Privileges sometime belong to roles, not specific users

Instead of having privileges just being managed per user, they should be mappable to a new concept of a “roles”. Maybe I’m missing something here, but we’re adding permissions to folks that I know their role in the troop is about to change.

For example, almost every other year we have a new quartermaster. Having the ability to create a role called “quartermaster” and add the “manage equipment” privilege to it.
Then, I just have to change the user currently holding the role of “quartermaster”, and the old user looses the “manage equipment” permission, and the new user gets the permission (just by being a member in this role).

(we have a big Troop)

There are other roles that closely match the other permissions (webmaster, treasurer, training coordinator, etc – these all seem vaguely like “Leadership positions” … just say’n).
Some roles have more than one permission. Some roles don’t have any extra permissions. Some users may have more than one role.

I guess this is a feature enhancement :slight_smile: :: Add privileges to Leadership Positions and allow for email addresses for Leadership Positions (and an option to automatically get a treasurer@trooptrack.com for all those holding the leadership position of treasurer.)

Thanks!

25 Likes

Hi @Eoin!

Thank you for posting this on our community! We’d like to hear some support from the community about this idea, so if you know anyone else interested in this idea please direct them to this post.

2 Likes

I totally agree with the suggestion of a role having the permission.

I’m in IT on the system admin side - have a group that then has permissions associated with it would be awesome.

TroopTrack is close. If a leadership position was assigned permissions, when the leadership role expires, then the permissions expire with it.

QM = equipment management.
Patrol Leader = Patrol permission

I only wish there was a little more granularity on the permissions by section.

As an example - Calendars

Add = people that can post new calendar items. This would be assigned to the events coordinator role.
Edit = people that can update the attendance and service hours, miles, and nights of the a calendar item. The adult coordinator for the event would be automatically assigned this permission.
Delete - TroopTrack admins.

Troop Webmaster would have a more granular role to not have the delete function. They can add and edit the websites.

Those are just some suggestions.

4 Likes

Thanks for the supporting words!

I’d also like to point out that TroopTrack’s “Self/Household/Patrol(Den)/Unit” is an attempt at this mapping.

For example, a parent that takes on the role of Assistant Scout Master, whose role might want to also take on the “Patrol(Den)” permission.

When his term ends, and removed from the role of ASM, his permissions would return to either Self or Household (I guess whatever it was before being controlled by the role).

A scoutmaster might get “unit” added to his permissions while in that Leadership role.

YIS

1 Like

Agreed! I’m a Troopmaster with Trail Life… There are not enough access category choices, with associated permissions. For example, the members if the Direct Contact Leadership Team (TM, Trailmaster, Rangers, Advisor) could/should all have more standard permissions. Same for committee members…

1 Like

We agree as well. It’s hard to remember what exactly to setup everybody with when we create them in their different roles and a role-based permission group would be awesome.

It would make setting up new users and changing things within those users a lot easier, especially when we first were converting to TroopTrack. Setting up every Den Leader with the exact list of 4-5 permissions they needed was a pain. It would have been great if we could create a role called “Den Leader” that says they can do achievements and whatever else we had them set to be able to do, and then only have to mark that on each of them.

As others have mentioned, more granular on the permissions would be very useful as well, but I think that is more of another enhancement request somewhere on here already if I remember right. Like limiting some people to only editing a single webpage (for their Den/Patrol) while the main Troop Webmaster can edit all the pages.

2 Likes

Role-based Permission Group

I agree this would be a useful feature.

To define a few “privilege profiles” that each user would be assigned to, and then be able to revise that profile’s permissions.

Thanks!

2 Likes

Another who would consider this a useful feature.

2 Likes

Great idea- this would be extremely handy even just for youth so that elections are a snap in terms of the shuffling of leadership roles within TT.

Same goes for all adult leadership too- we have a lot of turnover in our Troop (people moving in and out, please moving to other responsibilities every few months) that auditing permissions is very time consuming since it’s user-based and not role-based.

3 Likes

I also agree this would greatly streamline the whole permissions mess there is today.

2 Likes

This is not just a great idea, it should be seen as standard practice. It’s what CMSes use, it’s what databases use, it’s what TT should use. Consider that some recently added permission categories (checklists) require that I go and edit permissions on lots of users. I should be able to just edit the permission for a given role and be done.

I’ll also add that I would really like a better explanation of the interactive between access levels and permissions. I pretty much just throw up my hands and quit at that point…

3 Likes

Should be standard procedure.

1 Like

Yes, we need this feature too. Leadership changes every 6 months and it is so tricky to go back and remove and add permissions for everyone. Customizable Permissions related to leadership positions for scouts and adults would create much safer systems for everyone.

1 Like

I like the idea of leveraging the Leadership positions to assign privileges by roles.

The Leadership positions are cumulative, so having multiple positions can assign the privileges of many roles.
The Leadership positions have end dates, so revoking privileges can be automatic. They also have begin dates, which can be set to the future.

I also saw an Idea about custom Leadership positions. This might be a good task to merge with that idea.

Sean

3 Likes

I agree with this 100%. I think we should be able to set up “sub-levels” to the access role (unit, household, etc) so we can make templates of what every role (e.g., Asst. Scoutmaster) should be able to do and then, when we assign the role, the privileges automatic fill in, and when we remove the role, they disappear. This sure beats having to go through the list for each individual and try to remember what you did for the last guy,

5 Likes

Agree, we need this!

2 Likes

This is how it should of been from the beginning! it gets very annoying having to set each individual permission year after year instead of just changing the role.

1 Like

How many likes does it take to make this a feature?

2 Likes

Hopefully one more…and this is it! :slight_smile:

I could have sworn I posted about this a while back but can’t find it. We also have a large troop so managing security is a chore which would be simplified greatly by security roles. We originally setup all our ASMs with 11 privileges which took a lot of clicking. We decided to add one more and I had to access all 20+ ASMs to grant the one additional privilege. Ugh.

I work in IT and we manage everything through roles. We only grant privileges directly to users in rare circumstances.

4 Likes

I would love to see this! It’s always the thing I forget to do when adding a new parent. Setting permissions by roles will make that problem go away, and all parents would have the same permission.

1 Like