User Access Control (comprehensive article)
Overview
The process of setting up roles and positions in IQ has evolved over the lifetime of the software and is very adaptable and customizable.
Understanding how the different elements of positions, roles, menus and back end settings work together is critical for successful deployment.
There are five elements of User Control:
1) The User Type
2) The User Position
3) The Roles Assigned to Positions
4) Roles Assigned to Menu Access
5) Role Administration
For information on creating an Estimator with the ability to custom quote without having ADMIN rights, or to limit estimators' view of the grid, etc, or to restrict pricing abilities, see this article: Creating a Restricted Estimator Role/Experience
USER TYPE
The first aspect of user control is setting the USER TYPE.
The first choice for a user is to decide if the user is a CUSTOMER, a STAFF, a SUPPLIER or a SHOP FLOOR user. These global settings will control certain abilities of the user at a high level.
STAFF users are the ones which have the most variability and customization for access to your IQ instance.
POSITIONS
The second aspect of user control is POSITIONS. Positions are pre-set collections of “ROLES” which you can apply to your employees.
Each user can be set a “position”. Positions are setup by your company’s IQ Superuser Admin.
SUGGESTION: IQ comes with a base set of POSITIONS which we recommend that you duplicate, name and customize for your own company’s use – leaving the original set as “templates” for future reference.
To goal of positions is to standardize the permissions for a group of employees sharing a similar job. For example, a group of Customer Service Representatives may have all the same “permissions.” By creating a “position” and applying it to each of these CSR’s, any changes made to the “Position” will then apply to all employees. For instance, if you needed to give the CSRs the ability to make PO’s you can add that role to the CSR position and then all the CSRs can perform that function.
If you needed two sets of positions for CSRs (one’s who can make Purchase Orders and ones who cannot) you can make two versions of the CSRs (ie. senior and junior) and then all the employees under the Junior CSR Position may not be able to make Purchase Orders, whereas all those with the Senior CSR Position will be able to.
ROLES
The third aspect of user control are the roles (these work in conjunction with Positions and Menus).
Roles are the rudimentary level that allow or do not allow certain functions. (Positions are collections of Roles). The following are the “ROLES” within Print IQ with a brief description of what each one does:
| ROLE | BASIC FUNCTION |
| Admin | The top level, most powerful role that gives access to all functions in IQ allowed to the IQ Super User |
| Anonymous Quoter | Designed to be used with the Smartsite Quoting Widget role only (and the only role the Widget user has) |
| Customer | Set for "Customer Only" roles. If using IQ Store, "Sales Customer" is also used. |
| Demo | Only used for demo accounts on sales sites - you should not use this role for any of your accounts |
| Dispatch Admin | Full access to the Dispatch process. |
| Dispatch User | Limited access to the Dispatch process e.g. job history, job details, stock pick, operation timing. |
| Factory Admin | Allows access to inventory should also have ‘Internal’ checked. Only users with role Factory Admin or Admin can view unpublished quotes even if they created the quote. |
| Factory Staff | Allows operation timing and access to production boards, don’t check ‘Internal’ if you don’t want the user to see pricing only access production boards. |
| FileArchive | No longer have any intrinsic settings tied to it, may be removed in future. |
| Files | No longer have any intrinsic settings tied to it, may be removed in future. |
| Finance | No longer have any intrinsic settings tied to it, may be removed in future. |
| Internal | |
| Invoice Admin | Full access to invoicing, including managing misc charge types, GLAs, tax types etc. |
| Invoice User | Access to invoicing, only able to create and edit invoices. |
| Job Auditor | Allows user to access the Job Audit screen to check Quoted v Actual v Invoiced amounts. |
| Planner | Access to job planning. |
| Pre Press | No longer have any intrinsic settings tied to it, may be removed in future. |
| Press | No longer have any intrinsic settings tied to it, may be removed in future. |
| PriceAdj - Admin | This is the highest level generally used for Owner’s/Manager’s and is set to mark down to 0%. The actual discount amounts in the examples below are configurable under the Admin Menu – Admin>Pricing Admin>Pricing Adjustments. |
| PriceAdj - Estimator | Allows mark down to pure cost. Jobs cannot be marked down below 100% pure cost. The actual discount amounts in the examples below are configurable under the Admin Menu – Admin>Pricing Admin>Pricing Adjustments. |
| PriceAdj - Retailer | Allows mark-up from a retail price list with no discounts possible below 100% retail price. The actual discount amounts in the examples below are configurable under the Admin Menu – Admin>Pricing Admin>Pricing Adjustments. |
| PriceAdj - Staff | This is the lowest level and is used for Account Managers and is set to mark-up from a wholesale price list with no discounts below the 100% wholesale price possible. The actual discount amounts in the examples below are configurable under the Admin Menu – Admin>Pricing Admin>Pricing Adjustments. |
| Product Admin | Gives you ability to administer products. |
| Purchase Approver | Can approve purchase orders, or be used for limiting how much an employee can approve based on the settings in their user. |
| Quote Approver | Can approve Quotes, or be used for limiting how much an employee can approve based on the settings in their user. This can be used for Customers as well, where there is a Marking Department that has the final say, and sub departments can only authorize jobs upto a certain dollar amount. |
| Reporting Admin | Admin / Edit access to Reports. Also needs “Admin” checked to enable access to the Reports Menu which sits under the Admin Menu. This is only relevant if you have the Reporting Module. |
| Reporting User | This role can’t view the reports without having “Admin” checked as well. Admin would then give higher access to other areas that you may not want. |
| Retailer | Allows user to see Wholesale price (but not costs). Not generally used, this functionality is now part of IQlink. IQlink allows different IQ companies to quote products residing on the other’s system. Compared to the capabilities of IQlink the Retailer role has limited functionality. |
| Sales Admin | Full access to the IQstore Sales Orders board, including creation & editing. |
| Sales Customer | Customer IQstore access, can be used in conjunction with Customer role. |
| Scheduler | Access to add or change the 'Due Dates', access to Capacity Planning. Having Scheduler along with both Internal and Factory Staff roles checked on as well provides access to the Capacity Planner and allows due date changes on jobs. When Scheduler is checked on with Internal, due dates can be changed but Capacity Planner cannot be accessed. |
| Site Admin | Gives you more control of a particular site. Useful if you did not want to give full Admin access to all factory sites. This role can view and edit pricing details for the specified site. |
| Storefront Admin | No longer have any intrinsic settings tied to it, may be removed in future. |
| Supplier | For Supplier users only, it is usually the only role they have. This role allows connecting to upload prices. New functionality on outsource quoting allows an email to be sent with a GUID (globally unique identifier) in it. This allows a one-off login to the supplier for their Outsource Details of the quote, this negates having to create a supplier as a user. |
| Web Customer | No longer have any intrinsic settings tied to it, may be removed in future. |
Positions are collections of relevant roles. If you need to customize certain positions you can use the “red roles” to define things that are specific to your organization. These have no intrinsic pre-set restrictions, and therefore can be assigned specific functionality in the Role Administration (see below). Talk to your IQ Build lead to discuss strategies with these.
MENUS
The fourth aspect of control is the Menus. You are able to control who can see certain menus within IQ. You can set access to menus by “roles” (not positions as they vary company to company).
Remember, you may give someone a POSITION that includes roles that allow certain functionality, but if the “role” is not allowed to view the menu then they will not be able to find the function they are expected to complete.
Conversely, if you give someone view to a MENU without having ROLE that allows this functionality, they will receive an error stating they do not have permission to access this functionality.
IQ ROLE ADMINISTRATION
The fifth aspect of controls is outside of your control as a print IQ super user. This will require communication with your build lead or the support desk to help you set up access to certain things.
This happens "behind the curtain" and is only accessible to printIQ build leads and support staff, not IQ SuperUsers
The chart below shows you what the “behind the curtain” settings are regarding user ROLES.
| Area | Back End IQ Toggle | Purpose |
| Freight | Carton display on the freight control - Required RolesS | How cartons in the pricing description on the freight control |
| Freight | Role Based Blind Shipping | Allow multiple user roles who can do blind shipping |
| Freight | Smaller carton display on the freight control | Show smaller cartons in the carton selector dropdown on the freight control |
| Freight | View Freight Pricing Calculations | Sets what roles a staff user requires to be able to view the freight pricing calculations |
| Inventory | Users with these roles can edit the price on an inventory purchase order that has been receipted in | If user is in any of the roles then they will be able to edit the price on an inventory purchase order that has already been receipted into stock. Please note that picked inventory will NOT be changed when editing the PO. |
| Invoicing | Commission Roles | Roles that can view and edit commission on quotes and jobs |
| Invoicing | Create Credit Note Roles | Roles which can create a credit note |
| Invoicing | List of roles that can bypass the over invoicing check | If allow over invoicing is off, users with this role can bypass the check and save the invoice anyway. |
| Invoicing | Roles that can Approve Invoices | A list of roles that are able to approve invoices |
| Invoicing | Roles to use Shared customer Saved Credit Cards | Only users in these roles will be able to use shared customer saved credit card details |
| Invoicing | Tax Adjustments Roles for Sales Invoices | Turns on tax overrides for sales invoices for the selected roles. Can only be adjusted by the amount based on the "Tax Adjustment Max Value" Setting |
| Invoicing | Tax Adjustments Roles for Supplier Invoices | Turns on tax overrides for supplier invoices for the selected roles. Can only be adjusted by the amount based on the "Tax Adjustment Max Value" Setting |
| IQ Store | Manual Backorder Check - Required Roles | List of roles that can see the manual backorder check button on the sales order board. |
| IQ Store | Print IQ Sales available quantity roles | Roles which can view stock remaining |
| PrintIQ | Customer Export - Required Roles | Show customer export feature if user has any of the selected roles |
| PrintIQ | Dynamic Catalogue Roles | List of roles that can access the dynamic catalogue creaton process |
| PrintIQ | Inventory Transfer Visibility | Controls which roles can see the Inventory Transfer section of dispatch on Job Details |
| PrintIQ | LDAP User Creation - Roles to Assign | Which roles are added to new users created via LDAP authentication by default |
| PrintIQ | Print IQ Admin Active Flag Roles | Roles which can admin Active flag on the customer admin screen |
| PrintIQ | Print IQ Admin Credit Terms Roles | Roles which can admin credit terms on the customer admin screen |
| PrintIQ | Print IQ Admin Ref1 Roles | Roles which can admin Ref1 on the customer admin screen |
| PrintIQ | Print IQ Admin Ref2 Roles | Roles which can admin Ref2 on the customer admin screen |
| PrintIQ | Print IQ Admin Ref3 Roles | Roles which can admin Ref3 on the customer admin screen |
| PrintIQ | Print IQ Job Bag Roles | Roles which can access the job bag |
| PrintIQ | Print IQ Payment Override Roles | List of roles that can override payments |
| PrintIQ | Print IQ Time Admin Roles | Roles which can modify and restart timing on the job bag |
| PrintIQ | PrintIQ Web User RolesComma separated | list of Roles assigned to users created with the authentication web service |
| PrintIQ | PrintIQ_CanEditDueDateRole | Roles required to be able to update the due date |
| PrintIQ | PrintIQ_CopyQuoteOptionRoles | Roles required to see the custom options for copying a quote |
| PrintIQ | PrintIQ_MultisiteSelectorRoles | Specify user roles that have acces to multiple sites |
| PrintIQ | PrintIQ_PayLaterRoles | List of roles that can skip payment |
| PrintIQ | PrintIQ_Quote_ExpiryUpdateRoles | Specifies the roles that can update expiry dates on a quote |
| PrintIQ | PrintIQ_RolesRequireQuoteProductApprovalCheck | PrintIQ_RolesRequireQuoteProductApprovalCheck |
| PrintIQ | PrintIQ_Tasking_GetAssignableUserRoles | Specify user roles that can assign tasks to other users |
| PrintIQ | Sensitive Customer Info Roles | List of roles that can edit customer credit terms, pricing tier, account status, discount/surcharge and price list actions. |
| PrintIQ | Simplified Session Product Creation Roles Required | Enable simplified sessions product creation screen and show template product button on quote artwork, quote details, job details screens |
| PrintIQ | User Admin Roles | Roles which have User Admin privileges |
| PrintIQ | Users that can change a quotes account manager | The comma separated list of user roles that can edit the Account managers on a quote |
| Production | All Jobs Board Search | All RolesSets the roles allowed to use the Search All behaviour of the All Jobs Board |
| Production | Job Edit Factory Location | Sets which roles can edit the factory location on a job on the job details screen and all jobs board |
| Production | Lock down complete/cancelled jobs | Locks complete or cancelled jobs from modification until the status is changed back to "In Progress" by a user with one of these selected roles. |
| Production | Lockdown job when "On Hold" | Controls if the job is to be locked when in the "On hold" status. NOTE: The setting "Roles that can change on hold status" is only active when this setting is on. |
| Production | Roles that can access rework job functionality | List of roles that can access rework job functionality. If blank any role can access. |
| Production | Roles that can access the all factory locations dropdown value on job, preprod and production board | Sets which roles can see the all locations value in the factory location dropdown on the job, pre-production and production board. If no roles are selected then anyone can see the all locations value |
| Production | Roles that can assign users to job | Set which roles a users needs to assign other users to jobs |
| Production | Roles that can change on hold status | Roles that can change the status of on hold jobs that are locked down. NOTE: The setting "Lockdown job when On Hold" must be on for this setting to take effect |
| Quote | Full Pricing Grid Access | A list of roles that can view the full pricing grid on the bespoke quoting screen |
| Quote | Limited Pricing Grid Access | A list of roles that can view a limited pricing grid on the bespoke quoting screen |
| Quote | Lock Quote | Sets which roles can lock a quote from the quotes board |
| Quote | Roles able to edit the Pricing Grid | Determines which user roles are allowed to edit the Pricing Grid on custom quotes. |
| Reporting | Advanced Reporting Roles | Roles that can access new advanced report page |
| Reporting | Instant Reporting Roles | Roles that can access new instant report page |
| Reporting | New Dashboard Reporting Roles | Roles that can access new dashboard reporting page |
| RFQ | If true then only users with roles specified in the setting RFQ_RestrictedStatusUpdate | Roles can update the RFQ statusI |
| RFQ | See RFQ_RestrictStatusUpdateToRoles | |
| Timing | User timing admin roles | Determines what user roles are considered admins when interacting with the user timing module. Requires module setting 'User Timing enabled'. |
Each toggle can have roles assigned to it:
*Roles highlighted in red are discontinued and have no intrinsic "permission" tied to them
You can request your build lead (or make the request in Desk) set roles against the back end toggles for you.
For instance, if you want certain roles to be able to change the credit terms, you can have these set in the “back end toggle”.
There are also ways of customizing what different sales people see. Check out the Restricting Sales User article to review this.
Related Articles
Setting Up User Positions
User Positions, Roles and Details Setup & Admin This article describes the tools available for managing user accesses. It covers User Positions, User Details and User Roles. There are three user types – Staff, Customer and Supplier: Customer users ...Create User
What is a user? A user is a person who has been given permission to log in to printIQ. Access permissions depend on the user's role. The types of users are: staff, customers, suppliers and Shop Floor (please see linked article about Shop Floor ...Menu Admin – Rename and Editing options
Introduction In printIQ all main menu and sub menu titles can be edited and renamed by users with access to the ‘Menu’ page. These are global changes and will be updated for all users. To make changes, go to ‘Admin’ > ‘Menu’: To change a main menu ...Managing Account Managers and User Roles
Create Account Manager To add the details for any ‘Account Managers’ (AM) you wish to add into printIQ follow the steps below. All this is managed from the Admin > Users menu at the top of the screen. On the Users screen you can either filter the ...Basic Estimator Role – User Experience, Quote Access and Price Adjustment Restrictions
Basic Estimator Role If you are set up to be an Basic Estimator you will have the following experience: This setup requires your company IQ Super User to work with their IQ Build Lead to setup Admin Restrictions You will be restricted from the deeper ...