OPSCOM Help Desk

Better Permissions Granularity / Enhanced “View Only” Permissions/Role Functionality for Admin Users

It is currently not possible to have a truly “view-only” role option for admin-level users. At the moment, setting role permissions to "View" does not prevent certain actions that contradicts the expectation of “view-only” access. This introduces risk, especially when trying to grant limited access to newer or external users.

For example, an admin role which has only the following assigned permissions:
  • View Users (Users)
  • View Permits (Parking)
  • View Violations (Violations)
  • View History Search (System Content)
Despite this, the admin was still able to:
  • Add a vehicle to a user profile (however, not view or edit it);
  • Assign a decal to a vehicle;
  • Click "Edit" on user profiles (though changes are blocked only upon submission, not access);
  • Archive users;
  • Reserve permits;
  • Make payments (but not see receipt);
  • Add DNTT;
  • etc.

Proposed Enhancements:
  1. Strict Read-Only Enforcement: Ensure that view permissions completely restrict any data-altering actions (e.g., editing, adding, or assigning records).
  2. UI Alignment: Hide or disable action buttons like "Edit", "Add Vehicle", or "Assign Decal" for roles that don't have explicit permissions for those actions.
  3. Granular Permission Categories: Consider breaking out certain permissions (e.g., “Add Vehicle,” “Assign Decal”) into their own toggles rather than tying them to broader edit permissions. This will support more precise role customization.
  4. Audit-Friendly Option: Introduce a “Read-Only Admin” preset for environments needing oversight access without editing capabilities.

#12259

    • Popular Articles

    • Product Documentation

      Please visit the OperationsCommander WIKI for product documentation. https://opscom.wiki

    • Popular Topics

    • Add a toggle for permit sharing for standard permits

      It has been requested that we add a setting for standard permits, to allow/disallow all vehicles on the profile to receive the permit, as is available for temp permits. The use case is for boat launch permits, where the policy states that individual's

    • Lock the Chalk

      Currently, Enforcers can toggle off Auto-Chalking, which sometimes leads to manual errors. I’m proposing we move this toggle behind the Administrator curtain. This keeps the automation running smoothly in the field while giving management the oversight

    • Permit Sharing for Temp Permits under 30 days

      Currently the setting for permit sharing of Temp Permits requires "Allow temp permits to be used over 30 days" to be enabled also. It has been requested that we make a change to allow/disallow permit sharing for temp permits under 30 days as well. 1