but is not listed with other roles mentioned above.

Totango__Roles_SuccessTeam_Roles-Lucid.png

Clicking on the green "+" button launches the New Role window allowing the user to the Role Name and Description.

Totango_Roles_Add_Success_Team_Role.gif

Read more about configuring Teams and discussion of Team roles in the article Creating and Configuring Teams.

Defining Custom Account Assignment Roles

In Totango each Account Team is made up of a set of users, each with their own Account Assignment Role. Totango comes with a pre-defined set of common Account Assignment roles, such as Success Manager and Sales Manager. Administrators can easily edit these roles and add additional roles to align with your business needs. Read more about how to configure bespoke Account Assignment roles.

FAQs

Question: The account assignment role that I am sending to Totango from SFDC is not updating the Totango User as expected.

Answer: The name of the user in SFDC and in Totango have to match exactly.

Question: What if I edit the name of a role and there are users assigned to the role?

Answer: The role will automatically update across all users where it is assigned. 

 

 

Related articles

Comments

0 comments

Article is closed for comments.

Articles in this section

See more