How do I know what permissions to give new administrators (admins), and how do I know what those permissions do?
| Introduction | Answers the question: Why do I need Roles? |
| Solution | Describes the 5 permission levels that Konexus recommends using for Roles (in order of most capability in Konexus to least capability). |
| Benefits | Answers the question: Why should I use Roles? |
| How to Assign Roles | Read this article to learn how to assign Roles. |
| Implementation | How Konexus Will Help You Create an Administrative Structure with Roles |
| Summary | Do we need this section? |
| Permission Set Examples and Definitions | Konexus has lots of permissions that can impact users' capabilities within the software. Learn about available permissions in this section. |
| Alert Forms Section | Learn about the Permissions that allow users to send Public and Internal alerts. |
| Administration | Learn about permissions that enable users to add or edit system admins. |
| Files | Learn about permissions that enable users to control files uploaded to Konexus. |
| Chats | Learn how to give users permission to start a chat in the mobile app. |
NOTE: The following Roles are examples only. Each tenant is able to create and save their own Roles with sets of permissions.
Introduction
Controlling who has access to the features of a mass notification system is an important security feature. Ensuring that the right individual is capable of only doing what they are authorized to do is essential to the AlertSense/Konexus system's management and preventing mistakes. In the AlertSense/Konexus system, we control access and authorizations by setting “permissions.” Utilizing the AlertSense/Konexus Administrative Permissions tool, you can be sure that the functions within the system are given only to the correct individuals so the appropriate, accurate, and necessary response will occur.
Solution
Through experience with our clients over the years and by understanding the need to develop an administrative structure, we have developed a guideline for different levels of administrative rights. The five suggested levels of Admin permissions and their definitions are presented here for your reference. The names of the levels are not specific to a role within the system. These are examples only, as most agencies name their roles for specific use cases, such as Dispatch, Public Only, Internal Only, etc. Other agencies choose permissions individually.
Level 1-Super (or Main) Administrator
The Super Administrators (Super Admin) are the individuals that have every permission available within their region. They have the ability to set up new administrators with permissions and have ultimate control over the AlertSense/Konexus system.
We suggest that no more than 5 Super Admins be set up for each region. We also suggest that, as a Super Admin collective group, you have a set of agreed-upon standards encompassing the training or authority individuals will need to have when you assign them to different Administrative levels.
Level 2- General Administrator
The General Administrators (General Admin) are administrators whose permissions are similar to a Super Administrator's (Super Admin) permissions. However, these Administrators should not have permission to set up other administrators or have access to the Regional Default Options-Settings feature. We suggest separating this level of administrators into Type A and Type B General Administrators.
-
-
- Type A would have access to all groups, could send internal messages out to all groups and individual Internal Members, could edit all internal profiles, and could even send out or authorize public call-outs.
- Type B administrators would still have a lot of the same ability as Type A, just limited, or “locked” to specific groups that have been determined by the Super Admin. Permission sets beyond internal alerting or Internal Member administration would be based on the needs of the department and can be changed at any time, or vary per Administrator.
-
Level 3-Communicator / Send Only
The Communicator has the ability to send alerts out to groups and individuals via text message, mobile app, email, voice calls, and fax. These administrators are not able to send an alert out to the public without the authorization of a Super Administrator or General Administrator. Internal communication would be the prime responsibility of the Communicator. You have the option of creating a Type A and Type B Communicator, as described in the General Administrator description, to limit a Communicator to specific groups.
Level 4-Specialist
At the basic level of communications is the Specialist. This basic level of communication allows these administrators to send only text, mobile app, and email messages to Internal Members. Type A and Type B Administrators can also be created at this level, determining permission to send to all groups or just specific groups. This Administration level should not have public alerting capabilities.
Level 5-Database Administrator
The Database Administrator (Data Admin) is the most limited of all administrators, as their only job is to maintain the records within the Internal Member database. They have access to update information in the database and keep that information current. Type A and Type B Administrators can still apply to restrict a Database Administrator's communication capabilities to specific groups or allow access to all groups.
These levels are just a place to start. We are always happy to help you set permissions as you develop your group structure.
Benefits
- These general rules give you the ability to control and monitor the number of individuals allowed to access and send alerts, make updates, and view or change Internal Member information through the system.
-
By utilizing different administrative types during an event, individuals know who can escalate an alert from a non-emergency to an emergency level during an event.
- Each admin will have a unique, easy-to-use interface only showing allowed permissions, which eliminates the chance of confusion.
- You will have an easier time training on separate administrative functions.
How to Assign Roles
Read this article to learn how to assign Roles.
Implementation
Once the Super Administrators (Super Admin) have attended training on the AlertSense/Konexus system's features, and have permissions set up, then creating separate levels of administrators can begin. The AlertSense/Konexus Success Team will assist with this process. When all administrators are trained at their designated levels, group training can be set up and implemented as a yearly forum for each group of administrators to address questions, review key features and functions, and make user best practices or suggestions for new enhancements. If desired, group training can also be set up upon request with the Success Team for your region at more frequent intervals.
Permission Set Examples and Definitions:
Inline Permissions:
These are permissions (authorizations) that are designed to show or hide certain features on the Alert Forms or Dashboard.
NOTE: Depending on the features that you have chosen for your region, you may see more or fewer permissions on your Administrator Passwords page.
If you have questions regarding other permissions, please contact the Success Team since this list includes the most widely-used permissions for the system but is not all-inclusive.
Example:
-
- Mobile App Channel – Allows selection to send alerts to the Internal AlertCommunicator and/or Public myAlerts app
- Email Channel – Allows selection for email delivery
- Email Confirmation – Displays the Email Confirmation checkbox on the Quick Alert form, allowing alerts to be sent that require a response to confirm an email was received. This confirmation will display in Alert History and can be included with any alert.
- Text Message Channel – Allows selection for text message delivery
- SMS Priority – Additional dropdown to allow for SMS text delivery using the AlertSense/Konexus shortcode 38276 for Priority Text delivery
- SMS Polling – Allows text responses from polling notifications – can be used with friendly keyword or randomly generated
- Voice Channel (Text-to-Speech) – Must be given for any administrator to send voice calls delivery to a cell, home, and/or business devices stored in each Internal Member’s profile
- Faxing Channel – Displays checkbox for fax delivery if a phone number is included in the Internal Member’s profile
- Mobile Broadcast Channel - Enterprise feature allowing a request to be sent to the mobile app for the user to share their location for relevant alerts
Internal Members/Internal Groups/Alert History Sections:
These permissions allow administrators to add, edit, delete, upload, or update Internal Member or Internal Group information and view Alert History. The permissions given here determine the amount of access the administrator will have to see phone numbers, emails, and other contact information for Internal Members and historical items.
Example 1:
-
- Internal Members – This permission must be given to anyone who will have VIEW ONLY or EDIT privileges for Internal Members.
- Internal Groups – This permission allows administrators to add and remove members from groups and also allows administrators to add, edit, update, and delete Internal Groups.
- EDIT Internal Groups Allowed – Allows the ability to bulk upload, manually enter, remove, edit, and update Internal Member details.
- VIEW ONLY Internal Member Details – Administrators with this permission can only VIEW Internal Member information and cannot add, edit, update, remove, or upload new members.
- Profile Update Reminder – Allows administrators to email Internal Members with a link to update their information.
Example 2:
-
- Export Alert History – Allows any Alert History to be exported in an Excel format.
- Mini Console History Button – Displays a shortcut to Alert History on the Dashboard.
Alert Forms Section
These permissions allow administrators to send Public and Internal Alerts and have multiple options for contacting both Public and Internal Members. Permissions to the Alert Forms should be carefully assigned.
Example 1:
Send Alerts to Public Opt-In Subscribers Only
-
- Send Public Alert – Administrators with this permission can send alerts to Public Subscribers only.
- Public Alert History – Provides the Alert History for Public Alerts to be viewed on the Alert History page.
- Configure Public Sign Up Zones –For entities using a customized public enrollment, this is used to maintain and change groups or zones.
- Weather Alert History – This permission allows administrators to view all Weather alerts sent to Public Subscribers and Internal Members in their region.
- Public Signups – Allows the ability for administrators to view, add, update, and delete Public Subscribers.
Example 2:
Facebook and Twitter
-
- Send Social Media – Provides the ability to send to selected social media accounts.
- Social Media History – Provides the Alert History for Social Media Alerts to be viewed on the Alert History page.
Example 3:
Emergency Telephone Notification
-
- Send ETN Alert – Allows the ability to send ETN alerts using the map selection tool and Public Alert form to a geo-targeted area to include home/business landlines and any public subscribers within the geo-targeted area.
- ETN Alert History – This permission allows administrators to view all alerts sent by ETN.
- Allow Callout to Public Signups – This is an inline permission that will automatically include Public Subscriber counts for the selected polygon or circle area on the ETN map selection tool. This permission should ALWAYS be given to any administrator with permission to send ETN alerts.
Example 4:
Enhanced Internal Notification
-
- Quick Alert – Allows the ability to send internal alerts by text and email to selected Internal Members and/or Internal Groups.
- Quick Alert History – This permission allows administrators to view all alerts sent using Quick Alert to Internal Members.
- Scheduled Alerts – This is an inline and navigation permission that automatically includes the ability to send Scheduled Alerts to Internal Members and create a navigation link to modify or delete existing Scheduled Alerts. This permission works only in conjunction with the Quick Alert form.
- Workflow Polling – Adds inline permission with access to Workflow scenarios, such as escalation, limited duration calls, max attempts calls, shift fill, etc. This permission works only in conjunction with the Quick Alert form.
- Survey/Polling – Adds inline permission that allows administrators to send out polling requests. This permission is automatically added if you assign the Workflow permission to any administrator. This permission works only in conjunction with the Quick Alert form.
- Priority – Adds an inline permission, enabling the Administrator to override the priority order of how individuals are contacted for a phone call out. This feature allows a single device delivery, rather than blast to all devices at the same time.
- Mobile App Checkbox: Alert Forms: Adds an inline permission that allows administrators to send push notifications to the Mobile Responder App. This permission works only in conjunction with the Quick Alert form.
- Conference Calling – Allows alerts to be sent requesting and connecting individuals to a conference bridge. This permission requires text-to-speech and can be sent from any alert form.
Administration/Files/Chat Sections
The Administration section allows administrators to add, edit, or delete new administrators, make changes to system defaults, detailed reporting, and higher-level system administration. The Files/Images section allows administrators to upload and maintain files and images used as attachments (documents, images, voice or recorded files, etc.) on the Alert forms.
Example 1:
-
- Administrator Passwords – Any Administrator assigned this permission will have the ability to set up, modify, or delete new administrators.
- Options/Settings – This permission allows an administrator to change Region default settings such as:
- EAS Authorization Code (Emergency Alert System)
- ETN Authorization Code (Emergency Telephone Notification)
- Default Caller ID
- Default Email/Alert Subject
- Default Email Footer
- Default PIN Number – Can only be changed by individuals with this permission
- Upload Customized Dashboard Image
-
-
- Contract Contact Information for AlertSense/Konexus and other administrators to contact with any questions in setting up new administrators and/or contract renewal/update. More than one person can be listed here.
- Monitor System – Provides the ability to see all alerts being sent out by groups/subgroups. This permission should only be given to the Main Administrators.
- Current Admin Logins – Adds the ability for administrators to view currently logged in administrators and the dates/times of login to the system.
- Social Media Accounts – This permission gives the administrator control to add, update, or remove any social media accounts for the region. These accounts are selectable on the Public Alert form to send alerts.
- Usage Report – This report lists all voice calls and faxes sent by the region, listing the number of total calls, successful calls, total minutes, the total number of faxes, and the total number of conference call minutes. This report can be customized by date range.
- Modify Authorization Codes – Should only be given to those allowed to change the EAS or ETN Authorization Code to send Public Alerts. Only a Super Administrator should be assigned this permission. - This permission has been deprecated.
-
Example 2:
-
- File/Image Upload – Provides the ability to upload files and images to be used on the alert forms or saved in templates.
- Files – Adds a navigation link to view only the files (not images) that have been uploaded to the system for your region. This creates an easy way to maintain files/documents when needed to remove, update, or delete.
- Images – Adds a navigation link to view only the images (not files) that have been uploaded to the system for your region. This creates an easy way to maintain image files.
Example 3:
-
- Initiate Chats – Allows administrator to initiate chat conversations on the mobile app. Any administrator that is not given this permission will be able to participate in a chat, they just cannot start a chat session.
Advanced Features/Implementations
-
- Manage Channel Defaults - Allows administrators to control the default channels for all alerts
- Manage Custom Alert Forms - Administrators with this permission can create customized alert forms that can be assigned to a role.
- Access New WebUI - This permission is required in order for the Administrator role to have the functionality assigned when logging in. Lack of this permission may result in the Administrator not seeing everything they should have access to do.
- Manage Alert Templates - Allows Administrators to create/manage Alert Templates
- Custom Menu for Web Interface - This permission is required in order for the Administrator role to have the functionality assigned when logging in. Lack of this permission may result in the Administrator not seeing everything they should have access to do.
- Manage Keywords - Administrators with this permission are able to create and manage keywords for the public to opt in
- Manage Integrations - Administrators with this permission are able to set up and maintain Weather Integrations
- Manage Branding - Administrators are able to set up and manage up to 25 brands, depending on the core products purchased
Most agencies utilize Role Management and may not see these individual permissions listed in their profile. Please work with Success Team for a listing of the permissions contained in each Role if needed, or refer to Role Management.