Permissions, Roles and Access Groups each provide a level of customization that allow you to configure exactly what someone can and cannot do or see while logged in to Trackops.
Permissions
On the lowest level, permissions are the on and off toggles that control access to most features throughout the system. A user can have their permissions tweaked to either grant or restrict access to various components. Permissions can be configured on an individual basis to easily tailor a person's feature set based on their needs.
For example, you could disable a permission to restrict a certain investigator from creating new cases or from creating new expenses. You could also disable another permission permissions to hide employee pay rates and price lists from one of your administrative employees.
There are quite a number permissions, and customizing each person individually could become tedious. That's why permissions can also be pre-configured through the use of "Roles".
See Also: How to Customize Your User Roles
Roles
While creating a user in your system, you will be prompted to choose what Role they will serve in your system. Think of roles as containers that hold a collection of permissions. Each role can be customized to enable the availability of certain permissions, as well as define which of those permissions will be enabled by default. Naturally, roles will often mirror the actual positions inside your company, such as Investigators, Case Managers and Salespeople.
Roles are also created for clients and 3rd parties that may access your system as well. For example, "Client Contact" and "Client Administrator" roles are typically created with limited sets of permissions that allow your clients to see basic information about their cases and do other things such as create new cases or provide additional instructions for ongoing investigations.
Once a user is created in the system and the default permission set is applied, their permissions can be further customized through their user profile.
See Also: How to Customize Your User Roles
Access Groups
On the highest level, an Access Group is the broadest level of security configuration. Access groups are designed to grant sweeping access to certain things such as case reviews, case updates and file uploads; they are essentially containers that holds groups of roles.
For example, you may have an "Internal" access group, that consists of your Investigators, Case Managers, and Salespeople. A case update or file upload that is configured with this access group would only be visible to users that are in one of these roles (assuming the individual has the permissions to view these various sections).
You might also have an "Admin" access group that is only available to your administrative staff. This might be used to restrict access to employee evaluations, case reviews, or other important information that you may not necessarily need your investigators to see.
The same concept of prohibiting access to certain information can be applied to your client contacts and vendor investigators as well.
See Also: Configuring Your Access Groups