Enterprise Intelligence permissions are located on the security page of the admin console and are divided into two sections:
- User Groups
Roles are a group of actions (also referred to as permissions) defined by a specific scope and are usually organized by job role (menu edit, employee management, till update, etc.). There are currently nine scopes:
- Menu location group
- Tax location group
- Service charge location group
- Store location group
- Reporting location group
- User groups
User Groups are a group of policies and/or actions and can be assigned to one or more users.
Additionally, permissions follow the same inheritance rules as location groups. If a user is assigned read location group and edit permissions at the parent group (e.g. corporate level). They will also have read location group and edit permissions at all of the parent’s children (e.g. store level). Lastly, edit permissions should be assigned to the group that created the attribute (e.g. the menu created at the corporate level), but the read location group permissions should be assigned to the group that the user will see the attribute (e.g. the store level). The user will see the attribute for their store and any edits will only affect their location. If the user is assigned edit permission at the store level instead, they will only be able to edit the attributes created at their store level (e.g. a local menu) but not the inherited items.
To create security permissions. You will First, create roles and then user groups. For a detailed explanation of Enterprise Intelligence Permissions, first, watch the video, and then reference the sections below for additional assistance:
|⚠ Important: In this video, we described the process of creating read location group roles and user groups for each store. This process is still possible, but in EI version 134 this process is no longer necessary. You can now assign a location group directly to each user, eliminating the need to create and maintain a user group for each store (Assign a User to a Location)|
Roles can be divided into two classes.
- Read Location group Permissions
- All other permissions (add, edit, create, update, activate, etc.)
The read location group permissions are used to define the location groups that the user can see. The remaining permissions are used to define what the user can edit.
|While the read location groups permissions are available to be assigned to a role, it is recommended that you use the employee's profile to assign their relevant locations instead. Using the roles to assign locations, could mean creating many roles and user groups.|
Create User Groups
Follow the steps to create a user group:
- Navigate to Security
- Click Add User Group
- Add a Title
- Add Users (search by username)
- Click Add Policy
- Select a scope from the drop-down
- Select a Location Group from the drop-down
- Select Add Role
- Select One or more role (generally, you will only need to select one)
- Click Add
- Add another policy if needed (A user group can have more that one policy with the same or different scopes)
- Click Save when complete.
Here is a real-world example based on Qu’s best practices.
Qu Café has 2 users who will be store managers. One is the manager at the Atlanta location and the other is a manager at the Smyrna location.
As store managers, they will need to:
- Update all menu prices for their store
- Manage the employees for their store including:
- Create Employees
- Update Employees
- Activate Employees
- Terminate Employees
- Import Employees
- Create Time Entries
- Update Time Entries, and
- Delete Time Entries
- Update Store Tills
- Update Taxes, and
- View reports for their stores
We will need 4 roles:
- 4 edit permissions for
- Menu Location Groups
- Store Location Groups
- Tax Location Groups
Now we will create the user group:
- 1 Store Manager User Group to define what the store managers can do (i.e update permissions).
- We will use the roles created in the last step to create the store manager user group. Each of the roles will be assigned to the topmost location group. This allows the store manager to edit any of the inherited items or settings. In the next step, we will define where the user can complete those actions.
- Additionally, we will add individual actions to define the reports that the user will have access to.
Store Manager User Group
Assign a User to a Location
All Store Managers can be assigned to the above user Group. To assign the store managers to a location:
- Navigate to Employees
- Select the store manager from the list and click the pencil next to the user's name
- Click Security
- Next to Policies select Assign Location Groups
- Next to each applicable group type, select the user's location (In this example, you would select a location for menu group, store group, and tax group (if you selected any of the other groups, the user would be able to see the relevant location group in the list but they would not be able to make any changes because they did not have the permission to do so. In some cases they would not be able to see anything either for the same reason.)