This article covers these topics:
Overview of User Roles
A "User Role" acts as a template on which individual users are based and allows Administrators to quickly and easily add new Users to Pipeliner, knowing exactly what security access rights and permissions the user will inherit from the role they are based on.
Why add Advanced Permissions?
Once the user logs in to Pipeliner, by default they can create and share "Email Templates" and "Reports", for example, or change the Profile they are using so they end up seeing different Opportunities to the rest of their team. For some larger organisations, this can make it more difficult to support and manage their standard users.
It’s for this reason that we’ve added the ability to control whether users are able to create, share and delete Profiles, Reports, Dashboards, Email Templates and Form Views. We’re collectively calling these “Common Records” ⤵
Additionally, for Profiles, there is the option to specify which Profile should be visible to the user when they first log in to Pipeliner for each of the main menu areas where Profiles are used.
NOTE: Advanced Permissions are only available for our Unlimited Tier customers.
Accessing Advanced Permissions
In the "Admin Module" of Pipeliner, click on the "Units, Users & Roles" tab and select an existing Role to modify by selecting and clicking on “Edit Role” or, for a new role, click on “Create New” ⤵
Next click on the "Common Records" tab ⤵
Overview of Profiles and default Rights
Profiles govern the data/records that a user sees displayed on screen in each of the different main menu areas — Navigator, Leads, Opportunities, Accounts, Contacts, Projects, Activities, Feeds and Archive as well as within the Insights tabs — Insights, Indicators, Conversions and Performance.
Profile options also determine sort orders and view options that can change the look and feel inside the app in a particular area.
The image illustrates this using the same Profile but with different View options and Target settings. Exactly the same Opportunities are displayed in each view ⤵
When they first log in, all users have access to 2 default, system profiles:
“All Users” will display all records that a user’s role gives them access to see
“My” will show them just those records that they own.
By default, in each main menu area, users see the “All Users” profile.
Again by default, users all have the ability to create new Profiles and to share those Profiles with other users by making them “public” — so all users can see the profile — or “custom” where they select specific users or sales units.
Why Manage Advanced Permissions for Profiles?
Lots of users creating and sharing profiles can make life confusing for others when profiles are shared with them.
It has also historically been problematic when a user leaves as, previously, no one had the ability to delete the Profiles left behind when a user was deactivated.
It also makes it much easier to support users with problems when you know, exactly, what the user is seeing on screen.
Advanced Permissions can help you manage all of these scenarios. You can prevent users from being able to create new Profiles at all, control their Sharing options and specify which Profile should be the default for the user when they login.
In combination, these options mean that, for some roles, you might create a profile to display specific data, share that profile from within the Pipeliner app and then, in the Admin Module, set it as the default profile for the user role while simultaneously removing rights to create custom profiles. The result would be that any user based on that role would only be able to access the one profile you had set up.
Even for more advanced users, you might limit their sharing options. Even if it’s OK for them to create custom profiles, you might want to restrict sharing to within the user’s team.
Setting up Advanced Permissions on Profiles
For this example, I set up a custom, publicly shared Opportunity profile named “My Team’s Opportunities” with our preferred "View" and "Target Settings". I want this profile to be the default for all users based on the "Sales Manager" role. I’m happy for Sales Managers to create — and delete — their own profiles but I want to restrict the sharing to “custom” ⤵
In the "Common Records" tab, make sure you’re have "Profiles" selected ⤵
The first option is Access Rights. You can choose from:
Write access to records › this option allows creating of new profiles
Read-only access to records › this gives access only to use the default Profiles and any custom profiles shared with the user or their sales unit(s).
We’ll leave this option on "Write access to records" and will tick the option "Allowed deleting owned records" which lets a user delete those profiles they have themselves created.
Next, under "Sharing Rights", we’re going to untick "Public sharing" which allows users to make their custom profiles “public” and will leave "Custom sharing" ticked so users can select exactly who to share their profiles with.
"Advanced Rights" grants “super user” type rights to delete any profile regardless of who created it by ticking the "Allowed deleting not owned records". We’ll be saving that option only for Administrators! ⤵
Under "Default Screen Profiles", we can select any shared, custom profile to replace the out-of-the-box selection of “All Users”. For Opportunities, we’re going to choose our “My Team’s Opportunities” profile instead ⤵
Click on “Save” to apply your changes.
For our "Sales User" role, we don’t want any new custom profiles to be created so we’ll edit that role and this time select "Read-only access to records" under "Access Rights".
As soon as we select that option, all sharing and deleting options are greyed out as they no longer apply.
In this example, we’ve changed the default profiles for Navigator and Leads to “My” and selected our custom profile “My Team’s Opportunities” for Opportunities ⤵
NOTE: The legend next to the tab name Profiles has changed from “RW” - i.e. Read and Write — to just “R” for Read. We’ve added this as a quick visible cue to the settings so you don’t always have to dig deeper.
Reports and Dashboards
Overview of Reports/Dashboards and Rights
You can prevent users accessing Reports and Dashboards at all by removing access under the "Features" tab and then "Navigation" ⤵
And also by switching off from "Common Records › Reports" or "Common Records › Dashboards".
NOTE: Permissions are bundled for Reports and Dashboards — you can’t switch off access to one area without the other ⤵
If a user is granted access to Reports and Dashboards however, then they also, by default, have rights to create, delete and share those Reports and Dashboards.
Just like with Profiles, Advanced Permissions allows you much more control over these options.
Setting up Advanced Permissions for Reports and Dashboards
First select either "Reports" or "Dashboards" ⤵
Options work in the same way as they do for profiles.
Under "Access Rights", choose from:
Write access to records › this option allows creating of new Reports or Dashboards.
Read-only access to records › this gives access only to use Reports and Dashboards that are shared with the user or their sales unit(s).
Under "Sharing Rights", "Public sharing" allows users to make their custom profiles “public” and "Custom sharing" lets users select exactly who to share their profiles with by choosing users and/or sales units.
And under "Advanced Rights":
Allowed deleting not owned records › gives users rights to delete any Report or Dashboard regardless of who created it.
Allow creating/deleting folders › governs if they can create custom folders (and delete them too).
You may want to grant these Advanced Rights to certain specific User Roles though, in general, it’s more likely they’ll be reserved for Admins.
Overview of Email Templates and Rights
You can prevent users accessing Email Templates at all by removing access under the "Features" tab and then "Tools" or by switching off from "Common Records › Email Templates" ⤵
If a user is granted access to "Email Templates" however, then they also, by default, have rights to create, delete and share templates.
Setting up Advanced Permissions for Email Templates
Select "Email Templates" and choose your preferred options (these are the same as for Reports/Dashboards) ⤵
Overview of Form Views and Rights
"Form Views" are created, managed and shared by users within the Pipeliner app on each type of record. Below is an example of a custom Form View set up on Accounts ⤵
Clicking on "Manage Views" takes users to the "Form View Manager" where they can create, share, edit and delete their own Form Views ⤵
You can only prevent users accessing Form Views by switching off from "Common Records › Form Views" ⤵
Setting up Advanced Permissions for Form Views
Choose your preferred options (these are the same as for Reports/Dashboards) except that there is no "Advanced Right" to "Allow creating/deleting folders" as Form Views do not have a folder structure ⤵