To add an individual role to your iOn account, you have two options: duplicating (and modifying) an existing role or creating a new one from scratch. Many roles can't be duplicated, depending on your edit rights to them, but you can copy roles you created yourself or that have fewer privileges than your role (such as if you are an Admin user and want to copy the User role). Both methods are covered below, in separate sections.
Skip down to "Duplicating a Role" if you are duplicating an existing role.
Note: A role determines the level of privileges your iOn users have within your account. iOn comes prepackaged with two basic roles — Admin and User. For details on which screens they can view and modify, go to Viewing Your Roles.
Creating a New Role from Scratch
To build a completely new role from the ground up, follow these steps:
Note: You should add roles to your top-level group so that they can be used throughout your account hierarchy. As such, you might want to navigate to that in the Group Chooser before beginning the steps below. (See Choosing a Group to View Globally if needed.)
- On the sidebar menu on the left, click
.
- Click Roles on the flyout menu that appears.
The Admin - Roles screen will appear.
- Click Add New at the top right of the screen.
The Add Role dialog box will appear.
- In the Name field, type an identifier for the role, such as Driver Supervisor or Basic User.
- Click the Group drop-down arrow and select the group the role will be assigned to.
Note: Again, because roles are primarily created to be used throughout iOn, they are best assigned to your top-level group (and set to be inheritable, as shown in step 8). - In the Description field, type what the role is designed for, including which screens it will be able to view and modify.
- Leave the Role Status field at its default value of Enabled.
Note: The Disabled and Suspended options will make the role unable to be assigned to a user, but this won't likely be necessary when you are adding a new one (or generally speaking, ever). - Select Inheritable so that the role can be seen by subgroups of the group it is assigned to (so the subgroups, or child groups, inherit the role from the parent group).
Note: The Inheritable attribute is not really employed as a role feature and is somewhat a leftover from similar screens.
In the Features section, you will find a list of all the iOn screens, each of which will be initially set to Deny (meaning that the role cannot view the page).
- Scroll through the list of screens and click the selector to slide it to Allow (meaning the role can view the screen) for each page you need the role to access. (
means selected [Allow], and 
deselected [Deny].)
Note: You won't be able to give access to screens you yourself don't have rights for. For example, if your role is the prepackaged Admin, you won't be able to allow the new role to delete groups, as your role doesn't have that privilege. - If a screen has
to the left of its name, such as Reports in the Analytics & Reports section, follow these steps:
- Click to expand the area and see the screen's subitems ( changes to
).
Note: For Reports, you'll need to expand its two subcategories, Common and Special, as well. You can now deny or allow a role access to the reports individually, report by report.
- If the subitems have child privileges of their own, you can expand them as well.
- Slide the toggles to Allow for all the subitems you want to give the role access to.
- You can set the toggle to Deny or Allow for an entire category (such as Asset Activity under Common) to apply that level of access to all the items under it.
- Click
- Click Done.
The new role's name and other details will appear in the Admin - Roles list, and a success message will be displayed at the bottom of the screen.
- Click OK to dismiss it. (Or you can wait a few seconds, and it will automatically close.)
Duplicating a Role
First, find a role whose privileges are similar to those of the new role you need to add. Then follow these steps:
Note: As mentioned earlier, you should add roles to your top-level group so that they can be used throughout your account hierarchy. As such, you might want to navigate to that in the Group Chooser prior to starting the following procedure. (See Choosing a Group to View Globally if needed.)
- On the sidebar menu on the left, click .
- Click Roles on the flyout menu that appears.
The Admin - Roles screen will appear.
- Scroll down to the role you need to copy or filter the Name column to find it. (See Sorting and Filtering Column Data if needed.)
- In the row of the role, click
at the far right.
A menu will appear.
- Click Clone Role.
The Clone Role dialog box will appear with certain settings of the original role already applied.
- In the Name field, type an identifier for the role, such as Driver Supervisor or Basic User.
- Click the Group drop-down arrow and select the group the role will be assigned to.
Note: Remember, because roles are primarily created to be used throughout iOn, they are best assigned to your top-level group (and set to be inheritable, as shown in step 10). - In the Description field, select the current text and type what the new role is designed for, including which screens it will be able to view and modify.
- If the Role Status field isn't set to Enabled, click its drop-down arrow and select that.
Note: The Disabled and Suspended options will make the role unable to be assigned to a user, but this won't likely be necessary when you are adding a new one (or generally speaking, ever). - Make sure that Inheritable is selected so that the role can be seen by subgroups of the group it is assigned to (so the subgroups, or child groups, inherit the role from the parent group).
Note: The Inheritable attribute is not really employed as a role feature and is somewhat a leftover from similar screens.
In the Features section, you will find a list of all the iOn screens with Deny/Allow toggles; Deny means that the role cannot view the page, whereas Allow indicates that the role can access it and make changes.
- Scroll through the list of screens and click the selectors to slide them to Allow or Deny, depending on whether you want the role to have rights to the pages. ( means selected [Allow], and deselected [Deny].)
Note: You won't be able to give access to screens you yourself don't have rights for. For example, if your role is the prepackaged Admin, you won't be able to allow the new role to delete groups, as your role doesn't have that privilege. - If a screen has to the left of its name, such as Reports in the Analytics & Reports section, follow these steps:
- Click to expand the area and see the screen's subitems ( changes to ).
Note: For Reports, you'll need to expand its two subcategories, Common and Special, as well. You can now deny or allow a role access to the reports individually, report by report.
- If the subitems have child privileges of their own, you can expand them as well.
- Slide the toggles to Allow for all the subitems you want to give the role access to and to Deny for ones it shouldn't be able to view or change.
- You can slide the toggle to Deny or Allow for an entire category (such as Asset Activity under Common) to apply that level of access to all the items under it.
- Click
- Click Done.
The new role's name and other details will appear in the Admin - Roles list, and a success message will be displayed at the bottom of the screen.
- Click OK to dismiss it. (Or you can wait a few seconds, and it will automatically close.)
PRO TIP
If you've received queries from your users, asking if there's a way to disable the session timeout, you'll be happy to learn that you can add that as a role feature, as follows:
- In the Add or Clone Role dialog box, scroll down to the bottom of the Admin section.
- Select Admin Command Center.
After you save the new role, users you assign to it will not be logged out of their sessions according to the normal timeout rules.