User roles
Understand roles and the permissions associated with them.
There are two sorts of role in Trelica:
- User roles. This is the role a user has when they log in to Trelica. User roles have specific permissions attached to them which control the data that the user can see and the actions that they can perform in Trelica.
- App roles. This is the role a person has in relation to a particular app (such as Slack or Okta). In Trelica, you can add people to app roles in order to identify the individuals responsible for particular apps. By default you can set the business owner and the IT contact for an app, but you can also create custom app roles.
App roles are assigned to people. If you want a person in an app role to log in to Trelica (for example, to view usage data, update license information or update tasks relating to their apps), you will need to invite them to log in to Trelica, making them a user.
In order to log in to Trelica, a user must be given a user role. If you have enabled SAML-based SSO or user requests, a default user role is assigned to new users. If you add a user manually, you must specify their role.
Regardless of how a user is created, you can view and change a user's role from the Admin > Users view.
To view the available user roles, navigate to Admin > Settings > Users page. In addition to the default roles, you can enable two optional roles: HR and IT.
User roles have the following permissions:
Role | Permissions | Use case |
|---|---|---|
Admin | Access to all Trelica functionality. | This role should be limited to IT staff. |
Read-only | Can view the same information as Admin users (including financial data) but cannot make changes. | External auditors. |
App owner | Read-only access to the apps inventory (excluding financial data).
Full (edit) access to apps for which they have an "ownership" app role (i.e. business owner, IT admin and custom roles with edit capabilities).
Access to tasks that are assigned to them or involve them. | Users that need to manage particular apps (e.g. viewing usage data, updating spend information and adding license details) but should not be able to see financial information about other apps. |
App hub | Can only access the App Hub, where they can browse and request access to approved apps.
No access to app usage data or financial data. | |
HR | Read-only access to the apps inventory (excluding financial data).
View and edit People. Access to tasks that are assigned to them or involve them.
Can view and manage workflow runs to which the HR role has been granted access. | Viewing and updating information about employees.
Managing provisioning and deprovisioning workflows. |
IT | Read-only access to the apps inventory (excluding financial data). View and edit Assets. Access to tasks that are assigned to them or involve them.
Can view and manage workflow runs to which the IT role has been granted access. | Viewing and editing asset data.
Managing provisioning and deprovisioning workflows. |
The App Owner role is designed for users that have also been given an app role in relation to one or more apps. Users in the App Owner role have read-only access to the non-financial information about about each app in Trelica, and full access to the apps that they own (i.e. for which they have been given the Owner or IT admin app role).
🧙🏾♂️ You can also assign app roles to users with the Admin or Read-only user role.
As you can see, the user has limited menu options available, but the dashboard highlights applications the user owns:
Spend and renewal data is restricted to spend and renewals for applications that the user owns:
The user cannot add extra columns or filters, and cannot see financial fields:
The profile is read-only and no details are shown for licenses, users, and spend transactions:
The default application roles, Owner and IT admin, are both ownership app roles. Users in ownership roles for a particular app can see all information available about the app, including financial data, and make changes to the app status, edit contract and license information, add tasks and edit the integration settings.
You can add additional app roles from Admin > Settings > Applications. If the Can edit app capability is enabled for the role, then the role is an "ownership" role.
Last modified 7mo ago