Authenticated portal users are associated with a CRM Contact and must have the appropriate security role assigned.

If using a self-service portal, portal users must be assigned to Web Roles in order to gain permissions beyond unauthenticated users. For more information on portal security within this document, refer to the Web Roles section 64, or click here for Microsoft information

Overview of CRM Security Roles

Security roles are a combination of privileges and access levels for the various entities. They are grouped under different tabs based on their functionality. These groups include: Details, Core Records, Marketing, Sales, Service, Business Management, Service Management, Customization, Missing Entities, Business Process Flows and Custom Entities.

Privileges

Privileges define what action a user can perform in VeloCITY. Privileges can be modified but cannot be added or deleted. The default privileges for each entity are:

  • Create — Allows the user to add a new record
  • Read — Allows the user to view a record
  • Write — Allows the user to edit a record
  • Delete — Allows the user to delete a record
  • Append — Allows the user to attach other entities to, or associate other entities with a parent record
  • Append to — Allows the user to attach other entities to, or associate other entities with the record

Levels of Access

There are 5 levels of access for each Privilege and they are shown below them. The 5 levels of access are:

  • None — No privileges given
  • User — Privileges to the records owned by the user or shared with the user. Also includes the privileges owned by the team to which the user belongs.
  • Business Unit — Privileges for all records owned in the business unit to which the user belongs
  • Parent: Child Business Unit — Privileges for all records owned in the business unit to which the user belongs and to all the child business units subordinate to that business unit
  • Organization — Privileges for all records in the organization regardless of who owns it

There are 4 base security roles included with VeloCITY 365. Out of the box, users of the system MUST be assigned one, and only one of these base roles.

Base Role

Description

Can Read & Append activities to:

Can Create and Edit

Can Delete

Velocity 365
Agent

Suitable for call center agents or other customer service staff taking phone calls and creating service requests using the Agent Console.

Cases, subscribers, contacts, accounts, interaction (SR) types, tags, alerts & knowledge articles.

Cases, subscribers, contacts, accounts and activities. Can edit my own records and those that have been shared with me.

Nothing

Velocity 365 Back Office

Suitable for departmental users who action service requests and/or assign them for action by others.

Cases, subscribers, contacts, accounts, interaction (SR) types, tags, alerts & knowledge articles.

Cases, subscribers, contacts, accounts, and activities. Typically this role would have full permissions for service requests also.

Nothing

Velocity 365 Admin

Suitable for Configuration Managers who create and manage Interaction (SR) types and other administrative settings such as security.

Cases, subscribers, contacts, accounts, interaction (SR) types, tags, alerts & knowledge articles.

Cases, subscribers, contacts, accounts, interaction (SR) types, tags and alerts.

Cases, contacts, accounts, types, tags and alerts.
NOTE: Interaction Types can only be deleted by System Adminstrators

Velocity 365 Read Only

User with only READ permission to the velocity features. May be suitable for senior managers, elected officials, etc.

Cases, contacts, accounts, interaction (SR) types, tags, alerts & knowledge articles.

Nothing

Nothing

In order to provide more granular control over security, there are a number of additional permissions for specific features and functions which can also be granted to any of the roles above (Except the Road Only Role) based on your specific business requirements.

The additional permissions or “Add-on” roles are as follows:

Velocity 365 Add-On Role

Description

Can Read & Append activities to:

Can Create and Edit

Can Delete

Create SR Role

Suitable for someone who can submit new service requests and hence – new cases. 

NOTE: This is NOT a standard OOTB security role and must be managed separately. Interaction types are related to security roles when they are created and that determines which roles get which permissions. Often it is appropriate to give this role or roles to all of the base roles above (except the read only role). 

Service Requests

Service Requests

Nothing

Tag Author

Suitable for someone who can create Tags

Tags

Tags

Nothing

Tag Admin

Suitable for someone who can create AND delete Tags

Tags

Tags

Tags

Alert Author

Suitable for someone who can create Alerts

Alerts

Alerts

Nothing

Alert Admin

Suitable for someone who can create AND delete Alerts.

Alerts

Alerts

Alerts

Content Author

Suitable for someone who authors knowledge articles

Knowledge Articles

Knowledge Articles Note: Can only author, not approve or publish

Nothing

Content Approver

Suitable for someone who approves knowledge articles

Knowledge Articles

Knowledge Articles NOTE: Can approve/reject but not publish

Nothing

Velocity 365 Add-On Role

Description

Can Read append activities to:

Can Create and Edit

Can Delete

Content Publishing

Suitable for someone who publishes knowledge articles

Knowledge Articles

Knowledge Articles

Nothing

Content Admin

Suitable for someone who is a full content manager

Knowledge Articles

Knowledge Articles

Knowledge Articles

Work Order Read Only

Suitable for someone who needs read-only access to work orders (Requires work order solution)

Work Orders

Nothing

Nothing

Work Order Agent

Suitable for a Field Agent or Back Office user who needs to create and assign Work Orders

Work Orders

Work Orders within their own Business Unit

Nothing

Work Order Admin

Suitable for someone who can manage AND delete Work Orders

Work Orders

Work Orders

Work Orders

ESRI Read Only

Suitable for someone who needs read-only access to ESRI Map records

ESRI Map, Map Layers, Server, Settings and Service Areas

Nothing

Nothing

ESRI Author

Suitable for someone who creates and manages ESRI Map Records

ESRI Map, Map Laters, Server, Settings and Service Areas

ESRI Map, Map Laters, Server, Settings and Service Areas

Nothing

ESRI Admin

Suitable for someone who can manage AND delete ESRI Map Records.
NOTE: This role MUST be added to the Velocity Admin role in order to succesully create Interaction (SR) Types.

ESRI Map, Map Laters, Server, Settings and Service Areas

ESRI Map, Map Laters, Server, Settings and Service Areas

ESRI Map, Map Laters, Server, Settings and Service Areas

Velocity 365 Add-On Role

Description

Can Read append activities to:

Can Create and Edit

Can Delete

Cityworks Read Only

Suitable for someone who needs read-only access to Cityworks integration records

Cityworks integration log, integration mapping, integration status mapping and server

Nothing

Nothing

Cityworks Author

Suitable for someone who creates and manages Cityworks integration records

Cityworks integration log, integration mapping, integration status mapping and server

Cityworks integration log, integration mapping, integration status mapping and server

Nothing

Cityworks Admin

Suitable for someone who can manage AND delete Cityworks integration records

Cityworks integration log, integration mapping, integration status mapping and server

Cityworks integration log, integration mapping, integration status mapping and server

Cityworks integration log, integration mapping, integration status mapping and server

Portal Read Only

Suitable for someone who needs read only access to Portal Entities

Portal Entities

Nothing

Nothing

Portal Admin

Suitable for someone who can manage Portal Entities

NOTE: This role MUST be added to the Velocity Admin role in order to succesully create Interaction (SR) Types.

Portal Entities

Entity Form, Content Snippet, Entity Form Metadata, Entity Permission & Web file

Nothing

Assigning Security Roles

Every user must have a Security Role assigned

Assigning a Security Role to a user:

  1. Navigate to Advanced Settings -> Settings -> Security -> Users. The Users grid displays.
  2. Select the user. The User Form for the selected user displays.
  3. Click “Manage Roles” from the form navigation bar. The Manage User Roles dialogue displays.
  4. Select desired roles and click OK.

Assigning a Security Role to a team:

  1. Navigate to Advanced Settings -> Settings -> Security -> Teams. The Team grid displays.
  2. Select the team. The Team Details Form displays.
  3. Click “Manage Roles” from the form navigation bar. The Manage User Roles dialogue displays.
  4. Select desired roles and click OK.
  • Assigning a role to a team will automatically apply the same privileges to any user or queue within that team.
  • Assigning a role to a Business Unit’s default team will automatically apply to all users in that Business Unit.