A role is a collection of permissions that determines how people with that role will use your Smartabase site. There are two types of permissions:

  • System permissions: these are generic permissions that are common to every Smartabase site. There are important system permissions that govern to a user’s ability to enter data, view or edit their account details, see the sidebar, access their inbox and make use of tools such as reports, training blocks, scheduling and appointments and view their history. There is a full list of system permissions in the reference series.
  • Data permissions: these are permissions specific to the content of your Smartabase site. Each time you create a category, build a form or set up a dashboard, Smartabase provides data permissions so that you can control which users are able to interact with that part of your site and how they’re able to interact with it.

Categories and dashboards each have a single permission associated with them, which enables the user to view the category contents or the dashboard. Note that having permission for a dashboard doesn’t include the permissions for any data which is displayed in a dashboard. You need to add these data permissions separately.

Forms have different types of permissions according to whether they are event, profile, database or related entity forms. Permissions for forms are somewhat hierarchical in the sense that, for example, having write permission automatically gives read permission. This means that you can give people a single data permission for a form which reflects the maximum level of interaction they can have with the data.

The table below describes each type of data permission in order from most to least restricted.

 

Data permission
Events and profiles
Related entities and databases

Linked: ability to see data from this form in other other forms. This data permission means you don’t have to give people full read access to a form. Instead they can see selected information which is linked into forms they have read access to. 

Yes

NA

Calendar: ability to see this form in a user’s calendar if it has been enabled to appear in the calendar. With this permission, someone can see that a record exists and when it was recorded but can only see data that has been set up to appear in the calendar summary.

Yes

NA

Read: ability to view data entered into a saved record for this form. This data permission makes the linked and calendar data permissions unnecessary. Forms which the user has read access to will appear in dashboards, the sidebar, history, reports and other parts of Smartabase. They will not appear in the data entry process.

Yes

Yes

Write: ability to create and edit records for this form. This data permission makes the read permission unnecessary. Forms which the user has write access to will appear in the data entry process, the sidebar, history, reports and other parts of Smartabase. 

Yes

Yes

Delete: ability to delete a record created using this form (exception: related entity records cannot be deleted by a user and must be deleted by a builder). This data permission makes the write permission unnecessary. Forms which the user has delete access to will appear in the data entry process, the sidebar, history, reports and other parts of Smartabase. 

Yes

Yes/No

Searching roles

A screenshot showing an example of the options for searching roles

The collapsible search menu lets you search for:

  • Roles with a name that matches your filter.
  • Roles with a description matching your filter. 
  • Roles that contain (or don’t contain) a specific system permission.
  • Roles that contain (or don’t contain) a specific data permission.

Multi-factor authentication using roles

A screenshot showing an example of the multi-factor authentication process

Multi-factor authentication requires people to verify their identity using a time-based one-time password (MFA code). This is in addition to using their usual Smartabase username and password. If multi-factor authentication is enabled, people must verify their identity on each device or browser they use to access Smartabase.

As an administrator, you can enable multi-factor authentication for specific roles. For example, multi-factor authentication may be required for a medical role, but not an athlete role.

When setting up multi-factor authentication for a role, you need to specify an expiry period. This is the duration, in months, after which someone must re-authenticate.

The expiry period can be set to -1, 0 or >0:

  • -1 means that there is no expiry period and the user does not have to re-authenticate. Once they verify their device once, this will suffice.
  • 0 means that the user will need to authenticate every time they log in, as the authentication expires immediately.
  • >0 means that the user will need to re-authenticate their device when this number of months passes since their most recent authentication.

If in the future, a new expiry period is set, expiry will occur from the most recent date of authentication.

Note that multi-factor authentication can also be enabled as a site-wide setting (contact the Fusion Sport professional services team to get this set up). When enabled for your entire Smartabase site, everyone must complete multi-factor authentication to log in. 

Multi-factor authentication communication channels

Depending on these site-wide settings, you may be able to choose which communication channels are available for users within the role to receive their authentication codes. This setting will become available after you’ve enabled multi-factor authentication for the role, set the expiry period and saved the changes. You can choose from up to three options:

  • Authentication App
  • SMS
  • Email

These options work in a hierarchy: if you select Email in the role settings, anyone with this role could elect to receive their codes via email, SMS or an authentication app. Selecting SMS would not allow people to choose email, but they could choose the authentication app option. If set to Authentication App, people will only have the option to receive codes via this method. You may not have the option to choose all three of these when setting up your role, depending on site-wide settings for multi-factor authentication.

Importantly, if you are restricting to authentication via an authentication app only, people will need to have first logged in and located their multi-factor authentication key. If people cannot log in and locate their key, they won’t be able to set up their authentication app with it. The key can only be accessed by the individual who the user account belongs to (not by an administrator or coach). For instructions on how people can access their multi-factor authentication key, refer to the user accounts article.

HOW TO: CREATE A NEW ROLE
  1. Log in to the Smartabase administration interface.
  2. Select the Roles tool from the administration home page.
  3. Select the Create New Role option at the top of the page.
    1. Name the role.
    2. Provide a description of the role, if necessary.
    3. Set the time out for the role, if required. If you would like to set this timeout to unlimited, type in -1.
    4. Choose whether multi-factor authentication is required for people with this role.
    5. Choose whether single sign-on is required for people with this role. 
  4. Click Save.
    1. Enter the people to whom the role will apply.
    2. Specify the system permissions for the role.
    3. Specify the data permissions for the role.
  5. Click Save.