Types of user roles and permissions

Learn about what user roles and permissions can be assigned to employees. You must be an Administrator to access these settings.

There is a wide range of features available with your MRI OnLocation account. Some of these features are only accessible by users assigned with correct permissions. User roles determine what a user can and cannot do in OnLocation. Employees who need to administer specific parts of OnLocation can be assigned the relevant user role. 

An Administrator must send a user a login permission email to an employee before they can log into OnLocation. Learn how to grant employee access.

Your Account Owner must activate any add-ons before you can see them in OnLocation.

Role types

Account Owner

Every account has a single Account Owner. They can access the major account settings area and manage the availability of add-on features within the account. The Account Owner also has the same access as a Global Administrator.

Administrator

Access rights to manage the general location settings and manage employees. These settings are found in the Locations menu.

You also have the ability to manage and grant all user roles, location details, and visitor policy rules. There are two permission levels:

  • Global - manage all locations in the account.
  • Limited - manage only those locations assigned to them.

Once they have this role, they’ll have access to the following features and add-ons (if enabled by the Account Owner):

An Administrator can also assign user role permissions to other employees.

Asset Manager

Access rights to the asset manager add-on and set up assets inventory and issue assets to guests, contractors, or employees. There are three roles:

  • Global - create asset groups, types, add assets, and issue assets into and out of all locations across the account.
  • Manager - create asset groups, types, add assets, and issue assets into and out of their assigned locations.
  • Issuer - issue assets out and receipt them back in, but only for the assets linked to the locations assigned to them.

For more details, have a look at assign the Asset Manager user role article.

Certifications Manager

Access rights to the certifications manager add-on. Types of certifications can include any type of record that's relevant to your organization, including health records, licenses, certificates, courses, registrations, and qualifications.

Administrators can then assign certifications to employees in those locations assigned to them.
Contractor Administrators, Managers, and Coordinators can assign certifications to contractors they administer.

For more details, check the assign the Certifications Manager user role article.

Contractor Manager

Access rights to manage the contractor add-on. There are three roles:

  • Administrator - same rights as a Manager user role, plus this user can manage contractor settings.
  • Manager - manage any contractor organization or member and make them Active.
  • Coordinator - manage contractor members that are part of the same Internal User Access Group as the Coordinator.

For more details, check the assign the Contractor Manager user role article.

Global Questions Manager

Manage the custom questionnaires across your locations. Employees with this role can create questionnaires, choose the sign in/out modes, and then select which locations or location groups the questionnaire is activated for.

For more information, check the Assign the Global Questions Manager user role article. 

Identity Manager

Access rights to the identity manager add-on. The Identity Manager can set up Tokens (Barcode, RFID, Photo ID, etc.) and export token records.

An administrator with the Identity Manager user role can also issue and manage Tokens, and their unique identifiers, against employee profiles.

Induction Manager

Access rights to the induction management add-on. There are two roles:

  • Global - create and manage all courses in the account.
  • Limited - invite participants to eLearning courses who have access to those locations assigned to them.

For more details, check the assign the induction management user role article.

IT Support

Access rights to the security, employee management, and integration functions under Tools > Account.

These functions allow IT personnel to set the password strength and password change policies and access advanced options for maintaining employee access like AD, SSO, SAML.

Users with this user role can access these settings:

  • API – Information about the OnLocation API which can be used for integrations
  • Integrations – Settings for OnLocation's integrations with third-party applications
  • Employee management – Options and information for Active Directory Sync to automatically update your employee database
  • Employee access – Set security restrictions for employee sign-ins such as password strength and single sign-on options

Location Print Manager

Provides the ability to manage ID card print requests for an organization. When a print request is made and sent to a location, the user with this role receives an email and in-app message. They can then print the cards, send them to the provided address, and update the progress in OnLocation.

For more information, check the enabling the identity management add-on article.

OnPass Manager

Access rights to set up and configure the OnPass add-on and email template. There are two roles:

  • Global - manage all locations in the account.
  • Limited - manage only those locations assigned to them.

Reports Manager

Access rights to the reporting functionality in OnLocation.

Sign In/Out Manager

Access rights to a nominated site to manage visitors, contractors, and, if required, employee attendance. There are two roles:

  • Global - manage people for all locations in your account.
  • Limited - manage people only for those locations assigned to them.

Triggers Manager

Access rights to manage the triggers add-on. There are two roles:

  • Global - manage triggers for all locations in the account.
  • Limited - manage triggers only for those locations assigned to them.

For more details, have a look at the enable the triggers add-on article.

Visit Request Authorizer

Access rights to manage visitor requests. There are two roles:

  • Global - manage visit requests for all locations in the account.
  • Limited - manage visit requests only for those assigned to them.

Employee

This is not an assigned role. Any employee who has been given login permission can access basic employee functions such as pre-registering guests and managing their own profile.

An Administrator can send a Login Permission Email to an employee in a location assigned to them from the employee list.

 

Assign user roles

Any Administrator can assign an employee user roles relevant to their location, including making them an Administrator. Most user roles have different levels of access built into that role, e.g. an Administrator can be a Global Administrator or a Limited Administrator.

As an Administrator, you can only assign user roles to feature areas that you have access to. If you have limited access, you can only grant access to limited areas.

To assign a user role, log into OnLocation as an Administrator, then:

  1. Go to Tools > User Roles.
  2. Find the relevant employee using the search fields.
  3. Click Manage Roles next to the employee.

    Manage-User-Roles.png
  4. Select the User Roles you want to assign (and the level of access if relevant).
  5. Click Assign Roles.

    Manage-User-Roles-Assign.png
Next step: The next time the employee signs in, they will have access to that area of OnLocation. If the employee does not yet have access, you will need to send them a login permission email.