System Role Permissions

A System Role is a collection of powers and permissions given to a User. 

Two Line OfieNOTE: This page is referring to System Roles, not Team Roles. Team Roles have their own set of permissions specific to an individual Item.

What is a System Role?

System Roles work in conjunction with User Types and Network Locations to determine a User's access within the system. Every KaiNexus User needs to have at least one System Role, though a User can be assigned as many System Roles as appropriate.

System Roles can determine a User's:

  • Default notification settings
  • Default Board
  • Ability to create certain Items
  • Access to certain Boards
  • Ability to Subscribe to Boards
  • Ability to approve Milestones
  • Ability to grant other Roles to Users
  • Ability to edit Weighted Scores

Two Line OfiePRO TIP: If a User has multiple System Roles, their default notification settings will be the superset of the associated permissions and notification preferences of all those System Roles. These settings can be customized for individual Users.

What permissions can System Roles grant?

A System Role is divided into three categories: Permissions, Advanced, and Admin.  

Permissions

Workflow

Template

  • View
    Permission to view other Users’ public Items within the selected Location(s) that are not in the New status.
  • View New
    Permission to view other Users' new Items within the selected Location(s).
  • Edit
    Permission to edit Items the User can access within the selected Location(s).
  • Request
    Permission to request Users to become the Responsible Team Role on an Item within the selected Location(s).
  • Assign
    Permission to assign Items the User can access within the selected Location(s).
  • View Private
    Permission to view other Users' private Items within the selected Location(s).
  • Toggle Private
    Permission to toggle the private/public state of Items within the selected Location(s).
  • Honor Roll
    Permission to add Honor Roll to Items the User can access within the selected Location(s).
  • Delete
    Permission to delete Items the User can access within the selected Location(s).


Once you select an Item permission, you will be asked where the permission should apply. Select the appropriate location from the drop-down menu.

Everywhere*

The permission will apply to Items in every Location of the organization. This is best for executives or improvement leaders who need to monitor and lead improvement work throughout the entire organization.

*If "Specific Location" is checked, this option will not be available.

Location and Below

The permission will apply to items in the user's own Location or to the specific Location noted above, as well as the Locations under it. This is best for users who need to monitor and lead improvement in a particular area and below, but not at higher levels or those in another branch of the organization's hierarchy.

Only Location

The permission will apply to items in the user's Location or in the specific Location noted above. This is best for users who only need to monitor and lead work done in only a particular unit or Location.

Only User's

This permission will apply only to the user’s own work. This is best for Users who are trained to manage their own Items.

Advanced

NOTE: If "Specific Location" is checked, this section will not be available.

  • Create Boards
    Permission to create and manage personal and private Boards. This will add “+ Create Board” and “Manage Boards” options on the Boards menu in the Navigation Bar at the top of the app. 

  • View Lists
    Permission to view and manage personal Custom Item Lists in the Lists section. This will add a Lists icon option to the Advanced Toolbar.

  • View Impact
    Permission to view the Impact of Projects, Improvements, and Tasks. A User will be able to see the Impact recorded on any Item of which they are on the Team.

  • View Report Data
    Permission to view data on Reports. This will allow Users to view the data on Report Cards on Boards without requiring access to the entire Reports section.

    • Show on Advanced Toolbar
      Permission to view all of the Reports in the Reports section. This option only becomes available if the User has the “View Report Data” permission checked. This will add a Reports icon option to the Advanced Toolbar, where they can view the Reports Snapshot and all Reports, including the System Reports.

  • View People
    Permission to view all of the Users in the People section. This will add a People icon option to the Advanced Toolbar.

Admin

NOTE: If "Specific Location" is checked, this section will be unavailable, with the exception of the Board Administrator and Local User Administrator option.

Admin Permissions Description
Board Administrator

Permission to create, edit, and share access to public Boards within the selected Locations.

Everywhere - allows Users to see, edit, and share any public Board - even if it has been restricted in some way.

Location & Below - allows Users to only see, edit, and share any public Board that is within their current Location & below.
Only Location - allows Users to only see, edit, and share any public Board that is within their current Location.
Only User’s - allows users to only see, edit, and share any public Board that they are the Owner of.

If you have permission to edit a Board, then you will be able to view it via the Manage Boards window.

Escalation Administrator  
Global User Administrator

Permission to manage the organization’s Users (in any Location). This will allow Users to edit other Users’ User Types, Personas, Titles, Positions, Employee Types, Certifications, Roles, Network Locations, and Notification Preferences.

Grantable Roles
You can define which other Roles Users with this Role can grant to other Users.

Receive requests?
Permission to receive support requests from your internal Users.

Local User Administrator

Permission to manage the organization's Users in the relevant Location and below. This will allow Users to edit only other Users’ within their specified Network Location(s) and below Locations. They can edit the other Users’ User Types, Personas, Titles, Positions, Employee Types, Certifications, Roles, Network Locations, and Notification Preferences.

Grantable Roles
You can define which other Roles Users with this Role can grant to other Users.

Receive requests?
Permission to receive support requests from your internal Users.

Global Badge Administrator Permission to grant and revoke manually grantable Badges. People given this permission must also be a Local or Global User Administrator to be able to access users' profiles and grant or remove their Badges.
Quality Administrator Permission to manage the organization’s Network, Level Types, Roles, and Improvement/Project Attributes.
System Administrator Permission to view and manage everything in the System section of the Admin page.
API Administrator Permission to create and edit API Keys. Permission to grant any Role to any API Key. (If your organization has the API module enabled)
X-Matrix Administrator Permission to create and edit any X-Matrix. If your organization has the X-Matrix module enabled)
Comment Administrator Permission to edit or delete other people's comments on items that the user has permission to edit.
Timeline Administrator Permission to delete timeline entries on items that the user has permission to edit.
Multi Chart Import  

PRO-TIP:

After choosing either of the User Administrator permissions:

  1. Check the box next to "Receive Requests" to have people assigned this Role be responsible for handling new account requests, settings users' passwords, and helping users reset their passwords and activate their accounts. This is best for Global User Administrators.

  2. Check the box next to "Grantable Roles" to give people assigned this Role permission to edit users' Roles. You can limit which Roles they can assign by adding those Roles to the "Grantable Roles" field. If you do not check this box, these people will not be able to change a user's Role(s) when editing that user.

 

Your system Role’s main function is to dictate what you can and cannot do within KaiNexus. Thus, Roles can be used in various places within the system and it can be difficult to remember where these Roles are being referenced. Now you have the ability to see if a specific Role is being defined somewhere else in the system.

Places a Role can be referenced:

  • Idea Templates
  • Dashboards
  • Milestones
  • Number of Users
  • Roles (if other Roles can grant this Role)
  • Board Subscriptions
  • Weighted Scores

How to see where a Role is being referenced

To see the areas a Role is being referenced:

  • Navigate to Admin > Organization > Roles.
  • At the top of the Roles page, hover over any of the column headers and to the right of their names click the drop-down arrow.
  • In the resulting drop-down menu, hover over Columns to open up a sub-menu.
  • Within that sub-menu, check the box for Areas Referenced to add that column to the page. 

Recommended Reading

For additional information on Roles, check out the following support pages: