New Feature: User Roles
Overview
We've overhauled and simplified our user access system while giving you the flexibility to have things set just as you need them.
Now, rather than needing to set individual combinations of access each time you create a new user account, all you have to do is pick the role they're in. Each role has a number of access options configured for it which determines what users can see and do in Enate.
Watch this video to find out more:
Along with this, we've also added a much more detailed breakout for what access levels are available, allowing you to configure roles and access to precisely match your business requirements.
We've created a number of standard pre-configured roles available that give your users various levels of access to Work Manager and Builder.
If a standard role doesn't quite fit the bill, you can create custom roles that allow you to fine-tune levels of access to give users the exact combination of access levels they need.
Custom roles might be particularly useful in the following circumstances:
In Work Manager: You may wish to create a custom role for your more senior team members which falls part-way between the standard 'Team Leader' and 'Team Member' roles, giving them access to some Team Leader-like features without needing to have them fulfil that role entirely.
In Builder: Custom roles can be very useful in larger organizations where you might want to delegate e.g. user management or localized Case/Ticket maintenance access in Builder to more local resources, while keeping shared configuration activities for master data to a more select few people.
In line with this, we are also displaying role and access information when you click on someone in your team in Work Manager. You will see their profile picture, the title of their role, its description (if one has been added), as well as a list showing which features that the user has access to. Please note that this is a read-only display and will mean that Team Leaders will no longer have direct access to the four previously shown feature access options. However, access to the more comprehensive User Management section in Builder by speaking with your admin.
How to assign a role to an user
(Note that as part of upgrading, all users will be assigned and operations role, and some users also assigned a Builder role).
You can assign the relevant roles to a user in the Service Agents section of Builder by:
Clicking to edit a user and then selecting the relevant roles from their access tab OR
Clicking on the user's role directly from the grid of user accounts, on the 'Operational Role' or 'Builder Role' column. This will then bring up the user's access tab:
Users can be given two roles: they must have an Operational role which grants them access to the relevant features in Work Manager and, if they need to access Enate Builder, they can be given a Builder role too. This Builder Role will give them access to build and maintain the data which underpins your business processes in Enate. The majority of your user base will likely be assigned with just an operational role, but your administrators, business analysts and some operational super users will also be assigned a Builder role. If you do not assign a Builder role to a user, they will not be able to access the Builder app.
One thing that is important to note is that a user is not able to edit the access levels of the role they have been assigned, nor are they able to assign themselves a new role. This must be done by another user.
What happens if I change a user's role while they are logged into the system?
If you change a user's role while they are logged into the system, the user will be automatically logged out with a warning message stating that their user session has ended. When the user logs back into the Enate system, they will be able to see and access the features that have been enabled for the new role they have been assigned.
If you edit the details a user's role while they are logged into the system, they will not be automatically logged out of the system, but they will not be able to use or see the changes to their role until they have logged out and logged back into the system.
How to view, create and maintain user roles
You can view, create and maintain your user roles in the new User Roles section of Builder - click on User Management and then select User Roles from the dropdown.
Here you will see the standard roles available in the system, as well as any custom roles you have and this is where you can create and maintain your custom roles.
Clicking on a user role will bring up the details for that role, including its name, description and access to which features are enabled for it.
Note that you will not be able to edit the name, description or feature access for standard roles.
Standard Roles
Enate provides some standard pre-configured roles to give your users access to the various Work Manager and Builder features that they need, which already have a variety of feature access options enabled. The feature access options for these standard roles cannot be edited.
Work Manager Standard Roles
There are two standard operational roles:
Team Member - this is for Agent users who process Tickets, Actions & Cases
Team Leader - this is for senior members who manage a Team and set Queues they oversee
The table below shows access to which features are enabled for team member and team leader roles
| Area | Feature Access Name | Team Member | Team Leader |
|---|---|---|---|
Work Item Creation | Can Create Individual Work Items | Yes | Yes |
Can Bulk Create Work Items | No | Yes | |
Work Item Assignment | Can Assign to Anyone | No | Yes |
Can Assign to Themselves | Yes | Yes | |
Can Unassign | No | Yes | |
Work Item Options | Can Override Due Date | Yes | Yes |
Can Split Tickets | Yes | Yes | |
Can Merge Tickets | Yes | Yes | |
Can Convert to Case | Yes | Yes | |
Can Edit Defects Logged by Others | Yes | Yes | |
Can Edit Time Tracker Entries Logged by Others | No | Yes | |
Can Access Custom Data in Peer Review Actions | Yes | Yes | |
Can Delete Email Attachments | No | No | |
Queues & Team Members | Can View Queues & Team Members | Yes | Yes |
Can Work on Items Outside their Queues | Yes | Yes | |
Can Set Up Team & Queues | No | Yes | |
Email View Options | Can Access Email Inbox, Sent Items & Outbox | Yes | Yes |
Can Access Unprocessed Emails | Yes | Yes | |
Can View Blocked Email Addresses | Yes | Yes | |
Can Edit Blocked Email Addresses | No | Yes | |
Contacts | Can Access Contacts Page | No | No |
Advanced Search | Can Access Advanced Search Page | Yes | Yes |
Can Export Advanced Search views to Excel | No | No | |
Reports | Can Access Reports | Yes | Yes |
Can Create Custom Reports | No | Yes |
Builder Standard Roles
There are three standard Builder roles:
Local Builder - this provides more limited access to configure Ticket & Case processes
Master Builder - this provides users with access to create shareable master data, configure processes and set live
System Administrator - this provides full access to all configuration features in Builder, including integrations
The table below shows access to which features are enabled for the standard Builder roles:
| Area | Access | Local Builder | Master Builder | System Admin |
|---|---|---|---|---|
Edit Business Entities | Companies | Yes | Yes | Yes |
Contracts | Yes | Yes | Yes | |
Service Lines | No | Yes | Yes | |
Services | Yes | Yes | Yes | |
Edit Processes | Cases | Yes | Yes | Yes |
Tickets | Yes | Yes | Yes | |
Edit Shared Process Data | Action General Settings | No | Yes | Yes |
Action Types | No | Yes | Yes | |
Allocation Settings | No | Yes | Yes | |
Case Types | No | Yes | Yes | |
Due Date Settings | No | Yes | Yes | |
Ticket Categories | No | Yes | Yes | |
Ticket Types | No | Yes | Yes | |
Edit Queues | Queues | Yes | Yes | Yes |
Set Tickets & Cases Live | Set Tickets & Cases Live | No | Yes | Yes |
Edit Scheduling | Fixed Frequency Schedules | Yes | Yes | Yes |
Schedules | Yes | Yes | Yes | |
Schedule Structures | No | Yes | Yes | |
Edit Calendars | Calendars | Yes | Yes | Yes |
Edit Custom Cards & Data | Custom Cards & Data | Yes | Yes | Yes |
Access User Management | Robot Farms | No | No | Yes |
User Roles | No | No | Yes | |
User Groups | No | No | Yes | |
Users (Service Agents & Self Service Users) | No | No | Yes | |
Edit Mailbox Settings | Email Routes | Yes | Yes | Yes |
Email Connectors | No | Yes | Yes | |
Edit Email Content | Canned Responses | No | Yes | Yes |
Email Templates | No | Yes | Yes | |
System Settings | System Settings | No | No | Yes |
Edit Integrations | Marketplace Configurations | No | No | Yes |
Edit Localizations | Localizations | Yes | Yes | Yes |
Delete Items | Delete Items | Yes | Yes | Yes |
Custom Roles
If the standard roles don't quite match your organization's needs, you can create custom roles and customize the levels of access within the role.
You create and maintain custom roles from the User Roles section of Enate Builder.
To create a custom role for Work Manager, click the '+ Create New Custom Role' option in the Operational Roles tab, and to create a custom role for Builder, click the '+ Create New Custom Role' option in the Builder Roles tab.
You can create a brand new custom role in two ways:
Option 1 - From scratch, starting from a blank role where you will need to populate all your desired role data
Option 2 - By cloning an existing role (standard or custom) and adjusting the data accordingly. This option is useful if you only want to make a slight adjustments to an already existing role.
Whether creating from new or cloning from existing, proceed by giving your new custom role a name, description and then select what features you want the role to access. Once you have created your role be sure to save it before exiting the page.
Access Options Available
There are a large number of access options available to choose from when you are defining a role's access to the various features in Enate. The full list of operational access options are listed below.
Note that if access to a feature has not been given, the option/button for that feature will be hidden.
Work Manager Access Options
| Area | Access | Detail |
|---|---|---|
Work Item Creation | Create Individual Work Items | This gives the user access to the following features:
Note that users can still use the merge item feature and they can still create links between existing work items. |
Bulk Create Work Items | This gives the user access to use the bulk create feature. Note that the 'Create Individual Work Items' option must be enabled for this 'Bulk Create Work Items' option to be enabled. | |
Work Item Assignment | Assign to Anyone | This gives a user access to assign or reassign a work item to someone else in their team, either from the homepage or from within the work item itself. |
Assign to Themselves | This gives a user access to assign or reassign a work item to themselves, either from the homepage or from within the work item itself, or from Quickfind. | |
Unassign | This gives a user access to unassign a work item, either from the homepage or from within the work item itself. | |
Work Item Options | Override Due Dates | This gives a user access to override the due date of a work item from within the work item screen by clicking on the due date in the header and changing the date in the resulting pop-up (if the work item has been set up in Builder to allow the due date to be overridden). |
Split Tickets | This gives a user access to use the split Tickets feature. Note that the 'Create Individual Work Items' option must be enabled for this 'Split Tickets' option to be enabled. | |
Merge Tickets | This gives a user access to use the merge work items feature. | |
Convert to Case | This gives a user access to use the converting a Ticket to a Case feature. Note that the 'Create Individual Work Items' option must be enabled for this 'Convert to Case' option to be enabled. | |
Edit Defects Logged by Other | This gives a user access to edit, mark as resolved and delete defects that have been logged by other people. Note that even without this access option, users are still able to add a new defect and edit, mark as resolved and delete defects that were added by themselves. | |
Edit Time Tracker Entries Logged by Other | This gives a user access to edit the time entries in the time tracker card that have been logged by other people. Note that a user will always be able to modify their own time entries regardless of this access option. | |
Access Custom Data in Peer Review Actions | This gives a user access to edit custom card data in a Peer Review Action. Note that even without this permission, users are still able to view custom card data and to choose if the review was a Pass, Fail or was Unable to be completed. | |
Delete Email Attachments | This gives a user access to delete an email attachment from the files tab section of a work item. | |
Queues & Team Members | View Queues & Team Members | This gives a user access to view their Queues and Team Members in the Team Bar, as well as access to view their team's work or owned work via the 'Team Work Inbox' and 'Team Owned Work' filters on the homepage grid. |
Work on Items Outside Their Queues | This gives a user access to work on items assigned to any Queue (permissions permitting), as opposed to only being able to work on items which are specifically assigned to Queues that they are a part of. Note that users will still be able to work on items that are not assigned to a Queue. Additionally, if this option is switched off users can continue to work on items which were already assigned to them that are not in their Queues. These items can be unassigned from the user manually. | |
Setup Team & Queues | This gives a user access to the team and Queues setup features via the 'Queues' page from the nav menu. | |
Email View Options | Access Email Inbox, Sent Items & Outbox | This gives a user access to the Email Inbox, Sent Items and Outbox features, available from the nav menu. |
Access Unprocessed Emails | This gives a user access to the Unprocessed Emails feature, where users can review the unprocessed emails that have arrived into the system and decide how to deal with them (i.e. creating a work item from the email or deleting the email). Note that if the 'Create Individual Work Items' access option setting is not enabled, users will not be able to create a work item from an unprocessed email, they will only be able to delete them. | |
View Blocked Emails Page | This gives a user access to view the blocked emails page and therefore access to view information for emails that have been blocked. Note that this access option does not give users the ability to edit blocked emails information - they will need the 'Edit Blocked Email Address Entries' access option to be switched on as well. | |
Edit Blocked Email Address Entries | This gives a user access to edit the information for emails that have been blocked in the blocked emails page. Note that the 'View Blocked Emails Page' access option must be enabled in order for the 'Edit Blocked Email Address Entries' access option to be enabled. | |
Contacts | Access Contacts Page | This gives a user access to the Contacts page where they can view and manage external contacts, available from the 'Contacts' option in the nav menu. |
Advanced Search | Access Advanced Search | This gives a user access to the Advanced Search feature where they can create search views of work item data in their business area. |
Export Advanced Search Views into Excel | This gives a user access to the Export to Excel feature in the Advanced Search page that allows users to export their Advanced Search views into Excel. Note that the 'Access Advanced Search' option must be enabled in order to enable the 'Export to Excel' option. | |
Reports | Access Reports | This gives a user access to the Reports feature, available from the nav menu, where they can view and edit reports to visualize desired data. Note that in order to enable this option, you must select at least one report the users in the role will be able to access from the resulting Report List option. |
Create Custom Report | This gives a user access to the advanced features on the Reports page - they can create brand new visuals and delete existing visuals. Note that the 'Access Reports' option must be enabled in order to enable the 'Create Custom Reports' option. | |
Report List | Choose which reports the role will be able to access | This allows you to choose which standard report(s) you want the users in the role to be able to access. You must select at least one. Note that the Report List will not appear as an option until the 'Access Reports' option has been enabled. |
Builder Access Options
The full list of Builder access options are listed below.
Note Builder access options provide access to edit the relevant information. You will always be able to view the information if you have Builder access, but will need specific feature access to be able to edit. The only exception to this rule is that access to even view information about users - service agents, robots and self service users - is dependent on having that feature access enabled. If you do not, the User Management area will be hidden from view.
Additionally, all users (who are not robots) who have access to Builder are able to access and edit Application Credentials, found under User Management.
| Area | Access | Detail |
|---|---|---|
Edit Business Entities | Customers | This option gives users access to create & edit customer information in the service matrix screen. |
Contracts | This option gives users access to create & edit contract information in the service matrix screen. | |
Service Lines | This option gives users access to add and to edit service lines from the service lines screen. Note that Ticket Category details for a service line can still be edited by users without the 'Service Lines' access option if the 'Ticket Categories' access option is enabled for them. | |
Services | This option gives users access to create & edit service information in the service matrix screen. | |
Edit Processes | Cases | This option gives users access to create and edit Case processes. With this access option, users can:
Note that this access option does not allow users to:
|
Tickets | This option gives users access to create and edit Ticket processes. and With this access option, users can:
Note that this access option does not allow users to:
| |
Edit Shared Process Data | Action General Settings | This option gives users access to create and edit Action General Settings in Case processes. Note that the 'Edit Cases' access option under Edit Processes must be enabled in order for a user to edit Action general settings. |
Action Types | This option gives users access to create and edit Action types from either the service line screen or from within a Case process. | |
Allocation Settings | This option gives users access to create and edit allocation settings for processes, regardless of their access to edit Cases or Tickets. Note that either the 'Edit Cases' or 'Edit Tickets' access options under Edit Processes must be enabled in order for a user to edit allocation settings. | |
Case Types | This option gives users access to create and edit Case types from either the service matrix screen or from the service line screen. | |
Due Date Settings | This option gives users access to create and edit due date settings for processes, regardless of their access to edit Cases or Tickets. Note that the 'Edit Cases' or 'Edit Tickets' access options under Edit Processes must be enabled in order for a user to edit due date settings. | |
Ticket Categories | This option gives users access to create and edit Ticket categories, either from the service line screen or from within a Ticket process itself. | |
Ticket Types | This option gives users access to create and edit Ticket types from either the service matrix screen or from the service line screen. | |
Edit Queues | Queues | This option gives users access to create and edit Queues, either from the process allocation settings or from the Queues section in System Settings. |
Set Tickets & Cases Live | Set Tickets & Cases Live | |
Edit Scheduling | Triggers | This option gives users access to create and edit triggers - these allow you to drive Case creation based on a repeating frequency to trigger automatic creation. |
Schedules | This option gives users access to create and edit schedules. | |
Schedule Structures | This option gives users access to create and edit schedule structures - . | |
Edit Calendars | Calendars | This option gives users access to create and edit working calendars - working calendars are linked to contracts and are used in day to day processing of work items to help determine precise due dates. |
Edit Custom Cards & Data | Custom Cards & Custom Data | This option gives users access to create and edit custom data and custom cards. |
Edit User Mngmt | Robot Farms | This option gives users access to create and edit robot farms, accessible when creating or editing a robot user account. Note that the 'Users (Service Agents, Robots & Self Service Users)' access option must be enabled in order for a user to edit robot farm data. |
User Roles | This option gives users access to create and edit user roles. Note that a user with this access option will not be able to edit their own user role. | |
User Groups | This option gives users access to create and edit user groups. | |
Access & Edit Users (Service Agents, Robots & Self Service Users) | This option gives users access to view, create and edit service agents, robots and Self Service users. | |
Edit Mailbox Settings | Email Routes | This option gives users access to create and edit email routes. |
Email Connectors | This option gives users access to create and edit email connectors, as well as access to view, create and edit an Office 365 integration where you can sync Enate to Office 365 email boxes, available in the System Settings page. Note that without this 'Edit Connectors' access option, the Office 365 Integration will be hidden in the System Settings page. | |
Edit Email Content | Canned Responses | This option gives users access to create and edit canned responses. |
Email Templates | This option gives users access to create and edit email templates. | |
Edit System Settings | System Settings | This option gives users access to create and edit system settings. These are the settings that take effect across the entire system and includes general settings, defect parties, file tags, suppliers, contact tags, password policy and SSO settings. Note that users will not be able to create and edit Queues from here unless the 'Queues' access option has also been enabled. Additionally, note that the Office 365 integration, where you can sync Enate to Office 365 email boxes, will be hidden unless the 'Edit Connectors' access option is enabled. |
Edit Integrations | Marketplace Configurations | This option gives users access to create and edit app integration configurations in Enate Marketplace. |
Edit Localizations | Localizations | This option gives users access to create and edit localizations. |
Delete Items | Delete Items | This option gives users access to delete objects that they have edit permissions for. Note that you cannot enable the Delete option without having enabled one of the edit options first for Builder Roles. |
Migrating Existing Enate Users into User Roles
When upgrading to version 2023.3 or above of Enate, users will be migrated into user roles based on the following logic:
If a user's access level matches the same access levels set for standard roles (see above), then their user account will be automatically assigned to one of Enate's standard roles as part of migration.
If a user's access level does not match one of the standard roles, they will be migrated to a new custom role, with access level options set to exactly match the user's existing access levels. The new custom role will be named 'Custom Role ' followed by a number signifying how many custom roles the system has had to create during migration, so a full name could be 'Custom Role 1', 'Custom Role 2' and so forth. These automatically created custom roles are fully editable, so their name, description and access level options can be modified after upgrade.
Work Manager Roles - Migration Logic
The lists below show the configurations of the various pre-2023.3 user access settings for Work Manager users that would lead to their account being migrated to one of the two standard Work Manager roles - Team Leader or Team Member.
User Access profile which results in a user migrating to Team Leader standard role:
| Setting Name | Setting Access | Setting Location |
|---|---|---|
Team Leader | Yes | Setting found in the pre-2023.3 Access tab in the Service Agents page in Builder |
Allow Email Attachment Deletion | No | Setting found in the pre-2023.3 System Settings page under General Settings |
Restrict Defect Modification | No | Setting found in the pre-2023.3 System Settings page under General Settings |
Restricted Access to Peer Reviewer on Action Item | No | Setting found in the pre-2023.3 System Settings page under General Settings |
User Access profile which results in a user migrating to Team Member standard role:
| Setting Name | Setting Access | Setting Location |
|---|---|---|
Team Leader | No | Setting found in the pre-2023.3 Access tab in the Service Agents page in Builder |
Can see Peers & Queues | Yes | Setting found in the pre-2023.3 Access tab in the Service Agents page in Builder |
Can Assign | No | Setting found in the pre-2023.3 Access tab in the Service Agents page in Builder |
Can Create | Yes | Setting found in the pre-2023.3 Access tab in the Service Agents page in Builder |
Can Only Work on Items in Their Queues | No | Setting found in pre-2023.3 versions by viewing a team member's profile as a Team Leader in Work Manager |
Allow Email Attachment Deletion | No | Setting found in the pre-2023.3 System Settings page under General Settings |
Restrict Defect Modification | No | Setting found in the pre-2023.3 System Settings page under General Settings |
Restricted Access to Peer Reviewer on Action Item | No | Setting found in the pre-2023.3 System Settings page under General Settings |
Work Manager Roles - Continuity of Feature Access after Upgrading
Users with any combination of feature access other than the above in Work Manager will be migrated to a custom operational role.
Please note that as part of migration, Work Manager users will have their existing feature access maintained. The single with exception to this is that access to the ‘Contacts’ page in Work Manager for Contact record maintenance will not be given by default (see note below).
Post upgrade, users will NOT have access to the Contacts page by default. If you wish users to have access to this page, an adjusted version of their current role would have to be created manually, ticking the ‘Contacts’ option. This would be required for all roles you wish to have access to this page.
Builder Roles - Migration Logic
The lists below show the configurations of the various pre 2023.3 settings for Builder users that will lead to users being migrated to a standard Builder role - Local Builder, Master Builder or System Administrator.
User Access profile which results in a user migrating to Local Builder standard role:
| Setting Name | Setting Access | Setting Location |
|---|---|---|
Can Access Builder | Yes | Setting found in the pre-2023.3 Access tab in the Service Agents page in Builder |
Can Access User Management | No | Setting found in the pre-2023.3 Access tab in the Service Agents page in Builder |
Can Edit Shared Configuration | No | Setting found in the pre-2023.3 Access tab in the Service Agents page in Builder |
Can Set Live | No | Setting found in the pre-2023.3 Access tab in the Service Agents page in Builder |
User Access profile which results in a user migrating to Master Builder standard role:
| Setting Name | Setting Access | Setting Location |
|---|---|---|
Can Access Builder | Yes | Setting found in the pre-2023.3 Access tab in the Service Agents page in Builder |
Can Access User Management | No | Setting found in the pre-2023.3 Access tab in the Service Agents page in Builder |
Can Edit Shared Configuration | Yes | Setting found in the pre-2023.3 Access tab in the Service Agents page in Builder |
Can Set Live | Yes | Setting found in the pre-2023.3 Access tab in the Service Agents page in Builder |
User Access profile which results in a user migrating to System Administrator standard role:
| Setting Name | Setting Access | Setting Location |
|---|---|---|
Can Access Builder | Yes | Setting found in the pre-2023.3 Access tab in the Service Agents page in Builder |
Can Access User Management | Yes | Setting found in the pre-2023.3 Access tab in the Service Agents page in Builder |
Can Edit Shared Configuration | Yes | Setting found in the pre-2023.3 Access tab in the Service Agents page in Builder |
Can Set Live | Yes | Setting found in the pre-2023.3 Access tab in the Service Agents page in Builder |
Builder Roles - Continuity of Feature Access after Upgrading
Users with any combination of feature access other than the above in Builder will be migrated to a custom Builder role.
Please note that as part of migration, Builder users will have their existing feature access maintained.
Migrating Application Credentials into User Roles
If you are upgrading from version of Enate that is earlier than 2023.3 and have Application Credentials that are active, Enate will automatically migrate these credentials into Enate standard roles - a Team Leader role and a System Administrator role.
Last updated
