Roles and Permissions
Introduction
In the fourtwo system, roles and permissions are used to control access to different features and functions. Each role represents a set of responsibilities and access rights, ensuring users can only interact with the parts of the system that are relevant to their role.
Users with the User Admin role can manage other users and assign them to different roles via the admin site. The admin site is accesible through <yoursite>.4two.nl/admin. Additionally, User Admins can invite users to the system when Single Sign-On (SSO) is not in use.
Permission Role Overview
| Permission Role | Description |
|---|---|
| Admin Site Access | Grants access to the admin site, but does not provide any additional rights in the admin site. Assign additional admin roles to access admin pages. |
| User Admins | Allows management of users and assignment of roles. |
| Declaration Admin | Manages the configuration of declarations. |
| Declaration Review Manager | Reviews and approves or rejects submitted declarations. |
| Payment Executer | Executes the payments of approved declarations. |
| Expenses Manager | Provides access to the management dashboard. |
| Emissions Manager | Provides access to the kilometer overview dashboard. |
| Sso Config Admin | Provides access to the system's Single Sign-On (SSO) configuration. |
Detailed Permission Group Descriptions
Admin Site Access
Grants acces to the admin site, but does not provide any additional rights within the admin site.
To provide additional rights, assign the appropriate admin role(s) to the user.
User Admins
The User Admin can manage users and assign them to different roles.
Additional responsibilities include:
- Inviting new users to the site.
- Managing user roles and permissions.
- Assigning users and reviewers to Review Groups.
Note that users cannot be invited when Single Sign-On (SSO) is enabled.
Declaration Admin
The Declaration Admin can manage the configuration of declarations.
This includes:
- Creating new declaration types.
- Configuring the fields and validation rules for each declaration type.
- Configuring the approval process for each declaration type.
- Managing office locations.
- Managing client addresses.
SsoConfigAdmin
The SsoConfigAdmin has access to the system's Single Sign-On (SSO) configuration.
The SSO Config Admin is a highly sensitive role and should be assigned with caution.
Declaration Review Manager
Users in this role are responsible for reviewing and approving or rejecting submitted declarations.
The review manager only sees the declarations of their assigned Review Group.
The user manager can assign users and reviewers to review groups.
Auto approved declarations are not visible to the review manager.
PaymentExecuter
The Payment Executer is responsible for executing the payments of approved declarations.
The Payment Executer can reject a declaration as long as the payment has not been executed.
ExpensesManager
The Expenses Manager has access to the management dashboard.
The management dashboard provides an overview of the expense claims and payments in the system.
EmissionsManager
The Emissions Manager has access to the kilometer overview dashboard.
The kilometer overview dashboard provides an overview of the registered kilomters per user.
The Emissions Manager has access to the WPM report.
Managing Permissions
To manage users and assign roles:
- Log in to the fourtwo admin site:
<yoursite>.4two.nl/admin. - Navigate to the "Users" or "Groups" page.
- Assign users to the appropriate roles based on their responsibilities.