Management of users, permissions, groups

Go back to Integria IMS Documentation Index

One of the most important features of Integria IMS is the possibility of working with different groups of users and for it to allow access and display of independent elements, so that each group only visualizes its information and elements, making the content of the other groups invisible. These user groups can be different departments, clients, or companies. This feature is generally known as a Multitenant environment.

The permission structure is based on three concepts:

• Group: Set of users with visibility among them, a group can be translated by “department”, “client” or “company”, depending on the context of the use of Integria IMS and the desired way of working.
• Profile : Permissions Level. It defines a series of privileges, for example: access to the planning, having access to create tickets , or being a project manager.
• User: Identifier to access the tool. Users will have one or more combinations of profile plus group associated, defining the level of privileges they will have and for which group, being, for example, a project manager in one group and a ticket operator in another. To edit users, a user with permissions may access the User Manager through the People → User Management menu (People → User management):

Here you may edit, delete or add a new user in a form similar to the following one:

In Custom screen you can choose the dashboard that the user will see when logging in. See “Dashboard Management” for more information.

To be able to assign a company (optional), something important from a profile point of view (since in certain sections of the application, the access level will also take into account which company a user belongs to), you must first create a company in the customer management section (CRM). This will be discussed later.

Some user features are, for example, activation (whether the user is active or not) or if the user has a login (interactive access to the console). Some users only have access by email (email) for incident management.

Closely related to groups and profiles are user types. In Integria IMS there are four types of users:

• Super administrator: Full access and privileges on all sections and groups of the tool.
• Standalone user: They can only access the sections: Tickets and Wiki. In the Tickets section they can only see their own tickets. They are often used to offer support services to potentially large customer groups.
• Grouped user: Privilege level based on their groups and profiles. They can only access, view and/or modify the information of each assigned group according to the profile they have defined.
• Grouped only by company: It is like a normal grouped user, but that can only see tickets for users in the same company and group.

This system allows specifying what access privileges are given to each user in the different sections of Integria IMS.

In the definition of a user, at the end, you have that profile/group association:

Profiles are a set of access bits that define what operations a user can perform. In each section or function (tickets, knowledge base, downloads, CRM, inventory, Wiki…) these bits are used differently in combination with elements such as groups or with access definitions specific to each tool, for example, in the downloads, the definition of access associates groups with something called categories, while in CRM access management does not use groups but companies, and which companies are linked to each other.

The profiles can be managed from the People → Management Profiles menu in a screen similar to this one:

Each profile has a series of access bits and is identified by a name:

Access bits

The profiles are configured through access flags. This section defines what enables each ACL flag in each section.

The Project manager role can perform any operation on the projects in which it is assigned that role, as well as on project tasks. Additionally, users with this role will be able to delete projects.

Project owner: It has the same permissions as those of the project manager.

Administrator User: You can perform all the previous actions in any project or task without restrictions (according to their availability in the interface).

In the project ACL system, subtasks inherit the permissions of the parent tasks. That is, if a user can modify the parent task, they can also modify the child task.

The Wiki read and write permissions are defined on each of its pages. By default all pages are accessible and editable by all users. You may see how to modify these permissions in the Wiki Read/Write Permissions section.

CRM ( Customer relationship management) has a particular way of working, where groups are not taken into account, only the company to which the user belongs to and the profiles they have in any of the groups. The main access restriction method will be the parent/child relationship between companies. So if you have access to one company, you have access to all the “child” companies. Except the external user who only sees their own. That is, they would only see those of their company and the child companies (and grandchildren, etc.) of their company.

Integria IMS allows sales leads managing and administration (business leads or people in charge of business with companies).

Special access Flags that refer to application management.

Through this section, to which only system administrators have access, new users can be massively incorporated into the system. It is based on the import of a CSV file with a specific format. A CSV file stores tabular data (numbers and text) in plain text format. Columns are separated by commas:

• id_user
• password
• real_name
• email
• telephone
• description
• avatar
• disabled
• id_company
• num_employee
• enable_login
• Custom fields.

The custom fields must previously exist in the Integria IMS system and must be indicated in order, being able to choose a value, or in case of not wanting to give them a value, a blank space.

Example:

user,pass_user,albert,[email protected],12345678,This is a new user,people_1,0,3,222,1,Integria,20

Other fields will be associated automatically according to the values of the creation form (People → Import users from csv menu):

• Group.
• Profiles.
• Global profile (standard user or external user).
• Enable policy password (force password policy according to security level).
• Avatar (profile picture).

An unlimited number of user custom fields can be defined to fit the application to the organization. Only an administrator can define custom fields, for this go to People → User fields.

You may define numeric on / off fields, descriptions, values to choose from a selector and many others.

Group management is only visible for users with a user management profile. tickets will always be associated with a group. It is possible to define in the groups a default user to which the tickets will be assigned when a new ticket is added to that group. Later, the user will be able to transfer (“ escalate ”) tickets to anyone within their group, although said user must be configured with the necessary permissions to do so.

From the Groups Management section (People → Groups Management menu) you may add, edit and delete groups. By clicking on the name of any group you will access its edit form. By clicking Create, you may add new groups whose fields are similar to those for editing:

• Name.
• Forced email: It activates or deactivates ticket forwarding to the group of users entered in the email group.
• Parent: Group in which it is included as a child.
• Default user: This user will be the one assigned by default for the tickets created in this group. You must enter at least two letters in the search field to be able to choose from a list of matching users.
• Icon: Group image, when selecting one from the list, you will get its preview.
• Send customer satisfaction email: Option to send an email to know customer satisfaction.
• Open ticket limit: For grouped users, this is the maximum number of simultaneously open tickets for a group in the last year. For external users, it is the maximum number of tickets simultaneously opened by that user.
• Enforced open tickets limit: It will prevent creating new tickets when reaching the limit of open tickets. If it is not forced, only an information window that the limit has been exceeded is displayed.
• Total ticket limit: For grouped users, it is the maximum number of tickets in a group in the last year, regardless of their status (both open and closed tickets will be counted). For external users it will work in the same way but they will be counted individually, having their own for each external user and group. In both cases, it is restrictive, so new tickets cannot be created for this group once the limit has been reached.
• SLA ticket: Service-level Agreement monitoring used in the tickets of this group.
• Default inventory object: Object associated by default with the new tickets of this group (optional).
• Email from: Email address that will appear as the source of the notification. If you need users to be able to reply to this email, this address must be an alias of the address configured in Integria IMS to receive the messages.
• Group email: Email addresses associated with the group. Notifications will be sent to these addresses when there are changes to group tickets (if there are several, separate them from each other with commas ,).

They are used for ticket creation and management by email. To be able to use this feature, it is necessary to have an email account configured in the Email configuration section, in the general configuration of the console (Setup → Setup → Email setup). Integria IMS will use this account to download mails from a mailbox and to be able to work with new tickets sent to the support email account.

Since Integria IMS can only use one email account to download (POP3 or IMAP technologies), you will have to use ALIAS on your mail server to be able to differentiate who creates the ticket.

Suppose you have two user groups GOLD-SUPPORT and GOLD-VIP, and that the account Integria IMS works with is [email protected]:

• You must create two aliases for that account so that by sending to [email protected] and [email protected], both emails end up reaching [email protected]
• It will create two groups: “Gold Support” and “VIP Support”, with the differences in the shipping address and name fields.
• You need to configure the group “Gold Support” as follows:

The big difference comes when configuring the group queue (Email Queue management section):

With this configuration, if you receive an email to the address “[email protected]”:

• It will automatically create a user with a standard user profile.
• You will be sent a welcome email with the username and password so that you may access the platform.
• In addition, the content of the email that the user has sent will be used to create a new ticket in the “Gold Support” group.

The parameters to configure the mail queues are the following:

• Automatically create users : Automatic creation of new users when a message is received. Depending on the source or destination, rules will be applied to user creation.
• Grant access to users: It allows granting access of the new automatically created users to the application using their username and password. Otherwise, those users will only have access by email.
• Send welcome email: It will use the template specified in the lower field (Welcome email).
• Default status: State with which the ticket will be created by those new users.
• User type: Category with which users will be created automatically (grouped or not grouped).
• Default company: Optional field.
• Default user profile: The indicated profile will be associated with the new user for the corresponding group.
• Default ticket type: Default ticket type for those who are processed through the mail queue.
• Email queue: The emails that arrive at the email addresses specified in this section will be used to create and update tickets. This field allows you to configure several addresses or regular expressions, one for each line.
• Welcome email: It will be sent to new users that are automatically created when sending an email. The email source address will be used as the username. This text field accepts the_password_ macro, which will replace this macro by the default password assigned when the user was created.

• Given a group of addresses with the emails: [email protected] or .*@otherdomain.com .
• With this configuration, all emails that reach the address [email protected] will be used to manage tickets by email using the defined parameters.
• All those with the format [email protected] (such as: “[email protected]”, “[email protected]”, etc) will also be used for managing tickets by mail, using the defined parameters.

The Project manager role can perform any operation on the projects in which it is assigned that role, as well as on project tasks. Additionally, users with this role will be able to delete projects.

Project owner: It has the same permissions as those of the project manager.

Administrator User: You can perform all the previous actions in any project or task without restrictions (according to their availability in the interface).

In the project ACL system, subtasks inherit the permissions of the parent tasks. That is, if a user can modify the parent task, they can also modify the child task.

The Wiki read and write permissions are defined on each of its pages. By default all pages are accessible and editable by all users. You may see how to modify these permissions in the Wiki Read/Write Permissions section.

CRM (Customer relationship management) has a particular way of working, where groups are not taken into account, only the company to which the user belongs to and the profiles they have in any of the groups. The main access restriction method will be the parent/child relationship between companies. So if you have access to one company, you have access to all the “child” companies. Except the external user who only sees their own. That is, they would only see those of their company and the child companies (and grandchildren, etc.) of their company.

Integria IMS allows sales leads managing and administration (business leads or people in charge of business with companies).

Special access Flags that refer to application management.

Through this section, to which only system administrators have access, new users can be mass incorporated into the system. It is based on the import of a CSV file with a specific format. A CSV file stores tabular data (numbers and text) in plain text format. Columns are separated by commas:

• id_user
• password
• real_name
• email
• telephone
• description
• avatar
• disabled
• id_company
• num_employee
• enable_login
• Custom fields.

The custom fields must previously exist in the Integria IMS system and must be indicated in order, being able to choose a value, or in case of not wanting to give them a value, a blank space.

Example:

user,pass_user,albert,[email protected],12345678,This is a new user,people_1,0,3,222,1,Integria,20

Other fields will be associated automatically according to the values of the creation form (People → Import users from csv menu):

• Group.
• Profiles.
• Global profile (standard user or external user).
• Enable policy password (force password policy according to security level).
• Avatar (profile picture).

An unlimited number of user custom fields can be defined to fit the application to the organization. Only an administrator can define custom fields, for this go to People → User fields.

You may define numeric on / off fields, descriptions, values to choose from a selector and many others.

Group management is only visible for users with a user management profile. tickets will always be associated with a group. It is possible to define in the groups a default user to which the tickets will be assigned when a new ticket is added to that group. Later, the user will be able to transfer (“escalate”) tickets to anyone within their group, although said user must be configured with the necessary permissions to do so.

From the Groups Management section (People → Groups Management menu) you may add, edit and delete groups. By clicking on the name of any group you will access its edit form. By clicking Create, you may add new groups whose fields are similar to those for editing:

• Name.
• Forced email: It activates or deactivates ticket forwarding to the group of users entered in the email group.
• Parent: Group in which he is included as a child.
• Default user: This user will be the one assigned by default for the tickets created in this group. You must enter at least two letters in the search field to be able to choose from a list of matching users.
• Icon: Group image, when selecting one from the list, you will get its preview.
• Send customer satisfaction email: Option to send an email to know customer satisfaction.
• Open ticket limit: For grouped users, this is the maximum number of simultaneously open tickets for a group in the last year. For external users, it is the maximum number of simultaneously open tickets by that user.
• Enforced open tickets limit: It will prevent creating new tickets when reaching the limit of open tickets. If it is not forced, only an information window that the limit has been exceeded is displayed.
• Total ticket limit: For grouped users, it is the maximum number of tickets in a group in the last year, regardless of their status (both open and closed tickets will be counted). For external users it will work in the same way but they will be counted individually, having their own for each external user and group. In both cases, it is restrictive, so new tickets cannot be created for this group once the limit has been reached.
• SLA ticket: Service-level Agreement monitoring used in the tickets of this group.
• Default inventory object: Object associated by default with the new tickets of this group (optional).
• Email from: Email address that will appear as the source of the notification. If you need users to be able to reply to this email, this address must be an alias of the address configured in Integria IMS to receive the messages.
• Group email: Email addresses associated with the group. Notifications will be sent to these addresses when there are changes to group tickets (if there are several, separate them from each other with commas ,).

They are used for ticket creation and management by email. To be able to use this feature, it is necessary to have an email account configured in the Email configuration section, in the general configuration of the console (Setup → Setup → Email setup). Integria IMS will use this account to download mails from a mailbox and to be able to work with new tickets sent to the support email account.

Since Integria IMS can only use one email account to download (POP3 or IMAP technologies), you will have to use ALIAS on your mail server to be able to differentiate who creates the ticket.

Suppose you have two user groups GOLD-SUPPORT and GOLD-VIP, and that the account Integria IMS works with is [email protected]:

• You must create two aliases for that account so that by sending to [email protected] and [email protected], both emails end up reaching [email protected]
• It will create two groups: “Gold Support” and “VIP Support”, with the differences in the shipping address and name fields.
• You need to configure the group “Gold Support” as follows:

The big difference comes when configuring the group queue (Email Queue management section):

With this configuration, if you receive an email to the address “[email protected]”:

• It will automatically create a user with a standard user profile.
• You will be sent a welcome email with the username and password so that you may access the platform.
• In addition, the content of the email that the user has sent will be used to create a new ticket in the “Gold Support” group.

The parameters to configure the mail queues are the following:

• Automatically create users : Automatic creation of new users when a message is received. Depending on the source or destination, rules will be applied to user creation.
• Grant access to users: It allows granting access of the new automatically created users to the application using their username and password. Otherwise, those users will only have access by email .
• Send welcome email: It will use the template specified in the lower field (Welcome email).
• Default status: State with which the ticket will be created by those new users.
• User type: Category with which users will be created automatically (grouped or not grouped).
• Default company: Optional field.
• Default user profile: The indicated profile will be associated with the new user for the corresponding group.
• Default ticket type: Default ticket type for those who are processed through the mail queue.
• Email queue: The emails that arrive at the email addresses specified in this section will be used to create and update tickets. This field allows you to configure several addresses or regular expressions, one for each line.
• Welcome email: It will be sent to new users that are automatically created when sending an email. The email source address will be used as the username. This text field accepts the_password_ macro, which will replace this macro by the default password assigned when the user was created.

• Given a group of addresses with the emails: [email protected] or .*@otherdomain.com .
• With this configuration, all emails that reach the address [email protected] will be used to manage tickets by email using the defined parameters.
• All those with the format [email protected] (such as: “[email protected]”, “[email protected]”, etc.) will also be used for managing tickets by mail, using the defined parameters.

.

• Given a group of addresses with the emails: [email protected] or .*@otherdomain.com .
• With this configuration, all emails that reach the address [email protected] will be used to manage tickets by email using the defined parameters.
• All those with the format [email protected] (such as: “[email protected]”, “[email protected]”, etc.) will also be used for managing tickets by mail, using the defined parameters.

Go back to Integria IMS Documentation Index