In order to log in to Trelica, a person must be given a user role. Roles define the permissions that a user has to different parts of Trelica, such as applications, spend data, people or assets.
Trelica includes a number of built-in user roles. You can also create custom user roles in order to grant different permission levels to different parts of Trelica.
To view your current user roles, enable or disable the HR, IT and Finance roles, and create custom roles, go to Admin > Settings > Users and expand the Roles section. Click a role to view a summary of the permissions granted to users with that role.
The built-in user roles have the following permissions:
Role | Permissions | Designed for |
---|---|---|
Admin | Access to all Trelica functionality, including permissions and integrations. | IT staff responsible for configuring Trelica. |
Read-only | Can view the same information as Admin users (including financial data) but cannot edit records. Can edit reports in order to gain insights from the data. | External auditors. |
HR |
Read-only access to app overviews. View and edit people. Can also view and manage workflow runs to which the HR role has been granted access. |
Viewing and updating information about employees. Managing onboarding and offboarding workflows. |
IT |
Read-only access to app overviews and edit access to app reports. View and edit assets. Can also view and manage workflow runs to which the IT role has been granted access. |
Reporting on app spend, usage and security risk. Viewing and editing asset data. Managing onboarding and offboarding workflows. |
Finance |
Access to app spend, usage, access and assessments. View and edit spend data. |
Viewing and editing SaaS spend data. Reporting on app spend and usage. |
Operator (deprecated) |
Can view and edit apps, including spend, license and usage data. Can view and edit assets and tasks. Read-only access to the People directory, assessments, user list, integrations and settings. Can view and manage workflow runs to which the Operator role has been granted access. |
Administering apps, assets and tasks without granting access to core settings. |
App management |
Access to apps for which the user has been assigned a role (Owner, IT admin or a custom app role). The level of access to each app depends on the app role. |
Users who need to manage particular apps (e.g. viewing usage data, updating spend or license information, or reviewing access policies) but who should not be able to see usage or financial information about other apps. Note: This role is granted automatically when a person is assigned to an app role (Owner, IT admin or a custom role). |
App Hub |
Can only access the App Hub, where they can browse and request access to approved apps. |
Employees who only need to access to the App Hub. Employees using the browser extension to send app usage data to Trelica. |
Default user role
If you have enabled SAML-based SSO or account requests, a default user role is assigned to new users. You can change this setting from Admin > Settings > Users > Default role. If you add a user manually, you must specify their role.
Regardless of how a person has been given access to Trelica, you can view and change their user role from the People directory: from the context menu select Edit Trelica access. Alternatively, open the person's details and click Edit access.
App management examples
The App management default role is designed for users that will be assigned roles in relation to particular apps. When you grant a user the Owner or IT admin role (or a custom role) on a particular app, they are automatically added to the App management role. You may also want to select the App management role as the default role for new users that are added to Trelica via SAML SSO or account requests.
Users in the App management role:
- Have access to the apps they manage, as per the app role permissions. For example, Owners have full access to the app, whereas IT admins can view app usage information and manage access, but cannot see spend or contract information.
- Can see basic information about any other apps that are included in the App Hub. Depending on your settings, this might be all managed apps or just a subset of your apps.
You can also assign users in other roles (such as Admin, HR or Finance) to apps. Users are granted the relevant permissions on the apps that are assigned to them, in addition to the permissions associated with their role.
Example Dashboard page
As you can see, the user has limited menu options available, but the dashboard highlights apps the user owns:
Spend and renewal data is restricted to spend and renewals for apps that the user owns:
Example App inventory
The App inventory is restricted to apps the user owns and apps that are included in the App Hub. The user cannot add extra columns or filters, and cannot see financial fields:
Example app profile for a 'non-owned' app
For apps the user does not own, the app profile is read-only and no details about app users, spend or licenses are displayed:
Comments
0 comments
Please sign in to leave a comment.