Permission Groups & Roles
Requires.
- Index page: Permission Groups with View.
- Group permissions editor: Permission Groups with View.
- Creating / modifying groups: Permission Groups with Modify.
- Deleting groups: Permission Groups with Delete.
- Permission Analyzer: Permission Groups with View and Administration Page with View.
The Permission Groups & Roles area is where administrators control what each user can do throughout SecurityTrax. The three scopes of permission — Company (baseline), Location (override), and Group (by-role) — combine to produce each user's effective permission set.
In practice, Group permissions are the primary lever for day-to-day administration. Use groups to grant users the access they need at the locations where they work.
The page heading is "Permission Groups & Roles" with the subheading "Manage permission groups and roles, plus company and location permissions."
Getting here
- From the Admin index, click Permission Groups & Roles in the Organization section.
- Or navigate directly to
https://portal.securitytrax.com/{your-company}/admin/permissions.
The index page
The main section is Group Permissions, visible to anyone with Permission Groups with View.
Group Permissions
The primary section, visible to anyone with Permission Groups with View. A table of every permission group your company has defined:
| Column | What it shows |
|---|---|
| Name | The group's name. Click to open the Group Permissions editor. |
| Description | Optional description. |
| Members | Count of users currently assigned to this group (across all locations). |
| Assignable | A toggle indicating whether the group can currently be assigned to new users. |
Above the table: an Add Group button (visible if you have Permission Groups with Modify). Clicking opens a modal:
| Field | Required? | Type | Validation |
|---|---|---|---|
| Group name | Yes | Text | 1–255 chars |
| Description | No | Text | — |
Click Save to create. The new group appears in the table with zero members — you'll assign users via Users → Permission Groups & Roles or directly from the group's editor.
Permission Analyzer
The Permission Analyzer helps you audit access without editing any permissions. It is available from the Permission Groups & Roles page and from a user's Permission Groups & Roles tab.
Click Permission Analyzer to open it. The analyzer has two modes.
| Mode | Use it to |
|---|---|
| Permission Search | Discover who has specific permissions. |
| Individual User Lookup | Review permission assignments for one user. |
Permission Search mode
Use Permission Search when you know the access you care about and need to find the users who have it.
| Field | Required? | Type | Validation | Notes |
|---|---|---|---|---|
| Having | Yes | Select | Must be View, Create, Modify, or Delete. | Choose the type of access to search for. |
| To | Yes | Select | Must be one of the listed permission objects. | Examples include user accounts, customers, leads, reports, and other permission-controlled areas. |
| In Office | No | Select | Must be an active location, or Any Location. | Narrows the search to users who have the selected permission at one location. |
| Login Allowed | No | Select | Can Login, Cannot Login, or blank. | Filters the user account's login status. |
| User | No | Select | Must be a listed user, or blank. | Narrows the result to one user while still using the selected permission filters. |
| List all locations and groups | No | Checkbox | None. | Shows each matching location and the groups granting the selected permission instead of a summary count. |
Click Submit to run the search. Results show the user's ID, Name, the office and group information, Active status, Login status, and a Permission Groups & Roles shortcut.
When List all locations and groups is off, the office/group column shows summary counts. Hover the count to see the location or group names. When it is on, the column lists each location and the groups granting the permission there.
Individual User Lookup mode
Use Individual User Lookup when you already know the user and need to review where their permissions come from.
| Field | Required? | Type | Validation | Notes |
|---|---|---|---|---|
| Lookup all permissions for an individual user | Yes | Select | Must be a listed user. | Select the user whose assignments you want to inspect. |
Click Submit to run the lookup. The results default to Summary view, which shows total locations and groups granting permission for that user.
Use View Mode above the results table to switch between:
| View mode | What it shows |
|---|---|
| Summary | One row for the user, with counts for locations and groups granting permission. |
| Detailed | One row per location, with a Location column and a Groups Granting Permission column. |
Analyzer on a user's Permission Groups & Roles tab
When you open Permission Analyzer from a user's Permission Groups & Roles tab, it opens directly in Individual User Lookup mode for that user. The analyzer mode and user selector are locked so you can review only the user you are already editing.
Group Permissions editor
Route: admin.permissions.group.edit with a specific {group} parameter.
A large grid of every permission in SecurityTrax — rows are resource types (Customer, Invoice, Equipment, etc.), columns are action categories (View, Create, Modify, Delete, plus resource-specific variants). Each cell is a checkbox.
Users assigned to the group inherit whatever permissions are checked. Changes take effect immediately on the user's next request.
Saving — Save vs. Save & Stay
Two save buttons sit at the top and bottom of the editor:
| Button | What it does |
|---|---|
| Save | Saves your changes and returns you to the Permissions index. |
| Save & Stay | Saves your changes and keeps you on the editor. Useful when you're making several rounds of edits and don't want to navigate back in each time. |
Bulk toggles
Toggling permissions one cell at a time gets tedious on a long list. Three shortcuts speed it up:
| Shortcut | Where | What it does |
|---|---|---|
| Select All Permissions | Top of the editor | Grants every permission on the page that supports the View / Create / Modify / Delete verbs. Restrictions (the "block this user from doing X" permissions) are skipped — toggle those individually. |
| Select All | Top of each section | Same idea, scoped to the permissions in that section only. |
| Toggle All in Row (the double-check icon next to each row label) | Each row | Flips every checkbox in that row at once. If the row is mixed or all empty, it fills the row; if every box is already checked, it clears the row. |
The bulk toggles only flip the boxes — nothing is saved until you click Save or Save & Stay.
Day-to-day pattern
Most permission management in SecurityTrax happens in this one editor. The typical workflow is:
- Create a handful of groups aligned with job function — "Tech — Install", "Tech — Service", "Billing Clerk", "Sales Rep", "Office Manager".
- Give each group the permissions that role needs.
- Assign users to the appropriate groups via Users → Permission Groups & Roles.
- When a user's role changes, move them to a different group rather than editing their personal permissions.
How the layers combine
When SecurityTrax decides whether user X is allowed action Y at location Z:
- User-level grants (rarely used) — most specific.
- Group memberships for user X at location Z.
- Location permissions at Z.
- Company baseline permissions.
The most permissive applicable layer wins — a grant at any level allows the action. There are no explicit "deny" rules; the absence of a grant is the "deny."
Step-by-step: adding a new permission group
- From the Permissions index, click Add Group.
- Name: something short and role-oriented — "Tech — Install", "Billing Clerk", "Sales Manager".
- Description: a one-sentence "who this is for" note.
- Click Save.
- The group appears in the list. Click the group's name to open the Group Permissions editor.
- Check the permissions the group needs. For example, for a "Billing Clerk": View Customer, View Customer Invoice, Create Customer Payment, Modify Customer Payment.
- Click Save in the editor.
- Go to Users. Open the user you want to give the group to. Go to the Permission Groups & Roles sub-tab. Add the group at the location(s) the user works at.
- The user now has the permissions the group grants at the location(s) you picked.
Documentation Assistant
Ask about the docs in the Help panel lets any user ask the documentation assistant questions about SecurityTrax. It is available to every signed-in user — there is no permission to grant. (This was previously gated by a Documentation Assistant Access permission, which has been retired.)
Not the same thing as the SecurityTrax Assistant. Asking about a customer's or lead's data is a separate feature — the SecurityTrax Assistant (its own sparkles button, ⌘ + I), part of SecurityTrax Intelligence. It has its own permissions (see SecurityTrax Intelligence permissions below) paired with company-level settings, and during early rollout it may not be available to every company.
SecurityTrax Intelligence permissions
Four permissions control the SecurityTrax Intelligence features. Each is a View-only grant, and each AI capability also requires the matching company-level setting to be enabled — a permission alone doesn't turn a feature on for a company that hasn't enabled it. Beyond permissions and settings, your organization must also complete a one-time activation before any AI feature works — see Activating SecurityTrax Intelligence below.
In the SecurityTrax Intelligence category of the permission editor:
| Permission | What View grants |
|---|---|
| Assistant | Free-form chat with the SecurityTrax Assistant in the Intelligence tray (the sparkles button, ⌘ + I). |
| Assists | The one-click saved prompts (Quick Assists) in the Intelligence tray. |
| Automations | Running and previewing customer automations from the Intelligence tray. |
In the Administration category:
| Permission | What View grants |
|---|---|
| SecurityTrax Intelligence Management | The Intelligence admin hub — configuring prompts, assists, and automations for the company. |
The Intelligence tray button appears for a user when any of the three tray permissions (plus its company setting) is available; inside the tray, each section shows only with its own permission. Users with none of them never see the sparkles button.
Activating SecurityTrax Intelligence
Requires. The SecurityTrax Intelligence Management permission.
Before any AI feature runs, an administrator must accept the AI Terms of Service on behalf of your organization. This is a one-time activation. Until it's done, the Assistant, Assists, Automations, and the customer-notes AI summary all stay off — even when the permissions above are granted and the feature is otherwise available.
To activate:
- Go to Administration → SecurityTrax Intelligence → Dashboard.
- On the Activate SecurityTrax Intelligence card, click Review & Activate.
- Read the AI Terms of Service — scroll to the end to enable the acknowledgement.
- Check the box confirming you have read and accept the terms on behalf of your organization.
- Click Accept & Activate.
SecurityTrax records who activated the service and when, along with the version of the terms accepted. Once activated, the dashboard shows the normal Intelligence content and the AI features become available to users who have the matching permissions.
Note. If the Activate card doesn't appear and the dashboard isn't available at all, the feature hasn't been turned on for your organization yet — contact SecurityTrax support.
Step-by-step: giving a tech view access to a new location
- Open the tech's user record from Users.
- Go to the Permission Groups & Roles sub-tab.
- Assign their existing group(s) at the new location.
- Save.
- The tech now sees customers and schedules at the new location using the permissions their group already grants.
Deleting a group
From the Group Permissions editor, click the Delete button (requires Permission Groups with Delete). Confirmation modal asks "Are you sure?". Click Delete to confirm.
Warning. Deleting a group removes it from every user assigned to it. Those users lose the group's permissions immediately. If they relied on only that group, they may lose access to areas they were actively using. Audit which users are in the group before deleting.
Non-obvious behaviors
- Permissions take effect on the user's next request. A user doesn't need to sign out and back in. But any already-open tabs the user has may show stale UI until they navigate.
- Group changes are location-scoped. Assigning a group at one location does not automatically grant the same group everywhere else unless you explicitly assign it at those locations too.