Supplier
Roles & Permissions
A role contains a set of permissions that allows you to perform specific actions on an organisations resources. To make permissions available to users, you assign roles to the users within the scope of a team.
Role Types
There are two types of roles in Zitcha:
- System Roles: Inclusive of a Basic, Power User and Admin roles that exist on instantiation of your organisation.
- Custom Roles: Provide granular access according to a user-specified list of permission sets.
To determine which permission sets are included in a system or custom role, you can use the following method:
- Navigate to Settings > Organisation > Roles
- Click the view icon to view the role information
- Locate the permissions under the Permission Sets
Role Components
Each role has the following components:
- Name: A human-readable name for the role. The role title is used to identify the role in the Users configuration.
- Description: A human-readable description of the role.
- Permission Sets: The permissions included in the role. Permissions allow users to perform specific actions on an organisations resources. When you grant a role to a user, the user gets all of the permissions in the role.
Permissions have the following format
resource.verb
For example, the plan.viewer permissions allows a user to view the plans they have within their team scope, and wallet.editor allows a user to manage all wallets within their team scope.
System Roles
Zitcha’s IAM provides additional predefined roles that give granular access to specific organisational resources. These roles are created and maintained by Zitcha. Zitcha automatically updates their permissions as necessary, such as when Zitcha adds new features or services.
Each predefined role contains the permissions that are needed to perform a task, or a group of related tasks.
You can grant multiple roles to the same user, at any level of the resource hierarchy. For example, the same user can have the Admin and Power User roles for any given team.
The following table summarises the permissions that the basic roles give users across all Zitcha services:
| Roles | Permission Sets |
|---|---|
| Admin | All Editor permissions, plus permissions for actions like the following: Completing sensitive tasks, like creating a new wallet Managing roles and permissions for an organisation and all resources within the organisation |
| Power User | All viewer permissions, plus permissions for actions that modify state, such as changing existing resources (i.e. creating a new ad set). |
| Basic | Permissions for read only actions that don’t impact state, such as viewing (but not modifying) an existing resource (i.e. plan) or data |
The following table lists all IAM predefined permission sets:
| Permission Sets | Permissions |
|---|---|
| User Inviter | supplier.invite, employee.invite, bulk.invite |
| User Manager | user.manager, supplier.invite, employee.invite, bulk.invite |
| Order Editor | orders.create, orders.view, orders.requestreview, orders.editpending, orders.editapproved |
| Order Manager | orders.create, orders.view, orders.requestreview, orders.editpending, orders.editapproved, orders.publish, orders.approve, orders.archive |
| Order Publisher | orders.create, orders.publish, orders.approve, orders.view, orders.archive |
| Order Creator | orders.create, orders.view, orders.editpending |
| Order Approver | orders.view, orders.approve, orders.requestreview, orders.editapproved |
| Order Viewer | orders.view |
| Order Analyst | orders.metrics.view |
| Channel Manager Facebook | channels.facebook.manage |
| Channel Manager Google | channels.google.manage |
| Channel Manager Web | channels.web.manage |
| Activation Manager | channels.facebook.manage, channels.google.manage, channels.web.manage |
| Report Reader | reports.view |
| Settings Manager | settings.supplier.manage, settings.organisation.manage |
| Package Manager | packages.view, packages.create, packages.edit |
| Wallet Manager | wallets.view, wallets.create, wallets.edit |
| Team Manager | teams.create, teams.view, teams.edit, teams.delete |
| Role Manger | roles.assigner, roles.edit, roles.create, roles.view |
| Plan Manager | plans.create, plans.propose, plans.approve, plans.view, plans.archive, plans.edit, plans.metrics.view, adsets.approve |
| Plan Editor | plans.view, plans.edit |
| Plan Creator | plans.create, plans.view, plans.edit |
| Plan Proposer | plans.propose, plans.view |
| Plan Approver | plans.view, plans.approve, plans.edit, adsets.approve |
| Plan Viewer | plans.view |
| Plan Analyst | plans.metrics.view |
| Discounts manager | discounts.create, discounts.view, discounts.edit, discounts.delete |
Creating Custom Roles
Roles are managed within the Zitcha platform. A user with the Role Manager permission will be able to view, create, update and delete users, roles and teams across the organisation, regardless of the scope of their team.
Before you begin: Check if the role already exists.
To create a new role:
- In the Zitcha platform, under the Settings > Organisation section, go to Roles
- Click Create new role.
- Enter a name and, optionally, a description for the role.
- From the Permission Sets list, click the pills to select each set of permissions that you want users with this role to have.
Learn about each permission - Review the permissions and click Create Role.
- Follow the steps to assign the custom role.
Editing Custom Roles
Before you begin: Check if the role already exists.
To edit an existing role:
- In the Zitcha platform, under the Settings > Organisation section, go to Roles
- Click the pen next to the custom role that you want to edit.
- Choose an action:
- To edit the name or description of the role, click into the field and make the changes.
- To edit the permission sets associated with the role, click Select Permission Sets and click the pills to select each set of permissions that you want users with this role to have.
- Click Save Changes.
Deleting Custom Roles
Requirements: To delete a custom role, you can't be assigned to the role or remove yourself. Contact another super administrator to remove you from the role. Then, follow the steps below to delete the role.
- In the Zitcha platform, under the Settings > Organisation section, go to Roles
- Click the pen next to the custom role that you want to delete.
- Click Delete Role.
Assigning Custom Roles
If you don’t want to give a user full access to the Zitcha platform, you can let them perform only a subset of administrative tasks. Do this by assigning a custom role. You can assign more than one role to a user against any given team.
You can set any role to apply across all of your organisational teams.
Before you begin
Step 1: Review any custom roles already used
You must have the Role Manager permission set for this task.
- In the Zitcha platform, under the Settings > Organisation section, go to Roles
- Click the view next to the custom role and see the assigned permission as pills under the Permission Sets.
Step 2: Decide on the type of role
Decide whether you want to:
- Assign a prebuilt system role or custom role for performing common tasks. Review the prebuilt system roles.
- Create and assign a custom role that has different access levels. If so, you need to create the role first. Go to Create a custom role.
A role must sit within the scope of a team for it to be assigned to a user. You can assign a role to a user at the same time as you assign a team by following either procedure for assigning users to a team or assigning roles and teams to a user.
Assigning Roles to an individual user
- In the Zitcha platform, under the Settings > Organisation section, go to Users
- Find the user in the list.
- Click the pen icon next to the user you’d like to assign to open their account configuration.
- Under Role, scroll and select from the custom and system roles in your organisation, click to add the role to the user.
- Under Team, scroll and select the team you would like your role to be scoped by.
- Repeat for each role you would like to assign to the user.
- Click Save Changes.
Assigning Roles and users to a team
- In the Zitcha platform, under the Settings > Organisation section, go to Teams.
- Create a new team or find the team in the list.
- Click the pen icon next to the team you’d like to assign users and roles to.
- Under User, scroll the user you would like to place in the team, click to add the user to the team.
- Under Role, scroll and select from the custom and system roles in your organisation.
- Repeat for each user you’d like to add to the team.
- Click Save Changes.