Roles & Permissions
Define and manage roles in Zitcha to control which permissions users have across teams and resources. Define and manage roles in Zitcha to control which permissions users have across teams and resources.
Roles in Zitcha define what actions a user can take on your organisation’s resources. A role is a collection of permission sets, and each permission set allows specific actions. To make these permissions available, you assign roles to users within the scope of a team.
Role Types
Zitcha supports two types of roles:
System Roles
- Predefined roles that exist when your organisation is created.
- Include Basic, Power User, and Admin.
- Maintained and updated by Zitcha automatically.
Custom Roles
- Created by you to provide granular access.
- Built from a user-specified list of permission sets.
- Fully configurable to fit your organisation’s access needs.
Role Components
Each role has three components:
- Name – a human-readable title for the role, used to identify it in Users configuration.
- Description – a human-readable description of the role.
- Permission Sets – the specific permissions included in the role.
Permissions use the format:
Examples:
plan.viewerlets a user view plans in their team scope.wallet.editorlets a user manage wallets in their team scope.
System Roles
Zitcha’s predefined system roles give granular access to core resources. Permissions are updated automatically as new features are released. You can assign multiple roles to the same user across different teams.
Role summary:
| Role | Permissions |
|---|---|
| Admin | All editor permissions, plus sensitive actions like creating wallets and managing roles/permissions across the organisation. |
| Power User | All viewer permissions, plus actions that modify state (e.g. creating or editing ad sets). |
| Basic | Read-only actions, such as viewing existing resources (e.g. plans, data). |
Predefined Permission Sets
Here are the main permission sets you can use in roles:
| Permission Set | Permissions |
|---|---|
| User Inviter | supplier.invite, employee.invite, bulk.invite |
| User Manager | user.manager, supplier.invite, employee.invite, bulk.invite |
| Order Editor | orders.create, orders.view, orders.requestreview, orders.editpending, orders.editapproved |
| Order Manager | All Order Editor permissions + orders.publish, orders.approve, orders.archive |
| Order Publisher | orders.create, orders.publish, orders.approve, orders.view, orders.archive |
| Order Creator | orders.create, orders.view, orders.editpending |
| Order Approver | orders.view, orders.approve, orders.requestreview, orders.editapproved |
| Order Viewer | orders.view |
| Order Analyst | orders.metrics.view |
| Channel Manager Facebook | channels.facebook.manage |
| Channel Manager Google | channels.google.manage |
| Channel Manager Web | channels.web.manage |
| Activation Manager | channels.facebook.manage, channels.google.manage, channels.web.manage |
| Report Reader | reports.view |
| Settings Manager | settings.supplier.manage, settings.organisation.manage |
| Package Manager | packages.view, packages.create, packages.edit |
| Wallet Manager | wallets.view, wallets.create, wallets.edit |
| Team Manager | teams.create, teams.view, teams.edit, teams.delete |
| Role Manager | roles.assigner, roles.edit, roles.create, roles.view |
| Plan Manager | plans.create, plans.propose, plans.approve, plans.view, plans.archive, plans.edit, plans.metrics.view, adsets.approve |
| Plan Editor | plans.view, plans.edit |
| Plan Creator | plans.create, plans.view, plans.edit |
| Plan Proposer | plans.propose, plans.view |
| Plan Approver | plans.view, plans.approve, plans.edit, adsets.approve |
| Plan Viewer | plans.view |
| Plan Analyst | plans.metrics.view |
| Discounts Manager | discounts.create, discounts.view, discounts.edit, discounts.delete |
Creating Custom Roles
Before you begin: check if the role already exists.
- Go to Settings > Organisation > Roles.
- Click Create new role.
- Enter a Name and (optional) Description.
- From the Permission Sets list, click the pills to select the permissions you want included.
- Review the permissions.
- Click Create Role.
- Assign the custom role to users as needed.
Editing Custom Roles
- Go to Settings > Organisation > Roles.
- Click the pen icon next to the custom role you want to edit.
- Choose an action:
- To edit the name or description, click into the field and update it.
- To edit permissions, click Select Permission Sets and update the pills.
- Click Save Changes.
Deleting Custom Roles
Requirement: You cannot delete a role you are currently assigned to. Ask another administrator to remove you first.
- Go to Settings > Organisation > Roles.
- Click the pen icon next to the custom role.
- Click Delete Role.
Assigning Custom Roles
You can assign one or multiple roles to users. Roles always sit within the scope of a team.
Assign a Role to a User
- Go to Settings > Organisation > Users.
- Find the user in the list.
- Click the pen icon next to their name.
- Under Role, select from the available system or custom roles.
- Under Team, choose the team the role should apply to.
- Repeat for each role you want to assign.
- Click Save Changes.
Assign Roles and Users to a Team
- Go to Settings > Organisation > Teams.
- Create a new team or select an existing team.
- Click the pen icon next to the team.
- Under User, select the users to add.
- Under Role, select the roles you want applied to that team.
- Click Save Changes.
Summary
- Roles are collections of permissions that define what a user can do.
- System Roles (Admin, Power User, Basic) are predefined by Zitcha.
- Custom Roles let you define access exactly as your organisation needs.
- Roles must always be scoped to a team.
- You can assign multiple roles to the same user for maximum flexibility.
Updated 2 months ago