Mautic Community Forums

Implement roles (in addition to access levels) for users

Combination of two GH issues: https://github.com/mautic/mautic/issues/6162 and https://github.com/mautic/mautic/issues/6642

Add User Group(s) option to allow for more granular Permissions Controls for Mautic instances that have multiple users operating multiple campaigns.

I just discovered this need, I think, unless there’s a way to go about this that I am unaware of. So let’s use a University with 1 instance of Mautic as an example.

At this University, there are several different departments who use Mautic to create and manage their department’s marketing campaigns. Since there are currently no user groups, protocol dictates that each department has one Mautic Editor to run their departmental campaigns. Each Department’s Mautic User only has permission to View/Create/Edit/Delete their own stuff. They can View everyone else’s to see how someone else built something, but cannot edit them, nor can they publish. An overarching marketing group is in charge of publishing—as they proof everything and confirm it’s done correctly, then they publish it for the department to then monitor and manage.

Let’s say the Pharmacy Department has a power user named Jane in place. Jane’s done a great job using Mautic of the past few years to create and manage some very successful campaigns. So successful in fact, that Jane is now moving up the career ladder and changing jobs with a new company.

So the Pharmacy Dept. taps John to be the new Dept’s Mautic User. John is directed to work with Jane for the next month before she leaves to learn how to use Mautic and keep the campaigns running.

However, John doesn’t have the ability to edit Jane’s Emails, Forms, Landing Pages, Campaigns. And the only way to give him that access is to grant him Edit Permissions—which allows John to edit any other user’s stuff. John isn’t limited to editing just Pharmacy, he can now edit anything made by any user.

Worst case scenario, John becomes disgruntled and decides to quite, but makes sure to screw up a few other department’s campaigns before he leaves. Not Good.

This is how Mautic’s current Permissions work. The only other workaround I can think of would be for John to duplicate all of Jane’s work, then migrate all Jane’s Contacts to him and his new cloned campaigns, etc. Not ideal, with alot of room for “oops” to happen.

However, with the addition of “User Groups,” this issue—along with having multiple Mautic Users per department—could be easily fixed. If John and Jane are both members of the user group, “Pharmacy Dept.”, then permissions could be set so John & Jane can both View/Create/Edit their own stuff + the ability to View/Edit any other user’s stuff that’s in the same group, in this example the “Pharmacy Dept.” group.

This seems like an ideal solution that would be fairly easy to implement, and would alleviate issues that the current Permissions system creates as mentioned above. Alternatively, the ability to change Email/Form/Landing Page/Campaign/etc Owner could also address the issue, but keeps it limited to just 1 user per Dept.

Maybe there’s already a way to solve this issue easily that I am unaware of. But as is in Mautic 2.14, Permissions are pretty limited to “Edit Your Stuff” or “Edit Everybody’s Stuff,” which is where the problem lies in a Mautic instance that has multiple users creating stuff.

~

Additional description:

Is it possible to group users by their roles. Let say we have created user role and assigned that role to N users. This role has facility to view own,delete own, edit own, create , etc… for different permission level access.

What is required is that all those users that get are assigned this particular role have access to data created by other users with similar role.