User Role Creation & Best Practices
Written by Mitchell Ivany
Updated at March 13th, 2025
- Our Products & Services
- Getting Started
- Accounts
- Communication
- Billing
- Companies
- Financial
- Integrations
- Inventory
- Jobs
- Mapping
- Misc.
- Monitoring
- Purchase Orders
- Release Notes
- Sonar Billing
- Voice
- Reporting
- Security
- sonarPay
- Ticketing
- Working With the Sonar Team & Additional Resources
- System
- Networking
Table of Contents
What are User Roles?
In Sonar, User Roles represent a collection of permissions attributed to general categories of individuals, defining which actions can be performed by these groups. When creating a role, you're presented with a list of permissions that can be enabled or disabled. Each individual permission is part of an overall module, and each module interacts directly with a portion of your Sonar instance.
Where are Roles Created?
Roles are created under Settings -> Security -> Roles
Common Roles & Permissions
From a practical point of view, there are certain permissions that need to exist in the instance, and others that you're very likely to use. In this section, we'll be going over the default Account Role, and some very common custom created roles - with their most common associated permissions.
Super-Admin
The Super-Admin Role is not a visible Role, but supersedes Role selection during User Creation. If a user is granted Super Admin level permission, they have full access to the instance and cannot be limited in any way. The first user created for the instance will always be a Super Admin, but can be modified in the future.
Created Roles
In Sonar, you're able to create a series of customized roles to apply to users on your instance, and each of these roles can be modified by making use of the variables contained in the instance.
Customer Portal
| Module | Should Have |
| Account |
Add and remove account services Perform an action that creates an account transaction (e.g. a payment, debit, discount.) View all account transactions Update an account transaction View accounts and related entities Update an account and related entities |
| Contact |
Create a new contact Update a contact Delete a contact |
| Contract |
View all contracts Update a contract |
| Data Usage History | View all data usage history entries |
| Inbound Mailbox | View all inbound mailboxes |
| Invoice Attachment | View all invoice attachments |
| Invoice Message | View all invoice messages |
| Package | View all packages |
| Payment |
View configured payment processors Create a new payment method (e.g. credit card.) View all payment methods Update a payment method Delete a payment method Create a new payment |
| Service | View services |
| Ticket |
View all non-private tickets Create a ticket Update a ticket |
| Misc | Create a data usage top off |
Support Agent
The Support Agent Role is assigned to users who deal primarily in handling inbound communication with your customers
| Module | Should Have |
| Inventory |
View All Inventory Can assign inventory to accounts, yourself, or a vehicle you drive |
| Account |
Add and remove account services Modify account service parameters, such as quantity, name override, and proration Update the billing parameters on an account Perform an action that creates an account transaction (e.g. a payment, debit, discount.) View all account transactions Update an account transaction Whether a user can reverse transactions Create a new account, and related entities View accounts and related entities Update an account and related entities |
| Account Group | View account groups |
| Account Status | View account statuses. |
| Account Type | View account types. |
| Address |
Create a new serviceable address View serviceable addresses |
| Address Lists | View |
| Billing Defaults | View |
| Call Log |
View all call logs Create a call log Update a call log |
| Canned Replies |
View all canned replies Update a canned reply Create a new canned reply |
| Contact | All |
| Contract | View |
| Custom Field | All |
| Data Usage History | All |
| Email Message | All Except delete |
| File | Create, Update, Read, Delete |
| Inbound Mailbox | View |
| Inventory Item | All |
| Job | View, Update, Create, Delete |
| Job Type | View |
| Mass Email | View |
| Network Site | View |
| Note | All |
| Package | View, Update, Create |
| Payment |
View Processors, Create New Method, View Methods, Update Methods, Delete Method, Create New Payment |
| RADIUS Account | View, Create, Update |
| Scheduled Event | View, Update, Create |
| Service | View |
| Ticket | View, Create, Update |
| Ticket Category | View |
| Misc | Issue Payment Refunds, Create Data Usage Top-Off, Update Links Between Accounts and Invoices |
Sales Agent
The Sales Agent Role is assigned to users who field incoming calls from potential customers and sell your services, potentially also creating the serviceable addresses and accounts
| Module | Should Have |
| Inventory |
View all inventory Can assign inventory to accounts, yourself, or a vehicle you drive |
| Account | All except Delete an Account transaction |
| Account Group | View |
| Account Status | View |
| Account Type | View |
| Address | All |
| Call Log | View, Create, Update |
| Canned Reply | View |
| Contact | All |
| Contract | All |
| Contract Template | View |
| Custom Field | View |
| File | Create New, Update, Delete, Read |
| Job | View, Update, Create, Delete |
| Job type | View |
| Note | Create, Update, Delete |
| Package | View |
| Payment |
View Processors, Create New Method, View Methods, Update Methods, Delete method, Create New Payment |
| RADIUS Account | View, Create, Update |
| Scheduled Event | View, Update, Create |
| Service | View |
| Ticket | View, Create, Update |
| Ticket Category | View |
| Misc | Update Links between accounts and invoices, issue payment refunds |
Field Technician
The Field Technician role is assigned to users who are set to be visiting customer addresses and installing or maintaining their service(s)
| Module | Should Have |
| Inventory |
View All Inventory Can assign inventory to accounts, yourself, or a vehicle you drive |
| Account |
Add and remove account services Perform an action that creates an account transaction (e.g. a payment, debit, discount) View all account transactions View accounts and related entities Update an account and related entities Optional (But Recommended): Delete an account transaction Whether a user can reverse transactions |
| Address | View serviceable addresses |
| Alerting Rotation | View all alerting rotations |
| Contract | View all contracts |
| DHCP Server | View all DHCP servers |
| File |
Create a new File Update a File Delete a File Read Files |
| Inline Device | View all inline devices |
| Inventory Item | Update an inventory item |
| IP Assignment |
View all IP assignments Create an IP assignment Update an IP assignment Delete an IP assignment |
| Job |
View all jobs Update a job Allows a user to check themselves in to a job Allows a user to complete their own job |
| Network Monitoring Template | View all network monitoring templates |
| Network Site | View all network sites |
| Note |
Create a new note Update a note Delete a note |
| Package | View all packages |
| Payment |
Create a new payment method (e.g. credit card.) View all payment methods Update a payment method Create a new payment |
| Phone Number Type | View phone number types |
| RADIUS Account |
View all RADIUS accounts Create a RADIUS account Update a RADIUS account Delete a RADIUS account |
| Scheduled Event | View all scheduled events |
| Service | View services |
| Task | Update a task |
| Ticket |
View all non-private tickets Create a ticket Update a ticket |
| Misc |
Optional (But Recommended): Update the drivers of a vehicle |
Read Only - Full Instance
The read-only role is an example role that might be used to provide access to a 3rd party developer who simply needs to look at the UI of your Sonar instance.
| Module | Should Have |
| Inventory |
View all inventory Only view inventory assigned to accounts and network sites that you have permission to view, to yourself, or assigned to a vehicle that you are a driver of |
| Reports |
View generated FCC Form 477 reports. Create a FCC Form 477 report View account reports. View financial reports. |
| Account |
View all account transactions View accounts and related entities |
| Account Group | View account groups |
| Account Status | View account statuses |
| Account Type | View account types |
| ACH Batch | View all ACH batches |
| Address | View serviceable addresses |
| Address List | View all address lists |
| Alerting Rotation | View all alerting rotations |
| Logs | View all log files, regardless of the entity they are attached to |
| Application Firewall Rule | View all application firewall rules |
| Billing Default | View billing defaults |
| Cable Modem Provisioner | View all cable modem provisioners |
| Call Log | View all call logs |
| Canned Reply | View all canned replies |
| Contract | View all contracts |
| Contract Template | View all contract templates |
| Custom Field | View all custom fields. |
| Data Usage History | View all data usage history entries |
| Delinquency Exclusion | View all delinquency exclusions |
| Deposit Slip | View all deposit slips |
| DHCP Server | View all DHCP servers |
| DID | View all DIDs |
| DID Assignment | View all DID assignments |
| Email Category | View email categories |
| Email Domain | View all email domains |
| Email Message | View email messages |
| External Marketing Provider | Read an external marketing integration |
| FCC Form 477 Report | View generated FCC Form 477 reports. |
| File | Read Files |
| General Ledger Code | View general ledger codes |
| Geofence | View all geofences |
| GPS Tracking Provider | View all gps tracking providers |
| Inbound Mailbox | View all inbound mailboxes |
| Inline Device | View all inline devices |
| Invoice Attachment | View all invoice attachments |
| Invoice Message | View all invoice messages |
| IP Assignment | View all IP assignments |
| Job | View all jobs |
| Job Type | View all job types |
| LTE Provider | View all LTE providers |
| Netflow Endpoint | View all Netflow endpoints |
| Network Monitoring Template | View all network monitoring templates |
| Network Site | View all network sites |
| Non-Inventory Item | Read all non-inventory items |
| Package | View all packages |
| Password Policy | View password policy |
| Payment |
View configured payment processors View all payment methods |
| Phone Number Type | View phone number types |
| Poller | View all pollers |
| Printed Invoice Batch | View all printed invoice batches |
| RADIUS Account | View all RADIUS accounts |
| RADIUS Group | View all RADIUS groups |
| RADIUS Server | View all RADIUS servers |
| Scheduled Event | View all scheduled events |
| Schedule Address | View all schedule addresses |
| Schedule Availability | View all schedule availabilities |
| Schedule Blocker | View all schedule blockers |
| Schedule Time Off | View all schedule time offs |
| Service | View services |
| SNMP Override | View all SNMP overrides |
| Task Template | View all task templates |
| Tax | View taxes |
| Tax Exemption | View tax exemptions |
| Tax Provider | View tax providers |
| Ticket | View all non-private tickets |
| Ticket Category | View all ticket categories |
| Ticket Group | View all ticket groups |
| Tower Coverage Configuration | View TowerCoverage integration |
| Tower Coverage Submission | View all TowerCoverage submissions |
| Triggered Email | View triggered emails |
| Uninventoried MAC Address | View all uninventoried MAC addresses |
| Vendor | Read all vendors |
| Vendor Item | Read all vendor items |
| Voice Provider | View all Voice Providers |
| Webhook Endpoint | View webhook endpoints. |
| Event | View webhook endpoint events. |
| Misc | View all timeseries data |
Best Practices for Adding Roles
- When adding Roles, don't be afraid of adding too many! If your business is compartmentalized and structured, it's possible that you end up with 50 distinct roles, and that's okay.
- If your Roles don't exactly align with the examples, not to worry. Every organization will have different needs when it comes to role creation - which is why creation is so flexible.
- Roles don't need to be fixed - if you find that users under a certain role are suffering from insufficient permissions, modifying that role will affect everyone under it.