Overview

In the latest version of our software, we have simplified the permissions system into two primary roles: managers and users. The role field on the User model specifically indicates whether a user is a manager or a regular user. This document outlines the differences between the two roles and details the additional capabilities that managers have over regular users.

Users

Regular users have access to the core functionalities of the software. They can perform all the standard actions allowed by the system, which typically include:
  • Viewing and interacting with Assessments
  • Managing their own profiles and Account settings
  • Accessing basic reports and data as permitted by the system

Managers

Managers have all the capabilities of regular users, plus additional permissions that allow them to manage and administer the account more comprehensively. Manager permissions include:
  • Account Tag Management: Create, edit, and delete Account Tags.
  • User Management: Invite new Users, modify existing User details, and remove Users from the Account.
  • Profile Management: Edit Profile details (e.g. email, phone, name, etc.), delete Profiles, and transfer Profiles between Accounts they manage.
  • Credit Distribution: Allocate and distribute credits within the Account.
  • Account Information Updates: Modify key Account details such as the Account name, logo, and settings.
  • API Credentials: Add, view, or delete API credentials to control and monitor API access.
  • Sub-Account Management: Create, modify, or delete Sub-Accounts for better organizational structure.
  • Usage Reporting: Run usage reports for the managed account to track activities and performance.
  • 360 Reviews: Create, modify, or delete 360 Reviews for a comprehensive review process.

Important Notes for API Consumers

  • Role Field: The role field in the User model will always indicate either manager or user for client Accounts. This is the field you should reference when determining a user’s level of access.
  • Best Practices: When building integrations, always validate user permissions based on the role field. This ensures that your application only exposes the functionalities available to managers or users as defined by our API.

Conclusion

The streamlined permissions system in Profile is designed to simplify user management and ensure clarity between everyday user actions and higher-level management tasks. If you have questions regarding permission-related functionality or require further details on how to implement these checks in your API integrations, please consult our additional developer resources or reach out to our support team.