User Permissions

Permissions control what users can do or access within Issuetrak. With over 50 permissions available, it can be challenging to understand what separate permissions do and how to best manage them. These guidelines are meant to assist you in managing the permissions for your user accounts.


 

User Type

Every user must be designated as either an Agent or an End User. This determines what permissions your users have access to. Certain permissions require a user to be an agent, while others can be granted to either agents or end-users.


 

Permissions, Parameters and Access Rules

Permissions, parameters, and access rules may control what a user is able to access in Issuetrak.

  • Permissions – Control what each user can do within Issuetrak.
  • Parameters – Determine whether the user is active, can log into the site, and whether the user is a System Administrator (Sys Admin).
  • Visibility Rules – Establish which issues and users can be seen on the site. 

Permissions can be:

  • Applied from a default User Template based on how the record is created.

  • Copied from an existing user or user template through Cloning.

  • Inherited through one or more Groups.

  • Selected directly on a user record.

When Active Directory authentication is enabled for an Issuetrak site, permissions cannot be set by editing user records unless they have the No AD Authentication setting enabled (pre-11.13) OR Issuetrak authentication selected (11.13 and later). Active Directory users only receive permissions by Group and Template inheritance.


 

The following users can manage permissions

 
  • System Administrators – a designated agent user with the parameter “Sys Admin” is granted almost all permissions by default. A System Administrator has unlimited access to every area of the site and can change system-wide settings. No restrictions set within the site apply to the System Administrator.

  • Admin/Administrator users – a designated agent user with the permission “Can Access and maintain Administration Functions”. These users have the same default permissions as System Administrators except they are not allowed access to the “System Settings” portion of the Administration menu. This prevents them from making changes that enable or disable features and functionality within the site. As with System Administrators, no restrictions set within the site apply to Administrators.

  • User Administrators - These users have been granted “Can access and maintain users in this user's Organizations”. They can manage the permissions of the users in their own organization. These users can only manage permissions by changing group memberships for the users that they maintain.


Best Practices
  • Define your Groups to match the roles your users will have on your site. Customer, End User, Technician, Customer Service Rep, Administrator, Managers, Supervisors, Help Desk, and Service Desk are common examples.

  • Grant as few permissions as possible to the individual user account. It’s recommended to grant only “Issue Hub” to the individual user and let the groups control all other permissions.

  • If you are manually creating new users, it helps to clone existing users. By cloning an account, the permissions and group memberships are brought over to the new account. This allows users with similar functions to have the correct permissions with little overhead.

  • Use a good naming convention for templates. It’s suggested to give a template the last name “Template”. This allows for easier searching and identification.

  • Active Directory setups need to only use one template for all users. Additional permissions should be granted through Issuetrak groups.

  • There are two permissions that reference read-only access: Allowed Read Only access to Administration information and Allowed Read Only access to Asset Management information. These permissions allow users to view the specified areas, but not to add, edit, or delete values.

    • If these permissions are mixed with Can access and maintain Administration functions or Can access and maintain Asset Management Module functions, then the ability to change any information is overridden.  Permissions cannot be set on the individual user account. These conflicting permissions could be inherited by membership in two separate groups.

  • There is another scenario where permissions can contradict each other, and it involves Can access and maintain users in this user's Organizations, which is the permission that enables User Administrator.  The following two permissions cannot be set on an account with the aforementioned permission:

    • Can access and maintain Administration functions

    • Allowed Read Only access to Administration information


 

Parameter-based Permissions

 
Permission Description
Active An active user can interact with the Issuetrak site. A user that is not active will not be able to log into Issuetrak, and will not appear in selectable user lists in the application. Active users count toward user counts.
Can Log In If enabled, then this user can log into Issuetrak. A user can be active and still not be able to log in.
Sys Admin If enabled, then this user can view the Administration menu option and view/use ALL of its sub-menu options. They can also view the Billing, Asset Management, and Surveys menu options and view/use all of their sub-menu options when these modules are activated. Regardless of membership within an Organization or Department marked Internal, they can also view ALL issues in the system in any of their reporting mechanisms.
Show Debug If enabled, then this user can view specific information when needed by Issuetrak Technical Support. This should only be selected if specifically requested by Issuetrak Technical Support.
No AD Authentication
(Only present in pre-11.13 releases)
This permission is only used when Active Directory is enabled. A user record with this permission is not verified with Active Directory. All permissions are granted through other means. In addition, the password for this user account is controlled in the application.; It is recommended that at least one Sys Admin account uses this permission in the event that there is a problem or change with Active Directory that requires updating Issuetrak's Active Directory settings.
Issuetrak Authentication
(11.13 and later)
User records with this selected only authenticate against the credentials stored in the Issuetrak database, and are not governed by Active Directory. It's a good idea to have at least one Sys Admin account with this authentication selected, in case problems arise with authenticating to AD.

 

Agent Permissions

 
Permission Description
Can assign issues If enabled, then this user can manually assign issues to users/groups with "Can be assigned issues" permission.
Can be assigned issues An active user can manually and automatically be assigned issues. With "Activate link allowing self-assignment of next available issue in an unassigned queue," they can use a link on the Issue Hub screen to assign unassigned issues to themselves without Can Assign Issues.
Can submit issues on behalf of other users If enabled, then this user can submit issues in which they are the Enterer and another user is the actual Submitter.
Can access and maintain Administration functions Except for License and System Settings, view the Administration menu option and view/use all of its sub-menu options. Regardless of membership within an Organization or Department marked Internal, they can also view ALL issues in the system in any of their reporting mechanisms.
Can assign Next Action Provides the ability to assign Next Actions to users/groups with Can be assigned Next Action.
Can be assigned Next Action Enables the ability to manually and automatically be assigned Next Actions.
Can authenticate with the API v2 Grant this user the ability to interact with and authenticate to API v2.
Only visible if API v2 is enabled. Not visible if API v2 is merely installed.
Can create/manage/use own Quick Notes and use shared Quick Notes Provides the ability to use and interact with Quick Notes.

 

Administration Permissions

 
Permission Description
Can access and maintain Billing Module functions If enabled, then this user can view the Billing menu option and view/use all of its sub-menu options when the Billing Module is activated.
Can access and maintain Asset Management Module functions If enabled, then this user can view the Asset Management menu option and view/use all of its sub-menu options when the Asset Management Module is activated.
Can access and maintain Surveys Module functions If enabled, then this user can view the Surveys menu option and view/use all of its sub-menu options when the Surveys Module is activated.
Can access and maintain all Projects If enabled, then this user can view/add/edit any Project, including those marked Exclusive.
Can access and maintain users in this user's Organizations Activate the User Administrator functionality for this user.

 

Data Access Permissions

 
Permission Description
Allowed Read-Only access to Administration information Except for License and System Settings, view the Administration menu option and view/use limited sub-menu options related to existing Administration information. Regardless of membership within an Organization or Department marked Internal, they can also view ALL issues in the system in any of their reporting mechanisms.  This permission will override other Administration permissions granted to a user.
Allowed Read-Only access to Asset Management information If enabled, then this user can view the Asset Management menu option and view/use limited sub-menu options related to existing Asset Management information when the Asset Management Module is activated.  This permission will override other Administration permissions granted to a user. 
Can view and add Private Notes in issues If enabled, then this user can view Notes marked Private in issues, email notifications, and any of their reporting mechanisms. They can also add Private Notes on issues.
Can view and enter content in Private User Defined Fields If enabled, then this user can view User Defined Fields marked Private in issues, email notifications, and any of their reporting mechanisms. They can also select/enter values for Private User Defined Fields on issues.
Can view and select from Private Issue Templates when submitting issues If enabled, then this user can view/select Issue Templates marked Private on the Submit Issue screen.
Can view Assigned To information in issues and email notifications If enabled, then this user can view Assigned To and Next Action field and value in issues, email notifications, and any of their reporting mechanisms.
​Can view issues submitted by other users Except for issues filtered by membership within an Organization and/or Department marked Internal, view issues in which they have no role in any of their reporting mechanisms.
Can view Private Knowledge Base Articles If enabled, then this user can view Knowledge Base Articles marked Private.
Can add, edit and delete Knowledge Base Articles If enabled, then this user can add/edit/delete Knowledge Base Articles. With "Can view Private Knowledge Base Articles," they can also add/edit/delete Knowledge Base Articles marked Private.
Can add, edit and delete Knowledge Base Categories and Sub Categories If enabled, then this user can add/edit/delete Knowledge Base Categories and Subcategories.
Can add, edit and delete Custom Record Table records If enabled, then this user can add/edit/delete Custom Record Table records when the Custom Record Table feature is activated.
Can change their own password If enabled, then this user can reset their Issuetrak password. If authenticated by AD, they will need to contact their organization's support team to have their AD password reset.

 

Tasks Permissions

 
Permission Description
Can be assigned Tasks If enabled, then this user can manually and automatically be assigned Tasks.
Can view Tasks in issues If enabled, then this user can view Task Manager details in issues, email notifications, and any of their reporting mechanisms.
Can assign Tasks If enabled, then this user can manually assign Tasks to users/groups with "Can be assigned Tasks."
Can edit Tasks in issues If enabled, then this user can edit task details for any task the user has access to.

 

Issue Maintenance Permissions

 
Permission Description
Can add Notes to closed issues If enabled, then this user can add Notes on issues after they have been closed.
Can close issues If enabled, then this user can close issues.
Can close issues: Limit to issues submitted by this user If enabled, then this user can close only issues the user has submitted
Can delete issues and issue related attachments If enabled, then this user can delete issues and issue attachments.
Can edit issues If enabled, then this user can edit issues, including changing Class values, delete attachments, add/edit notes, change Subject and Description fields, change UDF values, status, substatus, and labor hours.
Can enter Labor Hours when entering Notes/completing Tasks If enabled, then this user can add/edit Labor Hours for Notes and Tasks on issues.
Can enter Line Items from Billing Module in issues If enabled, then this user can add/edit/delete Line Items and view/print Work Orders on issues when the Billing Module is activated.
Can modify submitted date when submitting Issues If enabled, then this user can edit the submitted date as issue is being entered.
Can modify Closed Date in issues If enabled, then this user can edit Close Date on the Close Issue screen. Close Dates cannot be modified after issues have been closed.
Can modify First Response Time entered in SLA issues If enabled, then this user can edit First Response Time on SLA-related issues when the Service Level Agreements feature is activated.
Can select Priority when submitting and maintaining issues If enabled, then this user can select Priority on issues.
Can select Severity when submitting and maintaining SLA issues If enabled, then this user can select Severity on issues.
Can select Substatus when submitting and maintaining issues If enabled, then this user can select Substatus on issues.
Can view and select from Assets when submitting and maintaining issues If enabled, then this user can view/select Asset on issues.
Can view and select from Issue Templates when submitting issues If enabled, then this user can view/select Issue Template on the Submit Issue screen.

 

Reporting Permissions

 
Permission Description
Can add, edit and run shared Saved Searches If enabled, then this user can mark their own Saved Searches as Shared, and edit Saved Searches created by other users marked Shared.  Note, that you may only view shared searches created by members of your own organization.
Can add, edit and run Report Writer Reports If enabled, then this user can view/use the Report Writer sub-menu option.
Can run built-in Summary Reports If enabled, then this user can view/use the Summary Reports sub-menu option

 

Email Permissions

 
Permission Description
Will receive an email notification on Escalation of ANY/ALL issues If enabled, then this user can be notified via email of every Escalation event.
Will receive an email notification on Submission of ANY/ALL unassigned issues If enabled, then this user can be notified via email of every Submission event in which an Assignment does not occur. If a manual assignment of an issue is made, then the user with this permission will not receive an email.
Will receive an email notification when Note Added to ANY/ALL issues If enabled, then this user can be notified via email of every Add Note event.