Setting Up Admin Role Permissions

How do I know what permissions to give new administrators (admins), and how do I know what those permissions do?

 

 

Introduction

Controlling who has access to the features of a mass notification system is an important security feature. Ensuring that the right individual is capable of only doing what they are authorized to do is essential to the AlertSense/Konexus system's management and preventing mistakes. In the AlertSense/Konexus system, we control access and authorizations by setting “permissions.” Utilizing the AlertSense/Konexus Administrative Permissions tool, you can be sure that the functions within the system are given only to the correct individuals so the appropriate, accurate, and necessary response will occur.

Solution

Through experience with our clients over the years and by understanding the need to develop an Administrative structure, we have developed a guideline for different levels of Administrative rights. The five suggested levels of Admin permissions and their definitions are presented here for your reference.  The names of the levels are not specific to a role within the system.  These are examples only, as most agencies name their roles for specific use cases, such as Dispatch, Public Only, Internal Only, etc.  Other agencies choose permissions individually.

Level 1-Super (or Main) Administrator

The Super Administrators (Super Admin) are the individuals that have every permission available within their region. They have the ability to set up new Administrators with permissions and have ultimate control over the AlertSense/Konexus system.

We suggest that no more than 5 Super Admins be set up for each region. We also suggest that, as a Super Admin collective group, you have a set of agreed-upon standards encompassing the training or authority individuals will need to have when you assign them to different Administrative levels.

Level 2- General Administrator

The General Administrators (General Admin) are Administrators whose permissions are similar to a Super Administrator's (Super Admin) permissions. However, these Administrators should not have permission to set up other Administrators or have access to the Regional Default Options-Settings feature. We suggest separating this level of Administrators into Type A and Type B General Administrators.

• • • Type A would have access to all groups, could send internal messages out to all groups and individual Internal Members, could edit all internal profiles, and could even send out or authorize public call-outs.
    • Type B Administrators would still have a lot of the same ability as Type A, just limited, or “locked” to specific groups that have been determined by the Super Admin. Permission sets beyond internal alerting or Internal Member Administration would be based on the needs of the department and can be changed at any time, or vary per Administrator.

Level 3-Communicator / Send Only

The Communicator has the ability to send alerts out to groups and individuals via text message, mobile app, email, voice calls, and fax. These Administrators are not able to send an alert out to the public without the authorization of a Super Administrator or General Administrator. Internal communication would be the prime responsibility of the Communicator. You have the option of creating a Type A and Type B Communicator, as described in the General Administrator description, to limit a Communicator to specific groups.

Level 4-Specialist

At the basic level of communications is the Specialist. This basic level of communication allows these Administrators to send only text, mobile app, and email messages to Internal Members. Type A and Type B Administrators can also be created at this level, determining permission to send to all groups or just specific groups. This Administration level should not have public alerting capabilities.

Level 5-Database Administrator

The Database Administrator (Data Admin) is the most limited of all Administrators, as their only job is to maintain the records within the Internal Member database. They have access to update information in the database and keep that information current. Type A and Type B Administrators can still apply to restrict a Database Administrator's communication capabilities to specific groups or allow access to all groups.

Benefits

• These general rules give you the ability to control and monitor the number of individuals allowed to access and send alerts, make updates, and view or change Internal Member information through the system.

• By utilizing different Administrative types during an event, individuals know who can escalate an alert from a non-emergency to an emergency level during an event.

• Each Admin will have a unique, easy-to-use interface only showing allowed permissions, which eliminates the chance of confusion.
• You will have an easier time training on separate Administrative functions.

How to Assign Roles

Read this Read this article to learn how to assign Roles.

Implementation

Once the Super Administrators (Super Admin) have attended training on the AlertSense/Konexus system's features, and have permissions set up, then creating separate levels of Administrators can begin. The AlertSense/Konexus Success Team will assist with this process. When all Administrators are trained at their designated levels, group training can be set up and implemented as a yearly forum for each group of Administrators to address questions, review key features and functions, and make user best practices or suggestions for new enhancements. If desired, group training can also be set up upon request with the Success Team for your region at more frequent intervals.

 

Permission Set Examples and Definitions:

Inline Permissions:

These are permissions (authorizations) that are designed to show or hide certain features on the Alert Forms or Dashboard.

If you have questions regarding other permissions, please contact the Success Team since this list includes the most widely-used permissions for the system but is not all-inclusive. 

Example:

• • Mobile App Channel – Allows selection to send alerts to the Internal AlertCommunicator and/or Public myAlerts app
  • Email Channel – Allows selection for email delivery
  • Text Message Channel – Allows selection for text message delivery
  • SMS Priority – Additional dropdown to allow for SMS text delivery using the AlertSense/Konexus shortcode 38276 for Priority Text delivery
  • SMS Polling – Allows text responses from polling notifications – can be used with friendly keyword or randomly generated
  • Voice Channel (Text-to-Speech) – Must be given for any Administrator to send voice calls delivery to a cell, home, and/or business devices stored in each Internal Member’s profile
  • Faxing Channel – Displays checkbox for fax delivery if a phone number is included in the Internal Member’s profile - This feature is being deprecated at the end of 2025
  • Mobile Broadcast Channel - Enterprise feature allowing a request to be sent to the mobile app for the user to share their location for relevant alerts
  • Acknowledge Receipt - if this option is checked, Administrators will be able to include a link for the recipient to confirm they received the message by email - this checkbox will appear next to the recipients' name if they click the link to confirm

Internal Members/Internal Groups/Alert History Sections:

These permissions allow Administrators to add, edit, delete, upload, or update Internal Member or Internal Group information and view Alert History. The permissions given here determine the amount of access the Administrator will have to see phone numbers, emails, and other contact information for Internal Members and historical items.

Example 1:

• • Manage Contacts – This permission must be given to anyone who will have VIEW ONLY or EDIT privileges for Internal Members and will automatically apply based on the additional selections
    
    • Edit Contacts - allows Administrator to edit contact information
    • View Contacts - can be used alone without edit to allow Administrators to only view contact information and not edit anything
  • Internal Groups – This permission allows Administrators to add and remove members from groups and also allows Administrators to add, edit, update, and delete Internal Groups
  • Profile Update Reminder – Allows Administrators to email Internal Members with a link to update their information

Example 2:

• • Export Alert History – Allows any Alert History to be exported in an Excel format
  • Alert History - locked into Groups Exception - Allows any Admin with this permission to see all Alert History even if they are locked to certain groups
  • Mini Console History Button – Displays a shortcut to Alert History on the Dashboard

Alert Forms Section

These permissions allow Administrators to send Public and Internal Alerts and have multiple options for contacting both Public and Internal Members. Permissions to the Alert Forms should be carefully assigned.

Example 1:

Send Alerts to Public Opt-In Subscribers Only

• • Send Public Alert – Administrators with this permission can send alerts to Public Subscribers only
  • Public Alert History – Provides the Alert History for Public Alerts to be viewed on the Alert History page
  • Internal Public Alert History – This permission allows Administrators to view all Weather alerts sent to Public Subscribers and Internal Members in their region
  • Public Signups – Allows the ability for Administrators to view, add, update, and delete Public Subscribers

Example 2:

Facebook, Twitter and Nextdoor

• • Send Social Media – Provides the ability to send to selected social media accounts
  • Social Media History – Provides the Alert History for Social Media Alerts to be viewed on the Alert History page
  • Manage Social Media – This permission gives the Administrator control to add, update, or remove any social media accounts for the region. These accounts are selectable on the Public Alert form to send alerts - this access can be controlled by Access Control
  • Full Social Media Access (regardless of owner or granted roles) - When using Access Control, allows Administrator full access over Social Media regardless of their Access assignment

Example 3:

Emergency Telephone Notification

• • Send ETN Alert – Allows the ability to send ETN alerts using the map selection tool and Public Alert form to a geo-targeted area to include home/business landlines and any public subscribers within the geo-targeted area
  • ETN Alert History – This permission allows Administrators to view all alerts sent by ETN
  • Allow Callout to Public Signups – This is an inline permission that will automatically include Public Subscriber counts for the selected polygon or circle area on the ETN map selection tool. This permission should ALWAYS be given to any Administrator with permission to send ETN alerts

Example 4:

Enhanced Internal Notification

• • Send Alert – Allows the ability to send internal alerts by text and email to selected Internal Members and/or Internal Groups
  • Send Alert History – This permission allows Administrators to view all alerts sent using Send Alert to Internal Members
  • Scheduled Alerts – This is an inline and navigation permission that automatically includes the ability to send Scheduled Alerts to Internal Members and create a navigation link to modify or delete existing Scheduled Alerts. This permission works only in conjunction with the Send Alert form
  • Workflow Polling – Adds inline permission with access to Workflow scenarios, such as escalation, limited duration calls, max attempts calls, shift fill, etc. This permission works only in conjunction with the Send Alert form
  • Survey/Polling – Adds inline permission that allows Administrators to send out polling requests. This permission is automatically added if you assign the Workflow permission to any Administrator. This permission works only in conjunction with the Send Alert form
  • Priority – Adds an inline permission, enabling the Administrator to override the priority order of how individuals are contacted for a phone call out. This feature allows a single device delivery, rather than blast to all devices at the same time.
  • Mobile App Checkbox: Alert Forms: Adds an inline permission that allows Administrators to send push notifications to the Mobile Responder App. This permission works only in conjunction with the Send Alert form.
  • Conference Calling – Allows alerts to be sent requesting and connecting individuals to a conference bridge. This permission requires text-to-speech and can be sent from any alert form
  • ESRI Map - some agencies can select contacts by Map for Internal Notification based on facility or contact locations
  • Ad Hoc Distribution List - Allows Administrators to upload a .csv or other spreadsheet with contacts and information to send an alert - see this article
  • Facility Map Selection - This permission will show a separate section on the Recipients card to choose facilities

Administration/Files/Chat Sections

The Administration section allows Administrators to add, edit, or delete new Administrators, make changes to system defaults, detailed reporting, and higher-level system Administration. The Files/Images section allows Administrators to upload and maintain files and images used as attachments (documents, images, voice or recorded files, etc.) on the Alert forms.

Example 1:

• • Administrator Passwords – Any Administrator assigned this permission will have the ability to set up, modify, or delete new Administrators
  • Options/Settings – This permission has been deprecated due to Branding

• • Monitor System – Provides the ability to see all alerts being sent out by groups/subgroups. This permission should only be given to the Main Administrators
  • Current Admin Logins – Adds the ability for Administrators to view currently logged in Administrators and the dates/times of login to the system
  • Social Media Accounts – This permission gives the Administrator control to add, update, or remove any social media accounts for the region. These accounts are selectable on the Public Alert form to send alerts
  • Usage Report – This report lists all voice calls and faxes sent by the region, listing the number of total calls, successful calls, total minutes, the total number of faxes, and the total number of conference call minutes. This report can be customized by date range
  • Role Management - Allows Administrators to add, update, modify, delete any Role in the system - See Managing and Creating Roles
  • Incident Management - Administrators with this permission are allowed to add, update, delete any Incidents or Named Incidents in the system - this is mainly used by Enterprise tenants
  • Sftp Configuration - Shows configurations for the sftp account for the tenant
    • sftp Import History - Allows Administrators to view the import history for the tenant, including any failures
    • sftp Upload - Allows Administrators to upload sftp files through the web interface
  • Modify Authorization Codes – Should only be given to those allowed to change the EAS or ETN Authorization Code to send Public Alerts. Only a Super Administrator should be assigned this permission. - This permission has been deprecated
  • Execute Bulk Geocode Job - Administrators with this permission are able to geo-code public and internal contacts

Example 2:

• • File/Image Upload – Provides the ability to upload files and images to be used on the alert forms or saved in templates
  • Files – Adds a navigation link to view only the files (not images) that have been uploaded to the system for your region. This creates an easy way to maintain files/documents when needed to remove, update, or delete
  • Images – Adds a navigation link to view only the images (not files) that have been uploaded to the system for your region. This creates an easy way to maintain image files

Example 3:

• • Initiate Chats – Allows Administrator to initiate chat conversations on the mobile app. Any Administrator that is not given this permission will be able to participate in a chat, they just cannot start a chat session
  • Manage Chats - Administrators can remove, update or move Chats

Advanced Features/Implementations

             

• • Manage Channel Defaults - Allows Administrators to control the default channels for all alerts
  • Manage Custom Alert Forms - Administrators with this permission can create customized alert forms that can be assigned to a role
  • Access New WebUI - This permission is required in order for the Administrator role to have the functionality assigned when logging in.  Lack of this permission may result in the Administrator not seeing everything they should have access to do - this is selected by default
  • Add IPAWS Link - This permission adds a shortcut link to https://cap.alertsense.com for Administrators to be redirected to login to Send IPAWS Alert.  This does not add the required permissions for the Administrator. All permissions must be added in the IPAWS system for the Administrator to have proper access
  • Custom Menu for Web Interface - This permission is required in order for the Administrator role to have the functionality assigned when logging in.  Lack of this permission may result in the Administrator not seeing everything they should have access to do - this is selected by default
•  
  • Manage Alert Templates - Allows Administrators to create/manage Alert Templates
  • Full Templates Access (regardless of owner or granted roles) - When using Access Control, allows Administrator full access over Templates regardless of their Access assignment
    
    
  
  
  • Manage Keywords - Administrators with this permission are able to create and manage keywords for the public to opt in  
    
    

• • Manage Integrations - Administrators with this permission are able to set up and maintain Weather Integrations
  • Manage Microsoft Teams Integration - Can manage Microsoft Teams and the integration needed to make Teams work
  • Full Integrations Access (regardless of owner or granted roles) - When using Access Control, allows Administrator full access over Integrations regardless of their Access assignment
    
    
•  
  • Manage Branding - Administrators are able to set up and manage up to 25 brands, depending on the core products purchased
  • Full Branding Access (regardless of owner or granted roles) - When using Access Control, allows Administrator full access over Branding regardless of their Access assignment
    
    

• • Can be assigned tasklists- Administrators can set anyone with this Role permission to be assigned specific tasklists
  • Can watch tasklists- Permission allows any Administrator with this in their Role to watch the progress of any tasklists, whether or not they are assigned to them
  • Can Manage tasklists - Administrators with this permission can manage all tasklists
  • Manage Templates - Allows Administrators to create and manage Tasklist templates
  • Activate Templates - Administrators can activate any tasklist template
  • Create activated tasklists - This permission must be given to any Administrator who will need to activate tasklists
  • Monitor all tasklists - Allows any Administrator with this permission to monitor progress of all tasklists
  • Can modify tasklist on activation - Administrators can modify tasklists prior to activating theme and assigning to an individual or team

• • Can request Translation - can request that alerts be translated into another language

- This section is only relevant to tenants who use Third Party Authentication

• • Manage Third Party Authentications
  • View Third Party Authentications
  • View Third Party Authentication Secrets

• • View Usage Events - Allows administrators to see usage events and reporting (this will replace Usage Report in the future)

• • Receive System Notifications - Allows the set up for some third party applications and triggers for weather, sftp and other events or failures

Most agencies utilize Role Management and may not see these individual permissions listed in their profile. Please work with Success Team for a listing of the permissions contained in each Role if needed, or refer to Role Management.