How Do I Create Enterprise Intelligence Permissions - Roles & User Groups (Next Gen)?



Enterprise Intelligence permissions are located on the security page of the admin console and are divided into two sections:

  • Roles
  • User Groups


Roles are a group of actions (also referred to as permissions) defined by a specific scope and are usually organized by job role (menu edit, employee management, till update, etc.). There are currently nine scopes:

  • Global
  • Menu location group
  • Tax location group
  • Service charge location group
  • Store location group
  • Reporting location group
  • Reports
  • User groups
  • Notify


User Groups are a group of policies and/or actions and can be assigned to one or more users.

Additionally, permissions follow the same inheritance rules as location groups. If a user is assigned read and edit permissions at the parent group (e.g. corporate level). They will also have read and edit permissions at all of the parent’s children (e.g. store level). Lastly, edit permissions should be assigned to the group that created the attribute (e.g. the menu created at the corporate level), but the read permissions should be assigned to the group that the user will see the attribute (e.g. the store level). The user will see the attribute for their store and any edits will only affect their location. If the user is assigned edit permission at the store level instead, they will only be able to edit the attributes created at their store level (e.g. a local menu) but not the inherited items.

To create security permissions. You will First, create roles and then user groups. For a detailed explanation of Enterprise Intelligence Permissions, first, watch the video, and then reference the sections below for additional assistance:


Create Roles

Roles can be divided into two classes.

  • Read Permissions
  • Update Permissions (add, edit, create, update, activate, etc.)


Update Roles will be used to define the job title (store manager, shift supervisor, etc.), and read permissions will be used to define the user’s location (Please see appendix for specific examples).

Follow the steps to create a Role

  1. Navigate to Security
  2. Click the Roles tab
  3. Click Add Role
  4. Assign a Title and Description. It is recommended that roles be created by job title (e.g. Store manager menu price update) rather than job role (menu price update). This way there is less maintenance if a store manager role becomes different from a shift supervisor
  5. Select a scope from the dropdown
  6. Click Add Action
  7. Select all of the necessary actions from the dropdown (Remember that there will be 2 separate roles: one for the read permissions and one for the update permissions).
  8. Click Add Selected Actions
  9. Click Save


Create User Groups

User Groups can also be divided into two classes

  • Update User groups that define the users’ job
  • Read Permissions that Define where the user can perform their job


Follow the steps to create a user group:

  1. Navigate to Security
  2. Click Add User Group
  3. Add a Title
  4. Add Users (search by username)
  5. Click Add Policy
  6. Select a scope from the dropdown
  7. Select a Location Group from the dropdown
  8. Select Add Role
  9. Select One or more role (generally, you will only need to select one)
  10. Click Add
  11. Add another policy if needed (A user group can have more that one policy with the same or different scopes)
  12. Click Save when complete.


Real-World Example

Here is a  real-world example based on Qu’s best practices.

Qu Café has 2 users who will be store managers. One is the manager at the Atlanta location and the other is a manager at the Smyrna location.

As store managers, they will need to:

  • Update all menu prices for their store
  • Manage the employees for their store including:
    • Create Employees
    • Update Employees
    • Activate Employees
    • Terminate Employees
    • Import Employees
    • Create Time Entries
    • Update Time Entries, and
    • Delete Time Entries
  • Update Store Tills
  • Update Taxes, and
  • View reports for their stores


We will need 9 roles:

  • edit permissions for menu, global, store, and tax location groups
  • read permissions for menu, employee, store, tax location, and report location groups




Now we will create 3 user groups:

  • 1 Store Manager User Group to define what the store managers can do (i.e update permissions)
  • 2 store specific User Groups to define where the store managers can perform those actions


Store Manager User Group



These are the roles that were used to create this user group. They were each assigned to the top-most parent group to ensure that the user could edit all of the items that they inherited at their store.



Additionally, we added individual actions to define the reports that the user would have access to.


Store-specific User Groups





These are the roles that were used to create this user group. They were each assigned to the User’s store group to ensure that the user could only edit at the location they were assigned.



Was this article helpful?
0 out of 0 found this helpful