Roles and permissions

Roles and permissions are among the user and organization settings that determine what evidence, features, and other resources in Axon applications a user can access, and what they can do with those resources. See Authorization and access overview to learn more about other settings that affect user access.

Permissions

A permission is an action, such as "view" or "edit", combined with a type of data, such as "evidence" or "case".

Dependencies Among Permissions

Some permissions are not configurable unless one or more prerequisite permissions that they are based on are allowed. Additionally, some permissions require a specific license tier to be configured for a role.

For example, when creating or editing a role, the Evidence Management - Edit permission is not available unless the Evidence Management - View permission is not set to Prohibited.

Similarly, the Evidence Management - Redact permission is not available unless the Evidence Management - Edit permission is not set to Prohibited and the license tier for the role is set to Pro.

The Axon Admin Console lists each permission on the Configure Role page, which appears if you select Create Role or edit an existing role. Both options are in Roles & Permissions. To see the descriptions of permissions and what other permissions they depend on, select the down arrow next to the section header.

Roles

A role is way of grouping together permissions to assign to a user. It is usually based on a user's job in your organization, such as Patrol Officer or Supervisor. Every Axon user account must be assigned a role. Pre-configured roles are already set in the system for you to use; some can be edited and some can't.

Pre-Configured Roles

By default, there are pre-configured roles to help you get started. Some roles are locked and cannot be changed.

Locked roles

  • Admin: Locked; requires Pro license.
  • Lite User: Locked; no license required.
  • Lite Armorer: Locked; no license required.

The Lite User and Lite Armorer roles are designed for users who only work with TASER energy weapon logs. The Lite Armorer role acts as a TASER energy weapon administrator and can reassign agency TASER devices and upload TASER logs.

Editable roles

  • User: Configurable; requires Basic license (Pro license required for Pro-specific permissions).
  • Investigator: Configurable; requires Pro license.
  • Armorer: Configurable; requires Basic license (Pro license required for Pro-specific permissions).

Creating, editing, and assigning roles

Anyone with the Edit Agency Settings permission can create and edit roles. Users with the User Administration permission can assign roles to users.

Creating and editing roles can be done from the Admin Console, under Roles & Permissions.

Assigning roles is also done through the Admin Console, under Users, when you Add User or select a user and choose Update Role.

Planning Roles

  1. Review the pre-configured roles and permissions.
    For more information, see the Evidence.com Administrator Reference Guide Appendix A: Roles and Permissions.
  2. Assess the permission-related needs of your organization. For example, consider which users need to:
    • View evidence owned by other users
    • Create cases and share cases with others in your agency
    • Share cases with your partner agencies
    • Generate reports
    • Administer your agency’s security settings
    • It is recommended to allow access to ‘Any evidence’ only for administrative or investigatory roles
  3. Design a role strategy that meets your organization’s needs and the number of Evidence.com Pro and Basic licenses.
    In order for the administration of your Evidence.com agency to remain manageable, it is recommended that you keep your role strategy as simple as you can while meeting your organization’s needs.
  4. As needed, add and edit roles to implement your role strategy.
  5. Assign users to the appropriate roles.

Add a Role

Administrators and users whose role allows the Edit Agency Settings permission can create roles that suit the security needs of your agency.

Watch this video to learn how to create a role.

  1. On the menu bar, select Admin and then under Agency Settings, select Roles & Permissions. The Roles & Permissions page lists available roles in alphabetical order.
  2. Select Create Role. The Configure New Role page appears
  3. In the Role Name box, type a name for the role. By default, all permissions are prohibited, except for the permissions under Login Access.
    Note: To view a description of a permission, select the name of the permission.
  4. Select the license Tier associated with the role.
  5. For each permission that you need to update, locate the name of the permission on the page, and then to the right of the name, select the option you need.
  6. When you have finished setting permissions, scroll to the bottom of the page and then select Save.

The Roles & Permissions includes the new role in the alphabetical list of roles.

Edit a Role

Administrators and users whose role allows the Edit Agency Settings permission can make changes to custom roles and to unlocked, pre-configured roles

If you edit a role to change any of the Login Access permissions, all users assigned to the role receive a notification email about the change.

Watch this video to learn how to edit a role.

Evidence.com immediately begins enforcing the changes to permissions that you made.

To compare permission settings across roles, on the Roles & Permissions page, select Export as CSV. The export downloads a single CSV file that lists all roles and their permission settings in one matrix.

Use the CSV file to review role differences side by side before you update a role or when you need to audit role configuration.

Copy a Role

You can copy the permission settings from an existing role to a new role using the duplicate function.

Watch this video to learn how to copy a role.

  1. On the menu bar, select Admin and then under Agency Settings, select Roles & Permissions. The Roles & Permissions page lists available roles in alphabetical order.
  2. Select Edit (pencil) on the same line as the role that you want to copy. The Configure Role page lists the permissions and their settings for the role.
  3. Scroll to the bottom of the page and select Duplicate.
  4. Enter a name for the new role and select OK
  5. If you want to change the license tier associated with the role, select the new license Tier
  6. If you want to change a permission setting, locate the name of the permission on the page and then select the option you need.
    You may need to scroll the page until the permission is visible.
    Note: To view a description of a permission, select the name of the permission.
  7. When you have finished editing the role, scroll to the bottom of the page and then select Save.

Assign a Role to Users

Agency administrators can assign a role to users by using the Roles & Permissions page.

Watch this video to learn how to assign a role.

  1. On the menu bar, select Admin and then under Agency Settings, select Roles & Permissions.
  2. Select Assign Roles. The All Users page lists all users in your agency.
  3. Search for users and refine the search until the search results include the users to whom you want to assign a role.
  4. For each user to whom you want to assign a role, select the check box to the left of the user name, and then select Update Role. The Assign Role dialog box appears.
  5. In the Role list, select the role you want to assign to the selected users, and then select OK.
  6. On the confirmation message box, select OK. In the search results, the newly applied user roles appear.