Role Based Access Control
Currently in beta. Please contact support for access.
Role-based access control lets you invite administrative stakeholders in to Blissfully while maintaining the principle of least privilege.
This feature is currently in beta. Please contact your account manager if you would like access.

Policies

Policies contain a set of permissions that can be applied to either individual users or teams, with granular control. Blissfully has provided a core set of default policies with commonly desired permission sets, as shown below. Default and Admin policies can be updated to reflect your desired permission set or you can create entirely new policies for specific groups of users.
The Super Admin policy cannot be edited or deleted, to prevent losing all access to Blissfully.

Organization-Wide Policies

Any policy can be set as Organization-Wide, which means it will be automatically applied to all individuals in your primary domain. Additional policies stack on top of the permissions defined in any org-wide policy. Blissfully provides a Default policy during initial setup that will allow everyone in your organization to see the Employee Portal and to manage the "My Stuff" section.
If you would like to like to prevent your primary domain holders from having access to the Employee Portal, you can either delete the Default Policy or adjust it to only apply to specific people or teams. All policies have the option of being set as "Organization-Wide", as you can see the the Policy Detail example below.

Permissions

Access Rights are the permissions that an individual user or team holds to read, write, edit, delete or otherwise access Blissfully capabilities. The level of access rights typically depends on the user's position or supervisory role within the company. Blissfully aims to involve a cross-functional team to collaboratively manage IT, and permissions are the key.

Managing permissions

Permission sets are managed by either editing an existing policy or creating a new one. Blissfully has a powerful permission model that allows an Administrator to carefully design granular sets of permissions, including the ability to Allow All and Deny All permissions, with exception handling.

ALLOW ALL

If toggled on, all current and future permissions will be ALLOWED except those in the Access Denied list. This is an uncommon action, typically reserved for Super Admins. The primary benefit of using this method is that any new permissions that Blissfully creates will be automatically rolled in to the policy on go-forward basis.
If "Allow all" is selected, individual permissions will be locked and cannot be manually removed.

DENY ALL

If toggled on, all current and future permissions will be DENIED except those in the Access Allowed list. Again, the primary benefit of using this method is that any new permissions that Blissfully creates will be automatically rolled in to the denied list on a go-forward basis.
If "Deny all" is selected, individual permissions will be locked and cannot be manually removed
Adding individual permissions is straightforward. You can search for a specific permission, and easily select (or deselect) multiple permissions at once to apply to the policy.

Available permissions

Blissfully will be adding more and more granular permissions as RBAC capabilities expand. For now, we support the following permissions:

System of Record

    Manage Apps
    Manage Devices
    Manage People
    Manage Teams

Manager

    Manage Apps if you're the owner
    Manage Team Apps as Team Lead
    Manage Team Details as Team Lead
    Manage Team Membership as Team Lead Workflows

Workflows

    Manage Workflows

Tickets

    Manage Tickets

Settings

    Manage API
    Manage Integrations
    Manage Policies
    Manage Transactions
    Manage Users
    Manage Organization (The below are part included in this permission)
      Manage general settings
      View Audit Logs
      View Google Logs
      View Labs
      View System of Record Reports

User Access

The User Access table only shows individuals who have policies in addition to any Org-Wide policies you have defined. Since everyone in your primary domain gets the Default policy after Blissfully is initially set up, they will not display in this table.
Users who only have Org-Wide policies will not show in the User Access table
If you would like to add additional policies to an individual in your domain, tap the "Add user" button and search for them, or adjust any existing user's policy application through the action menu.
Last modified 1mo ago