/
Help Center
/ Supplier
/ Roles Permissions

roles-permissions - Articles Page

Supplier

Roles & Permissions

0 min read • Last updated 14 August 2024

This page describes Identity and Access Management (IAM) roles, which are collections of IAM permissions.


A role contains a set of permissions that allows you to perform specific actions on an organisations resources. To make permissions available to users, you assign roles to the users within the scope of a team.

Role Types

There are two types of roles in Zitcha:

  • System Roles: Inclusive of a Basic, Power User and Admin roles that exist on instantiation of your organisation.
  • Custom Roles: Provide granular access according to a user-specified list of permission sets.

To determine which permission sets are included in a system or custom role, you can use the following method:

  • Navigate to Settings > Organisation > Roles
  • Click the view icon to view the role information
  • Locate the permissions under the Permission Sets

Role Components

Each role has the following components:

  • Name: A human-readable name for the role. The role title is used to identify the role in the Users configuration.
  • Description: A human-readable description of the role.
  • Permission Sets: The permissions included in the role. Permissions allow users to perform specific actions on an organisations resources. When you grant a role to a user, the user gets all of the permissions in the role.

Permissions have the following format

resource.verb

For example, the plan.viewer permissions allows a user to view the plans they have within their team scope, and wallet.editor allows a user to manage all wallets within their team scope.

System Roles

Zitcha’s IAM provides additional predefined roles that give granular access to specific organisational resources. These roles are created and maintained by Zitcha. Zitcha automatically updates their permissions as necessary, such as when Zitcha adds new features or services.

Each predefined role contains the permissions that are needed to perform a task, or a group of related tasks.

You can grant multiple roles to the same user, at any level of the resource hierarchy. For example, the same user can have the Admin and Power User roles for any given team.

The following table summarises the permissions that the basic roles give users across all Zitcha services:

RolesPermission Sets
AdminAll Editor permissions, plus permissions for actions like the following: Completing sensitive tasks, like creating a new wallet Managing roles and permissions for an organisation and all resources within the organisation
Power UserAll viewer permissions, plus permissions for actions that modify state, such as changing existing resources (i.e. creating a new ad set).
BasicPermissions for read only actions that don’t impact state, such as viewing (but not modifying) an existing resource (i.e. plan) or data

The following table lists all IAM predefined permission sets:

Permission SetsPermissions
User Invitersupplier.invite, employee.invite, bulk.invite
User Manageruser.manager, supplier.invite, employee.invite, bulk.invite
Order Editororders.create, orders.view, orders.requestreview, orders.editpending, orders.editapproved
Order Managerorders.create, orders.view, orders.requestreview, orders.editpending, orders.editapproved, orders.publish, orders.approve, orders.archive
Order Publisherorders.create, orders.publish, orders.approve, orders.view, orders.archive
Order Creatororders.create, orders.view, orders.editpending
Order Approverorders.view, orders.approve, orders.requestreview, orders.editapproved
Order Viewerorders.view
Order Analystorders.metrics.view
Channel Manager Facebookchannels.facebook.manage
Channel Manager Googlechannels.google.manage
Channel Manager Webchannels.web.manage
Activation Managerchannels.facebook.manage, channels.google.manage, channels.web.manage
Report Readerreports.view
Settings Managersettings.supplier.manage, settings.organisation.manage
Package Managerpackages.view, packages.create, packages.edit
Wallet Managerwallets.view, wallets.create, wallets.edit
Team Managerteams.create, teams.view, teams.edit, teams.delete
Role Mangerroles.assigner, roles.edit, roles.create, roles.view
Plan Managerplans.create, plans.propose, plans.approve, plans.view, plans.archive, plans.edit, plans.metrics.view, adsets.approve
Plan Editorplans.view, plans.edit
Plan Creatorplans.create, plans.view, plans.edit
Plan Proposerplans.propose, plans.view
Plan Approverplans.view, plans.approve, plans.edit, adsets.approve
Plan Viewerplans.view
Plan Analystplans.metrics.view
Discounts managerdiscounts.create, discounts.view, discounts.edit, discounts.delete

Creating Custom Roles

Roles are managed within the Zitcha platform. A user with the Role Manager permission will be able to view, create, update and delete users, roles and teams across the organisation, regardless of the scope of their team.

Before you begin: Check if the role already exists.

To create a new role:

  1. In the Zitcha platform, under the Settings > Organisation section, go to Roles
  2. Click Create new role.
  3. Enter a name and, optionally, a description for the role.
  4. From the Permission Sets list, click the pills to select each set of permissions that you want users with this role to have.
    Learn about each permission
  5. Review the permissions and click Create Role.
  6. Follow the steps to assign the custom role.

Editing Custom Roles

Before you begin: Check if the role already exists.

To edit an existing role:

  1. In the Zitcha platform, under the Settings > Organisation section, go to Roles
  2. Click the pen next to the custom role that you want to edit.
  3. Choose an action:
    • To edit the name or description of the role, click into the field and make the changes.
    • To edit the permission sets associated with the role, click Select Permission Sets and click the pills to select each set of permissions that you want users with this role to have.
  4. Click Save Changes.

Deleting Custom Roles

Requirements: To delete a custom role, you can't be assigned to the role or remove yourself. Contact another super administrator to remove you from the role. Then, follow the steps below to delete the role.

  1. In the Zitcha platform, under the Settings > Organisation section, go to Roles
  2. Click the pen next to the custom role that you want to delete.
  3. Click Delete Role.

Assigning Custom Roles

If you don’t want to give a user full access to the Zitcha platform, you can let them perform only a subset of administrative tasks. Do this by assigning a custom role. You can assign more than one role to a user against any given team.

You can set any role to apply across all of your organisational teams.

Before you begin

Step 1: Review any custom roles already used
You must have the Role Manager permission set for this task.

  1. In the Zitcha platform, under the Settings > Organisation section, go to Roles
  2. Click the view next to the custom role and see the assigned permission as pills under the Permission Sets.

Step 2: Decide on the type of role

Decide whether you want to:

  • Assign a prebuilt system role or custom role for performing common tasks. Review the prebuilt system roles.
  • Create and assign a custom role that has different access levels. If so, you need to create the role first. Go to Create a custom role.

A role must sit within the scope of a team for it to be assigned to a user. You can assign a role to a user at the same time as you assign a team by following either procedure for assigning users to a team or assigning roles and teams to a user.

Assigning Roles to an individual user

  1. In the Zitcha platform, under the Settings > Organisation section, go to Users
  2. Find the user in the list.
  3. Click the pen icon next to the user you’d like to assign to open their account configuration.
  4. Under Role, scroll and select from the custom and system roles in your organisation, click to add the role to the user.
  5. Under Team, scroll and select the team you would like your role to be scoped by.
  6. Repeat for each role you would like to assign to the user.
  7. Click Save Changes.

Assigning Roles and users to a team

  1. In the Zitcha platform, under the Settings > Organisation section, go to Teams.
  2. Create a new team or find the team in the list.
  3. Click the pen icon next to the team you’d like to assign users and roles to.
  4. Under User, scroll the user you would like to place in the team, click to add the user to the team.
  5. Under Role, scroll and select from the custom and system roles in your organisation.
  6. Repeat for each user you’d like to add to the team.
  7. Click Save Changes.
Give us feedback
Was this article useful?