FORGE
FORGE
Breadcrumbs

Role Definitions

Role Definitions centralize reusable authorization roles within the current tenant scope. These roles let customers apply consistent permission sets instead of managing permissions individually for each user.

Important Notes

  • Roles are evaluated within company and business unit scope.

  • System roles are baseline platform roles and are read-only in the page.

  • Custom roles are intended for customer-managed setup.

  • Permission changes should be reviewed carefully before they are used in production access assignments.

  • Roles are assigned in the Users page.

View the Existing Roles

Use the roles list to review the current setup before adding or changing roles.

  1. In Settings, select Role Definitions.

  2. Scroll down to the list of existing roles to review the following:

    • Name: The display name of the role.

    • Key: The internal role key.

    • Type: Whether the role is System or Custom.

    • Status: Whether the role is Active or Inactive.

Create a New Custom Role

Create a custom role when your company needs a reusable permission set that is not already provided by a system role.

To create a custom role:

  1. In Settings, select Role Definitions.

  2. In the Create Role area, complete the following fields.

    • Role Key (Required): Enter the internal key for the role, such as dispatch.manager. The role key is the internal identifier used for the role definition.

    • Role Name (Required): Enter the display name, such as Dispatch Manager.

    • Description (Optional): Enter a short explanation of what the role is intended for.

  3. Review the normalized role key shown on the page.

  4. Select Create role.

Edit a Custom Role

Update a custom role when the role name, description, or active status needs to change.

System roles cannot be edited. If a role is marked Read-only, it is a system role.

 To edit a custom role:

  1. In Settings, click Role Definitions.

  2. Select the custom role from the list.

  3. In the Edit Role area, review the saved key.

  4. Update the editable fields.

    • Role Name (Required): Keep the display name clear and current.

    • Description (Optional): Update the explanation if the role purpose changes.

    • Active (Optional): Turn the role on or off for future use.

  5. Click Save.

The role key is displayed for reference and is not edited in the Edit Role section.

Assign Permissions to a Role

Permissions determine what the role grants to users who receive that role.

To assign permissions to a role:

  1. Select a custom role from the list.

  2. Go to the Permissions area.

  3. Review permissions grouped by resource.

  4. Select the checkboxes for the permissions the role should grant.

  5. Review the selected count.

  6. Select Save Permissions.

Standard System Roles

BusinessUnitAdmin

Full access within the assigned business unit scope. This role is intended for administrators who manage users, settings, operational records, approvals, and integrations for that business unit.

  • Manage users, role assignments, and role definitions for the assigned business unit.

  • View and update tenant settings, service setup, lookup values, and rate setup.

  • Create, update, schedule, and manage service calls and appointments.

  • Run and commit Smart Planner and schedule-planning actions.

  • View, create, update, approve, and manage timesheets and time entries.

  • View process logs for operational troubleshooting.

  • Send eligible transactions to ERP integrations.

  • Manage Job Cost work including jobs, job statuses, cost codes, job costs, setup, revenue recognition, recalculation, and ERP send actions.

  • View and manage reporting content available to the business unit.

Dispatcher

Schedule and dispatch operations access. This role is intended for users who manage service calls, appointments, scheduling, dispatch support data, and related operational time entry work.

  • View and update service calls and appointments.

  • Use Schedule Board support data such as resources, skill levels, and service settings.

  • Run schedule-planning actions where enabled.

  • Open Timesheets and create or update allowed time entries, subject to employee or manager scope rules.

  • View process logs used for operational troubleshooting.

  • View Job Cost operational information such as jobs, job statuses, cost codes, job costs, and revenue-recognition results.

  • Does not manage users, general settings, rate setup, approvals, or ERP send actions by default.

ServiceManager

Service operations management access. This role is intended for users who oversee service calls, appointments, time-related operational records, and service management lookups.

  • View and update service calls and appointments.

  • View service setup information needed to manage operations.

  • View and maintain timesheet records where allowed, and view related time entries.

  • View process logs for service and operational troubleshooting.

  • Create and update Job Cost operational records including jobs, job statuses, cost codes, and job costs.

  • Run Job Cost recalculation and manage revenue-recognition work where enabled.

  • View and manage reporting content tied to service operations.

  • Does not manage users, role definitions, tenant settings, rate setup, timesheet approvals, or ERP send actions by default.

IntegrationOperator

Outbound integration and ERP send operations. This role is intended for users responsible for sending approved operational data to connected ERP systems.

  • Send eligible service and Job Cost transactions to ERP integrations.

  • Run Job Cost revenue-recognition processing where enabled.

  • View and update their own profile preferences.

  • Does not receive general service, scheduling, settings, users, payroll, or reporting access by default.

SettingsAdmin

Settings and lookup administration access. This role is intended for users who manage setup data, lookup values, and non-payroll administrative configuration.

  • View and update general tenant settings and lookup setup.

  • View users for setup context.

  • View process logs for setup troubleshooting.

  • Manage Job Cost setup such as configuration, master cost codes, cost code formats, categories, and accounts.

  • Does not receive rate setup access by default. Rate Categories, Position Rates, Employee Rates, and Resource Rates require PayrollAdmin or BusinessUnitAdmin access unless specifically customized.

  • Does not create or update service calls, appointments, timesheets, approvals, ERP sends, or Job Cost operational transactions by default.

TimesheetApprover

Approve and reject time submissions. This role is intended for users who review time, troubleshoot approval context, and complete approval workflows without broad service-management write access.

  • View, create, update, submit, approve, and reject timesheets and time entries where allowed by employee or manager scope.

  • View service-call, resource, employee, and service-cost-category context needed for time review.

  • View process logs for approval and export troubleshooting.

  • Does not create or update service calls, appointments, settings, users, rates, Job Cost records, reporting definitions, or ERP sends by default.

Technician

Least-privilege technician access for the Mobile PWA experience. This role is intended for field users who need service call, appointment, time entry, and mobile workflow access.

  • Use the mobile technician workflow, including bootstrap and resource eligibility data.

  • View and update assigned service-call workflow information.

  • View and update appointments, appointment tasks, time entries, and time logs used in technician workflows.

  • Access supporting technician workflow records such as annotations, equipment, products, costs, and purchase-order details where those records are part of the mobile workflow.

  • View service setup information needed for mobile operation.

  • Does not manage dispatch scheduling, users, settings, rates, approvals, reporting administration, Job Cost administration, process logs, or ERP sends by default.

PayrollAdmin

High-privilege payroll operations access for time correction, approval, export, and rate setup management. This role is intended for payroll administrators who manage payroll-sensitive time and rate workflows.

  • View, create, update, submit, approve, and reject timesheets and time entries where allowed.

  • Export approved payroll activity to Greenshades where configured.

  • View service-call and appointment context needed for payroll review.

  • View process logs for payroll and export troubleshooting.

  • View and update payroll-related setup, including Rate Categories, Position Rates, Employee Rates, and Resource Rates.

  • View the service-management and Job Cost information needed for payroll review, without receiving service-call write, appointment write, schedule-planner, ERP-send, or Job Cost write authority by default unless customized.

Viewer

Read-only workspace access. This role is intended for users who need visibility into workspaces and records without creating, changing, approving, or sending data.

  • View users, service calls, appointments, timesheets, time entries, settings, and process logs.

  • View Job Cost operational information such as jobs, job statuses, cost codes, job costs, and revenue-recognition results.

  • View reporting content available to read-only users.

  • Update only their own profile preferences.

  • Does not create, update, approve, delete, send, recalculate, configure, or administer records by default.