BMS Security | Roles


The Roles page determines the access an employee has to different modules, menus and selected settings. The system provides several predefined security roles for both internal and external users. You can also add custom security roles. A person assigned multiple security roles has access to the combined privileges of all assigned roles. Certain permission categories include special features. Use utmost diligence when you assign roles to employees or remove roles from them. Roles directly impact overall access to BMS.

BMS comes preloaded with eight predefined roles. These include six predefined internal roles and two predefined external roles.

Predefined Roles

Internal Roles

Role Description
Administrator The highest level of permissions. Complete access to add/edit/delete, and configure any record across the system across all modules.
Project Manager Access to Project Management modules and related reports. Add/edit/delete projects, clients, approval routes, and employees. Also, adjust/approve time and expense-sheets.
CRM Manager Access to CRM modules and related reports. Add/edit/delete customer contacts, opportunities, activities, and customer quotes.
Finance Manager Access to Finance modules and related reports. View/update/process billing, invoicing, receivables, account setups, and payments.
Service Desk Manager Access to Service Desk module and related reports. Add/edit/delete service desk settings in Admin module. Create workflow rules, etc.
User Access restricted to personal information, time and expense sheet entries, and time-off requests.
<Custom Role> Custom permissions given. An admin can pick and choose custom permissions at page level and feature level.


External Roles

Role Description
External User Used by clients using Client Portal
External Manager Used by clients using Client Portal


Special Features

Special features are special permissions associated with a module that give access to certain pages with certain rights. These special features are mentioned as a separate section in the Permissions tab of the role's page under the pages and permissions section. The below sample image is an extract from the Home module's pages and permissions section of User role. In release 5.27.0, the previous text Special Features "Restrict Based on Queue Access" has been changed to "Enable Ticket Visibility for Merged/Absorbed Tickets Based on Queue."


Quick Tickets

Security roles have a Client Portal option called Quick Tickets. When checked in a security role, customers are presented with a simplified page layout when adding new tickets. If unchecked, customers are presented with the same page layout that employees see.


Adding a (Custom) Role 

In addition to the predefined roles that come with BMS, you can create your own custom role.

Note: You cannot delete predefined roles. You can delete only custom roles which you have created.

  1. Go to Admin > Security > Role page.
  2. Click New.
  3. Name: Enter a name for the role.
  4. Description: Enter a brief description for the role.
  5. Role Type: Select External or Internal as the case may be.
  6. Status: Select Active or Inactive as the case may be.
  7. Click Save. Once you click Save, a panel with two tabs - Permissions and Role Users - opens to the bottom. The panel has separate sections for each module. Click to open each module downward. Each module has permissions at the page level and feature level.
  8. Select the respective checkboxes of each page or feature to provide permissions. Select as many pages and features as you want. Repeat the process for as many modules as you want. In case you want to provide view-only permissions to the entire module, click Allow View All. In case you want to provide view and modify permissions to the entire module, click Allow Modify All. If you click Allow Modify All, it will also give view-only permissions too. But it is not true the other way around.
  9. Click Save. The role with the assigned permissions is now saved.

Deleting a Custom Role 

  1. Go to Admin > Security > Role page.
  2. Click to open the custom role that you want to delete.
  3. Click Delete on top.


Adding a User to a Role

  1. Go to Admin > Security > Role page.
  2. Click to open the role to which you want to add a user.
  3. Go to Role User tab.

  4. Click Add. A window with a list of users for that tenant opens.

  5. Select the checkboxes next to each user. Select as many users as you want. Exercise due diligence when you are adding users to the role. Reflect if you are adding the right users to the role.
  6. Click OK

Deleting a User from a Role

  1. Go to Admin > Security > Role page.
  2. Click to open the role from which you want to delete the user.
  3. Go to Role User tab.
  4. Select the user whom you want to delete from the role.
  5. Click Delete.



Have more questions?

Contact us

Was this article helpful?
0 out of 0 found this helpful

Provide feedback for the Documentation team!

Browse this section