For example, you can create a role called "Customer Support" that grants users permission to only view campaigns in a single application.
A role is defined by a set of permissions for your Talon.One applications and contains a collection of your users with access to your Talon.One account. Roles must be created by an account administrator and should be configured when setting up your account, a new application or when inviting new users.
In this article we will cover the following:
Roles are a way to organize and define access levels for your users in Talon.One. We recommended that you create roles to limit access for certain users as a security precaution and for organizational purposes.
If you set user permissions before the roles feature was available, the original permissions will still apply. We strongly encourage you to migrate your users to roles to ensure optimal usage of your account.
If you plan to invite new users to your account, you must create a role and add them. The default setting is "no access", so users will have no permissions with no access to applications, campaigns, coupons, etc. until they are assigned to a role or granted admin access.
You can create several different roles tailored to your business requirements, here are some examples of role types:
- Customer Support: agent who creates/edits coupons in a single application
- Growth Team Admin: a team lead with full access to all application and developer section
- Campaign Manager: a junior who can create campaigns but not activate/launch them
- UK Marketing: access to application for country-market, can create/activate campaigns
- Retail Campaign Manager: view or full access per business channel
- No Access: no access to this application
- View: view all campaigns and export coupons in this application
- Create and Edit: create and edit all campaigns in this application
- Full Access: access to this application, campaigns and developer settings
- Create and Edit Coupons: create and edit coupons in all campaigns
- Draft Campaigns: create and edit inactive campaigns
- Custom: access to specific sections of this application
Conflicting Access Levels
Our roles based permissions system is grant-oriented system. When a user has two roles with different permissions for the same application, the one that grants more access will "win" or "overrule" the limited role.
For Example: If User A is assigned to two roles, Role #1 has the preset “Create and Edit Coupons” and Role #2 has the preset “Draft Campaigns” set for the same application. Here is an overview of roles abilities access levels:
|Role Name||App.||Permission Preset||Can View Coupons?||Can Edit Coupons?||Can Create Coupons?||Can Create Campaigns?||Can Edit Rules?||Can Edit Campaigns?||Can Activate Campaigns?|
|Role #1||My E-Shop||Create and Edit Coupons||✅||✅||✅||❌||❌||❌||❌|
|Role #2||My E-Shop||Draft Campaigns||✅||✅||✅||✅||✅||✅||❌|
The permission system will accumulate the granted permissions from both (or more, when that’s the case) roles. The accumulated (final) permissions of the user for application “My E-Shop”can be shown bellow:
|Final Permissions||Can View Coupons?||Can Edit Coupons?||Can Create Coupons?||Can Create Campaigns?||Can Edit Rules?||Can Edit Campaigns?||Can Activate Campaigns?|
- Click on the arrow next to your name on the top right corner and select Manage Account
- Note: Only Admin users can see this section
- Click on the Roles tab
- Click on +Create New Role
- Type a name and description for your new role (e.g., Support Agent)
- For each Application in your account, select the access level you want to grant. Note:
- Users can belong to more than one role, the role with more permissions "wins"
- You can remove users at any point
- Assign users when you create a role or when you invite them to Talon.One
- Click the Select Users button to add or remove users. Note:
- The default setting for each application is "No Access"
- You can update permissions at any point
In addition to the predefine access levels, you can define your own custom permissions for an application. You can grant access to specific areas of an application like the rule builder or coupons/referrals depending on your requirements.
To set custom permissions, open the drop-down menu next to your application under the "Configure Application Access" section. Select "Custom" and the following options will appear:
Once you have defined your key roles, you can start inviting users or adding existing users to the roles. Don't worry, you can always add/remove a user from a role.
When you invite a new user to your Talon.One account for the first time, follow these steps:
- Navigate to the Account page by clicking the settings drop-down menu on the right
- Click +Invite New User
- Type in their email and name
- Choose to either "Promote to Admin" or "Assign a Role"
- Admin users will have full access to every area of this account
- To "Assign a Role", select one or multiple roles from the drop-down menu
- Click Manage Roles if you have not created any roles yet
- Click Invite User
- New users will get an email with a link to your Talon.One domain
- On the Users page, you get an overview of what roles this user has been assigned
If a user already has Admin rights, but you would like to add them to a new role, go to the "Users" section of the Account page and assign them to a role.
- Roles in Talon.One work with a grant-based system, this means that all roles explicitly give you permission to things.
- When two roles have conflicting permissions, the role that grants more permissions will "win"
- Admin users will need to manually add roles to your account and users can be assigned a role when you invite them to Talon.One or by adding existing users to a role.
- To delete a role, click on the role and click the Delete button on the top right corner.