Roles
Dispatcher Stratus tenants include member roles, which tenant admins use to control members’ access to the tenant. Each role includes various permissions. These permissions determine members’ ability to view, edit, and create within the tenant.
Roles within Dispatcher Stratus are critical to managing member access and permissions, ensuring the appropriate level of control and security while facilitating smooth operations within the organization.
During tenant Onboarding, roles are static. After configuration, you can create custom roles containing sets of permissions specific to your business needs. The Roles page appears in the following illustration:
Note: To access and edit this page, you must have the necessary User permissions.
The Roles page lists all the roles currently available in the tenant. For each role, the page lists any tenant member groups and/or tenant members assigned to the role. You create and maintain roles via the Roles page, and assign roles to members and members groups via the User Management page. You can assign a role to multiple members and/or member groups.
Roles consist of one or more permissions. Each permission provides access to, or grants editing capabilities for, a certain page or function on a page in the Dispatcher Stratus portal. For example, you can create a role with the following permissions:
- View access to the Devices page. View access does not include editing capabilities.
- Full access to the Users page. A partial list of the permissions includes:
- View the Users page.
- Invite new members to the tenant.
- Create, edit, and delete member groups.
All tenant members must be assigned at least one role. The default user role enables members to sign in to the tenant. Other roles include permissions to access and edit the various pages in the portal. Roles can be assigned to any of the following:
- An invitee to the tenant.
- A tenant member group.
- A tenant member.
Standard Roles
Dispatcher Stratus includes several standard roles, listed below, each tailored to specific user needs. The permissions in these roles cannot be modified:
-
Tenant Admin - Performs the day-to-day administrative tasks for the tenant.
-
Tenant Super Admin (System Role) - System roles are not editable. All tenants must have at least one Tenant Super Admin.
-
Tenant User - For members who use workflows but do not require any admin permissions.
Tenant Managers
A tenant is not not required to have a tenant manager, and tenant managers are not members of the tenants they manage. A tenant manager might manage multiple tenants in a large corporation, or be a Dispatcher Stratus dealer who has one or more clients. A tenant manager can be assigned as part of a tenant’s initial configuration, or can be added or reassigned later by a privileged tenant member such as a tenant admin.
Tenant managers have access to the Dispatcher Stratus Manager area, where they can view information on the tenants they manage, including the Tenant Manager Dashboard page and the Tenant Manager Reports page. A tenant manager cannot access the tenants they manage unless they are granted the Tenant Manager & Admin role in a tenant, which enables them to perform both roles for the tenant.
Overview of the Tenant Admin Role
The Tenant Admin role is designed for an in-company manager who oversees and uses the tenancy on a day-to-day basis. There are two types: Tenant Super Admin and Tenant Admin. The first tenant admin is always given the Tenant Super Admin role, which also gives them access to view and edit Tenant Settings. Subsequent admins can be invited as either Tenant Super Admins or Tenant Admins (Tenant Admins have access to view and edit everything except Tenant Settings). While the first tenant admin can be invited by a tenant manager, other tenant admins must be invited to the role by another tenant admin. Tenant admins can do the following:
- Configure and view their tenant, including:
- Assigning a name to their tenant
- Assigning a unique URL to their tenant
- Selecting the region where they want their data to be stored (during initial setup)
- Selecting the tenant authentication method (during initial setup)
- Access all pertinent administrative functions in their tenant, including the ability to:
- Create, configure, and manage workflows
- Add and manage devices
- Invite additional tenant admins
- Invite additional users
- Modify the tenant’s subscription
- View reports and analytics
Tenant Admins also gains access to a database of sample workflows to help with the start-up process. These workflows can be shared, edited, deleted, etc., and are also available for download on the SEC Website.
Important! A tenant requires at least one Tenant Super Admin at all times.
Overview of the Tenant Manager Role
The Tenant Manager role is designed for people such as dealer representatives and departmental managers who will not have much, if any, day-to-day oversight or use of the tenancy. The Tenant Manager is the only role with the capability to view aggregate data for multiple tenancies at the same time. Tenant managers can do the following:
- View all configured and unconfigured licenses (licenses that have been purchased and redeemed but have not completed setup) for which you are a tenant manager
- Activate a purchased license to begin tenant configuration
- View the status of all tenants (configured and unconfigured)
- Invite the first tenant admin
- Resend invitations for the first tenant admin
- Cancel invitations for the first tenant admin
- Enter and maintain tenant contact information
- View analytics and contact information per tenant
- View analytics across tenants, including information about device usage, active workflows, and more
Notes:
- Tenancies do not need a tenant manager to function.
- For trial licenses, the Tenant Manager role is automatically filled by a Konica Minolta representative.
Overview of the Tenant Manager & Admin Role
The Tenant Manager & Admin role has the combined permissions of both the Tenant Manager and Tenant Super Admin roles. It is designed to provide single persons with the ability to both setup a tenancy and perform the day-to-day oversight and usage of the tenancy.
Overview of the Tenant User Role
The Tenant User role is designed for tenant members who use workflows but do not require access to the administrative aspects of the tenant.
Standard Role Permissions at a Glance
| Permission | Tenant Admin | Tenant Manager | Tenant Manager & Admin | User |
|---|---|---|---|---|
| View analytics and contact information for a single tenant | ✓ | ✓ | ||
| View and edit their tenant’s settings | ✓ | ✓ | ||
| Assign or edit the tenant’s name | ✓ | ✓ | ||
| Assign or edit the tenant’s unique URL | ✓ | ✓ | ||
| Select the region where the tenant’s data will be stored | ✓ | ✓ | ||
| Select the authentication method for the tenant | ✓ | ✓ | ||
| Create, configure, and manage workflows | ✓ | ✓ | ✓* | |
| Input and manage devices | ✓ | ✓ | ||
| Invite and manage invitations for tenant admins | ✓ | ✓** | ✓ | |
| Invite and manage invitations for users | ✓ | ✓ | ||
| View in-depth reports and analytics about a single tenancy | ✓ | ✓ | ||
| View all configured and unconfigured licenses for which you are a tenant manager | ✓ | ✓ | ||
| Activate a single license | ✓ | ✓ | ||
| View the status of all tenants (configured and unconfigured) | ✓ | ✓ | ||
| Enter and maintain tenant contact information | ✓ | ✓ | ||
| View analytics across multiple tenants | ✓ | ✓ |
* Users can access workflows that are shared with them and can edit workflows if Edit permissions have been granted to them. However, users cannot create new workflows.
** Tenant managers can invite and manage invitations only for the first tenant admin. Other tenant admins must be invited by another tenant admin.
Roles Table
All roles appear in the Roles table, including the Standard roles as well as any Custom roles you have added to your tenant, along with the following information:
- Role - The name of the custom role.
- Group Assignment - A list of any User Groups that are configured with this role as the Default Role.
- User Assignment - A list of any users who have been granted this role.
- Actions
- View Role - See the permissions associated with this role.
- Edit Role - Edit the permissions associated with this role. Note that the Tenant Super Admin role cannot be edited.
- Delete Role - Remove this role from the tenant. Note that a role cannot be deleted if it is assigned to a user who has no other assigned roles. Also, the three default roles (Tenant User, Tenant Admin, and Tenant Super Admin) cannot be deleted.
Custom Roles
To create a custom role, use the Create New Role button on the Roles page. Custom roles provide the flexibility you need to tailor permissions according to your organizational requirements. Privileged tenant members can craft roles that precisely match their operational needs, enhancing efficiency and security. The following illustration shows the Create New Role window:
To create a custom member role, do the following:
- Select Create New Role. The Create New Role window appears.
- Specify a name for the role.
- In the Pages panel, select a page such as “Devices”. The Permissions panel displays the permissions associated with the page.
- Select one or more permissions to include in the role.
- Repeat steps 3 and 4 to include other permissions in the role.
- When done, select Save. You return to the Roles page, where the new role now appears in the Roles column.
Assigning Roles
To assign roles to member groups or members, access the User Management page. You can assign a role to a user or associate it with a user group.
Editing Roles
To edit a custom role, do the following:
- Select the role you would like to update.
- Click the Edit button.
- Select and/or deselect the options until the role has the permissions you want.
- Select Save.
List of Permissions
You assign permissions via the Create New Role window. The following sections list the permissions available for assignment to custom roles, organized by type. The following types are available:
Devices Permissions
These permissions control access to devices such as MFPs and more. Role permissions include:
MFP
- View - See a read-only list of devices.
- Add - Import new devices.
- Edit/Modify/Move - Update existing devices.
- Remove - Delete existing devices.
- Register/Unregister - Assign or unassign a license to a device.
- Create Group - Create a new device group.
- Edit/Rename Group - Modify an existing device group.
- Delete Group - Remove an existing device group.
Non-MFP
- View - See a read-only list of non-MFP devices.
- View All - See all users with assigned licenses.
- Assign to Group Member - Assign licenses to a single member of a User Group.
- Assign to All - Assign licenses to any tenant user with non-MFP device permissions.
Forms Permissions
These permissions control access to forms, which allow for user interaction with workflows. Role permissions include:
- View - See a read-only list of forms.
- Add - Create new forms.
- Edit/Modify/Move - Update existing forms.
- Remove - Delete existing forms.
- Import/Export - Import forms created in another tenant into the current tenant, and export forms to a file that can be imported into another tenant.
- Activate - Make a form accessible to workflows/nodes.
- Deactivate/Unpublish - Make a form inaccessible to workflows/nodes.
- Create Group - Create a new form group.
- Edit/Rename Group - Modify an existing form group.
- Delete Group - Remove an existing form group.
- Clone - Create an exact duplicate of an existing form group.
Users Permissions
These permissions control access to users, including user groups and more. Role permissions include:
- View - See a read-only list of users.
- Invite - Send invitation emails to new users.
- Edit/Modify/Move - Update existing users.
- Remove - Delete existing users.
- Block - Prevent existing users from accessing the tenant without removing the users’ data.
- Assign User Role - Assign member roles to tenant members.
- Transfer Ownership - transfer a tenant member’s ownerships to another tenant member.
- Create Group - Create a new user group.
- Edit/Rename Group - Modify an existing user group.
- Delete Group - Remove an existing user group.
- Assign Group Role - Assign member roles to tenant member groups.
Note: The permissions to invite users or edit users’ permissions prevent the assignee from inviting or editing users whose level of permissions exceed theirs. For example, a Tenant Admin cannot invite a Tenant Super Admin because the Tenant Super Admin role has more permissions than the Tenant Admin.
Apps Permissions
These permissions control access to the Apps page and its functions. Permissions are definable by app type (Internal, External, or Generic URL). For each app type, the following permissions enable a user to:
- Create - Access the Create New App window via the Create New App button on the Apps page.
- Use - View, run, and copy the link for apps that have been shared with them.
- Delete - Delete apps they created.
- Share - Share apps they created.
Workflows Permissions
These permissions control access to workflows, including scheduling, sharing, workflow groups, and more. Role permissions include:
- View - See a read-only list of workflows.
- Create - Create new workflows.
- Edit/Modify/Move - Update existing workflows.
- Delete - Delete existing workflows.
- Share - Provide access to existing workflows to other users.
- Run/Stop/Pause - Update the status of workflows.
- Change Owner - Update the owner of workflows.
- Import/Export - Save a workflow outside of the tenant and upload a saved workflow to a tenant.
- Sample Workflows - View and access the Sample Workflows table, and
- Create Group - Create a new user group.
- Share Group - Provide access to a workflow group to another user.
- Edit/Rename Group - Modify an existing user group.
- Delete Group - Remove an existing user group.
- Clone - Create an exact duplicate of an existing workflow group.
Data Permissions
These permissions control access to the data generated by the tenant, including analytics. Role permissions include:
Dashboard
- View - See analytics data about tenant usage.
Logs
- View - See the log records for users, workflows, etc.
Jobs Permissions
These permissions control access to jobs. Role permissions include:
Job Queue
- View - See one or more job queues.
- Create - Create new job queues.
- Edit/Modify - Update existing queues.
- Delete - Delete a job queue.
- Activate/Deactivate - Activate or deactivate a job queue.
Tracker
- View - See your job tracker.
- Track Jobs - Add jobs to your tracker.
Jobs
- View - See jobs.
Settings Permissions
These permissions control access to the Roles, Settings, and Profile pages. Permissions include:
Roles
- View - See current roles.
- Create - Create new roles.
- Edit/Modify/Move - Updating existing roles.
- Remove - Delete existing roles.
Note: The permissions to create or edit roles prevent the assignee from creating or editing roles whose level of permissions exceed theirs. For example, a Tenant Admin cannot create a role with Tenant Super Admin permissions because the Tenant Super Admin role has more permissions than the Tenant Admin.
Settings
- View - See tenant settings.
- Edit/Modify/Move - Update existing tenant settings.