User Group Permissions Best Practices
Taking the time to set up user groups that fit your organization not only saves time when onboarding new team members but ensures the OWS experience is tailored to a team member's role, reducing the potential for costly mistakes.
Here are four examples of common roles that may exist for your organization; Tech Support, Operations/Management, Sales, and Billing/Finance. This article will show some recommendations for applying permissions to custom user groups that you can create based on the examples mentioned above.
Operations Manager and Tech Support Manager | Sales and Sales Design | Tech Support | Purchasing, Finance, or Accounting | Training Access Only
Operations Manager and Tech Support Manager
This role would be a sub-administrator of an account and would have many of the permissions of an admin with a few differences. This role within your organization would be the person who manages teams as well as adds new team members into OWS. This could be someone who would be responsible for day-to-day management but not account management.
- Channel Partner Permissions
- Manage Accounts
- Manage Unassigned Recorders
- System Design Tool
- All Alert permissions
- All Report permissions
- All Operations Permissions
- All Account Licenses Permissions
- View Subscription Billing Invoices
- Account Access
- Include All Accounts In This User Group
- Web Services Permissions
- Enable Administrative Access
Sales and Sales Design
The recommended Sales and Sales Design role has the permissions they need to get to the tools they need such as System Design Tool as well as access to features for training and demo purposes, but otherwise has minimal permissions selected.
- Channel Partner Permissions
- System Design Tool
- View Alerts
- View Reports
- Account Access
- This user would only need access to the demo account
- Web Services Permissions
- Enable Web Services Portal
- Client Access
- Enable Full Client Access
Tech Support
These recommended permissions would be for team members responsible for responding to customer problems. This role has been given access to the system design tool, as it can be used when troubleshooting problems a customer might be facing. They also have permission to view alerts, this permission along with ‘view reports’ are auto-selected and it’s considered best practice to give them to all team members. We would also give this role the ability to view subscription management for end users This would allow them to determine licensing without being able to make changes.
- Channel Partner Permissions
- System Design Tool
- View Alerts
- View Reports
- View Subscription Management
- Account Access
- Select Auto-Include
- Web Services Permissions
- Enable Web Services Portal
- User and User Group Management
- Enable User and User Group Administrator
- Manage Locations and Location Groups
- Enable Group Administrator
- Manage Devices
- Alerts
- Enable Alert Administrator
- Reports
- Enable Report Administrator
- Client Access
- Enable Full Client Access
-
- Allows Third Party Integration Access
- Configure Point of Sale Options
- Search Point of Sale Data
- Video Clips Permissions
- Export Video Locally
- Export Video to Web Services
- View and Download Any Video Clip
- View and Download Video Clips Added by User
- Share Video Clips
- Share With New Guest Accounts
Purchasing, Finance, or Accounting
This role would be for the person within your organization who is managing purchasing or accounts payable. There are some very specific permissions they would need to access tools such as Subscription Management, the Inventory Report and the Order and Shipping Report.
- Channel Partner Permissions
- View Alerts
- View Reports
- Order and Shipping Report
- Manage Subscription Management
- View Subscription Management
- View Subscription Billing Invoices
- Receive Subscription Billing Notifications
- Account Access
- Select Auto-Include
- Web Services Permissions
- No permissions selected
- Web Services Permissions
- Enable Web Services Portal
- Client Access
- Enable Full Client Access
- Video Export/Clips
- No permissions selected
Training Access Only User Group
If wanting to extend training access to specific users but no other features, you can can create a Channel Partner User Group for Training Access Only. This may be a dedicated group that needs access to partner tools like training, but not other features such as video.
Create a Training Access Only User Group:
- Click on Management > User Management > User Groups > Add New User Group.
- Enter a Name for the Group and a Description and click Create.
- Suggested Name: Training Access
- Description: Training Access only
- The Channel Partner Users menu shows the users in the group. We'd recommend adding users after the user group permissions are selected and saved.
- Under Channel Partner Permissions, uncheck all default settings, then enable System Design Tool and click Save.
- Under 2-Step Verification, take no action. Keep default settings so that no options are selected.
- Under Account Access, take no action. Keep default settings so that no options are selected.
- Under Web Services Permissions, take no action. Keep default settings so that no options are selected.
- Under Remote Client Permissions, uncheck all default settings except Allows users to connect to Web Services and locations using a web browser. under the Web Browser heading and click Save.
- Under Recorder Permissions, take no action. Keep default settings so that no options are selected.
- Under General Information, review the name and description. No need to add anything if they are correct.
Create and Add a New User to the Training Access User Group:
- Click on Management > User Management > Users > Add New User.
- Enter the name and email address of the user you wish to add.
- An invite will be sent to that email address allowing the user to choose a password and log in once they have accepted the invitation.
-
Select the Training Access User Group and click Add New User.
Training Access User Group Training Video
