Roles installed with Public Sector Digital Services
The Public Sector Digital Services application uses roles to provide access to information, identify internal and external users, and establish different types of relationships between users. These roles control access to public sector data through UI-based features such as forms and lists.
Persona-based Roles in Public Sector Digital Services
Roles and personas help you to understand the different roles involved in Public Sector Digital Services.
Public Sector Digital Services supports users with the following basic job functions (personas). Personas are defined as the individual roles that perform different tasks in Public Sector Digital Services.
The following graphic shows the most common personas used throughout Public Sector Digital Services.|
Job function |
Description |
|---|---|
|
Constituents |
End user, such as citizens, visitors, residents, soldiers, veterans, etc. Constituents can:
|
|
Government case agents |
Staff member of an agency​, such as a constituent agent, business agent, agency agent, that delivers services to constituents or other agencies, and can​ requests services from other agencies. Agents can:
|
|
Contributors |
Business stakeholder or requester for constituents:
|
|
Admins |
System administrator, who has access to all system features, functions, and data, regardless of security restraints. Admins can:
|
|
Business stakeholder |
End user, such as business owner, business channel, or business partner. Business stakeholders can:
|
| Business contact | An end user that is employed by a business. Business contacts can:
|
|
Government service agency manager |
Manager or leader of an agency​ that provides constituent and business services. Manages agents supporting constituent services:
|
Core Roles
| Role title [name] | Description | Contains roles |
|---|---|---|
| constituent [sn_gsm.constituent] |
Enables constituents to request services and manage their information, government service cases, and services received. |
|
| constituent_agent [sn_gsm.constituent_agent] |
Enables agents to perform the following actions:
|
|
| constituent_contributor [sn_gsm.constituent_contributor] |
Enables users to request services and raise government service cases on behalf of any constituent. |
|
| constituent_admin [sn_gsm.constituent_admin] |
Provides agents with admin access and enables them to create, read, update, and delete constituent records. | sn_gsm.constituent_writer |
| constituent_writer [sn_gsm.constituent_writer] |
Provides agents with access to create, read, and update constituent records. | sn_gsm.constituent_viewer |
| constituent_viewer [sn_gsm.constituent_viewer] |
Provides agents with read-only access to constituent records. | sn_customerservice.customer_data_viewer |
| Role title [name] | Description | Contains roles |
|---|---|---|
| business_contact [sn_gsm.business_contact] |
Enables business stakeholders to request services and manage information, government service cases, and services received. |
|
| business_contact_admin [sn_gsm.business_contact_admin] |
Provides a business stakeholder with admin access to a business account. This role has access to all the data within the business account. |
|
| business_case_manager [sn_gsm.business_case_manager] |
Enables a business stakeholder to manage government service cases for a business account and associated child accounts. This role can perform the following actions:
|
|
| business_contributor [sn_gsm.business_contributor] |
Enables business stakeholders to request services and raise government service cases on behalf of any business. |
|
| business_partner [sn_gsm.business_partner] |
Enables business partners to create, view, and edit government service cases from their own account or from a business account that they are associated with. |
|
| business_partner_admin [sn_gsm.business_partner_admin] |
Provides a business stakeholder with admin access to a partner account. This user can access all the data within the partner account and the government service cases created by the partners. |
|
| business_agent [sn_gsm.business_agent] |
Enables agents to perform the following actions:
|
|
| Role title [name] | Description | Contains roles |
|---|---|---|
| agency_agent [sn_gsm.agency_agent] |
Enables agency agents to create and fulfill government service cases for the businesses and business contacts associated with the agency. | sn_customerservice.svc_location_agent |
| agency_constituent_agent [sn_gsm.agency_constituent_agent] |
Enables agency agents to create and fulfill government service cases for constituents and households associated with the agency. | sn_customerservice.svc_location_consumer_agent |
| agency_contributor [sn_gsm.agency_contributor] |
Enables agency agents to request services and raise government service cases on behalf of the agency. |
|
| agency_manager [sn_gsm.agency_manager] |
Enables an agency manager to perform the following actions:
|
|
| agency_manager_contributor [sn_gsm.agency_manager_contributor] |
Enables users to create, update, view, and approve cases. Allows them to register and remove staff across all agencies they manage.  |
|
| relationship_manager [sn_gsm.agency_relationship_manager] |
Enables users to view cases across all the external agencies where they have location_relationship_manager responsibility. |
|
| service_manager [sn_gsm.service_manager] |
Enables a service manager to perform the following actions:
|
|
| Role title [name] | Description | Contains roles |
|---|---|---|
| admin [sn_gsm.admin] |
Provides a user with delegated admin access to scoped applications created on the Public Sector Digital Services platform. | sn_gsm.service_manager |
| service_offered_admin [sn_gsm.service_offered_admin] |
Provides users with admin access and enables them to create, read, update, and delete services-offered records and services-received records. | sn_gsm.service_offered_writer |
| service_offered_admin [sn_gsm.service_offered_admin] |
None | |
| service_offered_writer [sn_gsm.service_offered_writer] |
Provides users with access to create, read, and update services-offered records and services-received records. | sn_gsm.service_offered_viewer |
| service_offered_viewer [sn_gsm.service_offered_viewer] |
Provides users with read-only access to services offered records and services-received records. | sn_customerservice.customer_data_viewer |
| case_writer [sn_gsm.case_writer] |
Provides agents with access to create, read, and update government service cases. | sn_gsm.case_viewer |
| case_viewer [sn_gsm.case_viewer] |
Provides agents with read-only access to government service cases. | None |
| contributor_creator [sn_gsm.contributor_creator] |
Enables agents or business stakeholders to create government service cases and is included in the top-level contributor roles. This role can create cases but cannot view other cases. | None |
| relationship_agent [sn_gsm.relationship_agent] |
Enables agents to work on government service cases for customers that they have relationship with. |
|
| relationship_contributor [sn_gsm.relationship_contributor] |
Enables business stakeholders to raise government service cases on behalf of customers that they have relationship with. |
|
Roles by Application
Note:
Service Request Playbook does not contain roles that are separate from Public Sector Digital Services Core.
| Role title [name] | Description | Contains roles |
|---|---|---|
| icm.investigator [sn_gsm_icm.investigator] |
Provides users the ability to create and work on the investigative cases. It includes read access to all the cases and write access to the cases which are assigned to the investigator. |
|
| supervisory_agent [sn_gsm_icm.supervisory_agent] |
Provides users the ability to create and work on investigative cases. It includes read access to all the cases and write access to the cases belonging to the user's assignment group. |
|
| special_agent [sn_gsm_icm.special_agent] |
Provides users the ability to create and fulfill all cases. |
|
| expert_analyst [sn_gsm_icm.expert_analyst] |
Provides read or write access to the cases where these users are team members of the case or assigned to a case task of the case. |
|
| investigative_contributor [sn_gsm_icm.investigative_contributor] |
Provides read or write access to the cases where these users are team members of the case or assigned to a case task of the case. |
|
| case_viewer sn_gsm_icm.case_viewer |
Provides users read only access to Investigative Case records. | sn_gsm.case_viewer |
| entity_viewer sn_gsm_icm.entity_viewer |
Provides read access to all the investigative case management entities such as Person, Organization, Property, Vehicle, or Evidence. | None |
| event_viewer sn_gsm_icm.event_viewer |
Provides read access to all the investigative case management events. | None |
| report_viewer sn_gsm_icm.report_viewer |
Provides users access to view reports containing Information Request data. | sn_gsm.report_viewer |
| case_admin [sn_gsm_icm.case_admin] |
Provides read and write access to all the investigative cases. |
|
| icm.admin [sn_gsm_icm.admin] |
Provides delegated admin access to the investigative case management application. |
|
| case_task_agent [sn_gsm_icm.case_task_agent] |
Provides read access for administrative purposes to cases where users are assigned to a case task of the case. |
sn_gsm.case_task_agent |
| case_writer sn_gsm_icm.case_writer |
Provides users write only access to investigative case records that are assigned to the users or where the users are team members or where the case task of the case is assigned to the user. |
|
| entity_writer sn_gsm_icm.entity_writer |
Provides write access to all the investigative case management entities like Person, Organization, Property, Vehicle or Evidence. | sn_gsm_icm.entity_viewer |
| event_writer sn_gsm_icm.event_writer |
Provides write access to all the events which the user has access to. | sn_gsm_icm.event_viewer |
| Role title [name] | Description | Contains roles |
|---|---|---|
| Role title [name] | Description | Contains roles |
|---|---|---|
| grant_admin sn_gsm_grnt_mgmt.grant_admin |
Provides users with admin access and enables them to create, read, update, and edit grant proposals in the grant setup and proposals playbooks. |
|
| grant_program_director sn_gsm_grnt_mgmt.grant_director |
Provides users with the grant program director role, which consists of the grant program manager and the government service manager roles. |
|
| external_reviewer [sn_gsm_grnt_mgmt.external_reviewer] |
Enables merit review users to review and score grant proposals from within the Reviewer Service Portal. |
|
| grant_case_writer sn_gsm_grnt_mgmt.case_writer |
Provides users with access to create, read, and update grant management case records. |
|
| grant_case_viewer sn_gsm_grnt_mgmt.case_viewer |
Provides users with read-only access to grant management case records. |
|
| grant_management_report_viewer sn_gsm_grnt_mgmt.report_viewer |
Enables users to view reports about the grants management playbooks. | None |
| Role title [name] | Description | Contains roles |
|---|---|---|
| License & Permits Install base writer [sn_gsm_lic_prmt.ib_writer] |
Provides create, read, and write access to Install base items. | sn_gsm_lic_prmt.ib_writer |
| License & Permit Constituent Agent [sn_gsm_lic_prmt.constituent_agent] |
Enables users to work on License & Permit cases for all constituents. It includes the ability to read/write/update all License & Permit cases and constituent records |
|
| License & Permit Agency Manager [sn_gsm_lic_prmt.agency_manager] |
Enables users to manage data for agencies in the manager's agency hierarchy. |
|
| License & Permit Agency Constituent Agent [sn_gsm_lic_prmt.agency_constituent_agent] |
Enables users to manage data for agencies in the constituent agent's agency hierarchy. |
|
| License & Permit Agency Manager Contributor [sn_gsm_lic_prmt.agency_manager_contributor] |
Enables users to create, update, view, and approve cases. They can also register and remove staff across all agencies they manage.  |
|
| License & Permits Agency Manager Core [sn_gsm_lic_prmt.agency_manager_core] |
Granular role to manage agency staff registrations and staff relationships with businesses, constituents, and households for all the agencies within the hierarchy. |
|
| License & Permit Agency Relationship Manager [sn_gsm_lic_prmt.agency_relationship_manager] |
Enables users to view cases across all the external agencies where they have location_relationship_manager responsibility. |
|
| License & Permit Case Task Agent [sn_gsm_lic_prmt.case_task_agent] |
Provides users the ability to create and fulfill License & Permit cases for the constituents and households in the agent's agency. |
|
| License & Permit Case Viewer [sn_gsm_lic_prmt.case_viewer] |
This role provides users read only access to License & Permit case records. |
|
| License & Permit Agency Business Agent [sn_gsm_lic_prmt.agency_agent] |
Enables users to create and fulfill License & Permit cases for the accounts and contacts in the agent's agency. |
|
| License & Permit Business Agent [sn_gsm_lic_prmt.business_agent] |
Provides users the ability to work on license and permit cases for business. It includes the ability to read, write, or update all license and permit cases and business records. |
|
| License & Permits Install base admin [sn_gsm_lic_prmt.ib_admin] |
This role provides create,read,write, and delete access to Install base items. |
|
| License & Permits Case Writer [sn_gsm_lic_prmt.case_writer] |
This role provides users access to create, read and update License & Permits case records. |
|
| License & Permits Agency Manager Core [sn_gsm_lic_prmt.agency_manager_core] |
Granular role to manage agency staff registrations and staff relationships with businesses, constituents, and households for all the agencies within the hierarchy. |
|
| License & Permits Contributor Creator [sn_gsm_lic_prmt.contributor_creator] |
Enables users to create license and permit cases and is included in the top-level contributor roles. It only allows record creation but does not allow visibilty to a record on its own. |
|
| License & Permit Constituent contributor [sn_gsm_lic_prmt.constituent_contributor] |
This role enables users to request for service and raise License & Permit cases on behalf of any constituent. This allow business stakeholders to act as a requestor on of behalf of customers. |
|
| License & Permit Business Contributor [sn_gsm_lic_prmt.business_contributor] |
This role enables users to request for service and raise License & Permit cases on behalf of any business. This allow business stakeholders to act as a requester on of behalf of customers. |
|
| License & Permit Relationship Contributor [sn_gsm_lic_prmt.relationship_contributor] |
Enables users to raise License & Permit cases on behalf of customers with whom they have relationships. This allows business stakeholder access to act as a requester on behalf of customers. |
|
| License & Permit Contributor Editor [sn_gsm_lic_prmt.contributor_editor] |
Grants restrictive write access to the fields on the License and Permit Case form. |
|
| License & Permit Agency Contributor [sn_gsm_lic_prmt.agency_contributor] |
Enables users to request service and raise License & Permit cases for their service organization (business location). This role is agnostic to internal and external. |
|
| Role title [name] | Description | Contains roles |
|---|---|---|
| Social Benefits Case Viewer [sn_gsm_soc_bnfts.case_viewer] |
This role provides users read only access to Social Benefits Case records. |
|
| Social Benefits Case Writer [sn_gsm_soc_bnfts.case_writer] |
This role provides users access to create, read and update Social Benefits Case records. |
|
| Social Benefits install base admin [sn_gsm_soc_bnfts.ib_admin] |
This role provides create,read,write, and delete access to Install base items. | sn_gsm_soc_bnfts.ib_writer |
| Social Benefits install base read granular [sn_gsm_soc_bnfts.ib_read_granular] |
Provides granular read access to issued Social Benefits. | sn_install_base.install_base_read_granular |
| Social Benefits install base viewer [sn_gsm_soc_bnfts.ib_viewer] |
Provides read access to Install base items. | None |
| Social Benefits install base writer [sn_gsm_soc_bnfts.ib_writer] |
Provides create, read and write access to Install base items. | sn_gsm_soc_bnfts.ib_viewer |
| Social Benefits Constituent Contributor [sn_gsm_soc_bnfts.constituent_contributor] |
This role enables users to request service and raise Social Benefits cases on behalf of any constituent. This allows business stakeholders to act as a requestor on behalf of customers. |
|
| Social Benefits Contributor Creator [sn_gsm_soc_bnfts.contributor_creator] |
Enables users to create Social Benefits cases and is included in the top-level contributor roles. It only allows record creation but does not allow visibility to a record on its own. |
|
| Social Benefits Contributor Editor [sn_gsm_soc_bnfts.contributor_editor] |
Grants restrictive write access to the fields on the Social Benefits Case form. | sn_gsm.contributor_creator |
| Social Benefits Relationship Contributor [sn_gsm_soc_bnfts.relationship_contributor] |
Enables users to raise Social Benefits cases on behalf of customers with whom they have relationships. This allows business stakeholder access to act as a requester on behalf of customers. |
|
| social_benefits_agency_agent [sn_gsm_soc_bnfts.agency_agent] |
Provides users the ability to create and fulfill cases for the accounts and contacts in the agent's agency. |
|
| social_benefits_agency_constituent_agent [sn_gsm_soc_bnfts.agency_constituent_agent] |
Provides users the ability to create and fulfill cases for the constituents and households in the agent's agency. |
|
| social_benefits_agency_contributor [sn_gsm_soc_bnfts.agency_contributor] |
Enables users to request service and raise Social Benefits cases for their agency(business location). This role is agnostic to internal and external. |
|
| social_benefits_agency_manager [sn_gsm_soc_bnfts.agency_manager] |
Provides users the ability to manage data for agencies in the manager's agency hierarchy. |
|
| social_benefits_agency_manager_contributor [sn_gsm_soc_bnfts.agency_manager_contributor] |
Manage agencies and create a case for a business, household, or constituent at the agency or any child agency. |
|
| social_benefits_agency_manager_core [sn_gsm_soc_bnfts.agency_manager_core] |
Granular role to manage agency staff registrations and staff relationships with businesses, constituents, and households for all the agencies within the hierarchy. |
|
| social_benefits_agency_relationship_manager [sn_gsm_soc_bnfts.agency_relationship_manager] |
Manages and monitors all the activities performed by the agencies. It also acts as an internal point of contact for the agencies. |
|
| social_benefits_business_agent [sn_gsm_soc_bnfts.business_agent] |
Provides users the ability to work on Social Benefits cases for business. It includes the ability to read/write/update all Social Benefits cases and business records. |
|
| Social Benefits Case Task Agent [sn_gsm_soc_bnfts.case_task_agent] |
Enables users to work on Social Benefits case tasks. |
|
| Social Benefits Constituent Agent [sn_gsm_soc_bnfts.constituent_agent] |
Provides users the ability to work on Social Benefits cases for all constituents. It includes the ability to read/write/update all cases and constituent records |
|
| Social Benefits Manager [sn_gsm_soc_bnfts.manager] |
Provides users the ability to manage all work performed by agents working on Social Benefits cases (constituent and business). Users with this role have the ability to read/write/update/delete all Social Benefits cases and constituent/business records. |
|
| Social Benefits Relationship Agent [sn_gsm_soc_bnfts.relationship_agent] |
Enables users to work on Social Benefits cases only for customers with whom they have relationships. |
|
| Role title [name] | Description | Contains roles |
|---|---|---|
| Admin sn_gsm_info_req.admin |
Provides delegated admin access to scoped applications created on the Information Request Playbook platform. |
|
| Agency Agent sn_gsm_info_req.agency_agent |
Provides users the ability to create and fulfill cases for the accounts and contacts in the agent's agency. | sn_gsm.agency_agent |
| Agency Constituent Agent sn_gsm_info_req.agency_constituent_agent |
Provides users the ability to create and fulfill cases for the constituents and households in the agent's agency. | sn_gsm.agency_constituent_agent |
| Agency Contributor sn_gsm_info_req.agency_contributor |
Enables users to request service and raise Information Request cases for their service organization (business location). |
|
| Agency Manager sn_gsm_info_req.agency_manager |
Provides users the ability to manage data for agencies in the manager's agency hierarchy. |
|
| Business Agent sn_gsm_info_req.business_agent |
Provides users the ability to work on Information Request cases for business. It includes the ability to read, write, and update all Information Request cases and business records. |
|
| Business Contributor sn_gsm_info_req.business_contributor |
Enables users to request for service and raise Information Request cases on behalf of any business. This allow business stakeholders to act as a requester on of behalf of customers. |
|
| Case Task Agent sn_gsm_info_req.case_task_agent |
Enables users to work on Information Request case tasks. |
|
| Case Viewer sn_gsm_info_req.case_viewer |
Provides users read only access to Information Request Case records. | sn_gsm.case_viewer |
| Case Writer sn_gsm_info_req.case_writer |
Provides users access to create read and update Information Request Case records. |
|
| Constituent Agent sn_gsm_info_req.constituent_agent |
Provides users the ability to work on Information Request cases for all constituents. It includes the ability to read, write, and update all Information Request cases and constituent records. |
|
| Constituent Contributor sn_gsm_info_req.constituent_contributor |
Enables users to request for service and raise Information Request cases on behalf of any constituent. This allows business stakeholders to act as a requestor on behalf of customers. |
|
| Contributor Creator sn_gsm_info_req.contributor_creator |
Enables users to create Information Request cases and is included in the top-level contributor roles. It only allows record creation but does not allow visibility to a record on its own. | sn_gsm.contributor_creator |
| Contributor Editor sn_gsm_info_req.contributor_editor |
Grants restrictive write access to the fields on the Information Request Case form. | sn_gsm.contributor_editor |
| Request Manager sn_gsm_info_req.manager |
Provides users the ability to manage all work performed by agents working on Information Request cases (constituent and business). Users with this role have the ability to read, write, update, and delete all Information Request service cases and constituent or business records. |
|
| Relationship Agent sn_gsm_info_req.relationship_agent |
Enables users to work on Information Request cases only for customers with whom they have relationships. |
|
| Relationship Contributor sn_gsm_info_req.relationship_contributor |
Enables users to raise Information Request cases on behalf of customers with whom they have relationships. This allows business stakeholder access to act as a requester on behalf of customers. |
|
| Report Viewer sn_gsm_info_req.report_viewer |
Provides users access to view reports containing Information Request data. | sn_gsm.report_viewer |
| Role title [name] | Description | Contains roles |
|---|---|---|
| Program Admin (sn_svc_appl_pgm_mg.admin) | Provides delegated admin access to scoped applications created on the Service Applicant Program Management platform | None |
| Grant Program Admin (sn_svc_appl_pgm_mg.grant_program_admin) | Provides access to all Grant Programs. | sn_svc_appl_pgm_mg.grant_program_writer |
| Grant Program Director (sn_svc_appl_pgm_mg.grant_program_director) | Provides access to all Grant Programs. |
|
| Grant Program Writer (sn_svc_appl_pgm_mg.grant_program_manager) | Creates or updates Grant Programs if they are a part of. |
|
| Grant Program Viewer (sn_svc_appl_pgm_mg.grant_program_writer) | Provides write access to Grant Program records. |
|
| Planning Item Writer (sn_svc_appl_pgm_mg.grant_program_viewer) | Provides read access to Grant Program records. | sn_svc_appl_pgm_mg.planning_item_viewer |
| Planning Item Viewer (sn_svc_appl_pgm_mg.planning_item_writer) | Provides write access to Planning Item records. | sn_svc_appl_pgm_mg.planning_item_viewer |
| Budget Allocation Writer (sn_svc_appl_pgm_mg.planning_item_viewer) | Provides read access to Planning Item records. | None |
| (sn_svc_appl_pgm_mg.budget_allocation_writer) | Provides write access to Budget Allocation records. | sn_svc_appl_pgm_mg.budget_allocation_viewer |
| (sn_svc_appl_pgm_mg.budget_allocation_viewer) | Provides read access to Budget Allocation records. | None |
| (sn_svc_appl_pgm_mg.milestone_writer) | Provides write access to Milestone records. | sn_svc_appl_pgm_mg.milestone_viewer |
| (sn_svc_appl_pgm_mg.milestone_viewer) | Provides read access to Milestone records. | None |
| Resource Assignment Writer (sn_svc_appl_pgm_mg.resource_assignment_writer) | Provides write access to Resource Assignment records. | sn_svc_appl_pgm_mg.resource_assignment_viewer |
| Resource Assignment Viewer (sn_svc_appl_pgm_mg.resource_assignment_viewer) | Provides read access to Resource Assignment records. | None |
| Informational Resource Mapping Writer (sn_svc_appl_pgm_mg.resource_mapping_writer) | Provides write access to Informational Resource Mapping records. | sn_svc_appl_pgm_mg.resource_mapping_viewer |
| Informational Resource Mapping Viewer (sn_svc_appl_pgm_mg.resource_mapping_viewer) | Provides read access to Informational Resource Mapping records. | None |
| Resource Role Writer (sn_svc_appl_pgm_mg.resource_role_writer) | Provides write access to Resource Role records. | sn_svc_appl_pgm_mg.resource_role_viewer |
| Resource Role Viewer (sn_svc_appl_pgm_mg.resource_role_viewer) | Provides read access to Resource Role records. | None |
| Scoring Framework Writer (sn_svc_appl_pgm_mg.scoring_framework_writer) | Provides write access to Scoring Framework records. | sn_svc_appl_pgm_mg.scoring_framework_viewer |
| Scoring Framework Viewer (sn_svc_appl_pgm_mg.scoring_framework_viewer) | Provides read access to Scoring Framework records. | None |
| Scoring Framework Attribute Writer (sn_svc_appl_pgm_mg.scoring_framework_attribute_writer) | Provides write access to Scoring Framework Attributes records. | sn_svc_appl_pgm_mg.scoring_framework_attribute_viewer |
| Scoring Framework Attribute Viewer (sn_svc_appl_pgm_mg.scoring_framework_attribute_viewer) | Provides read access to Scoring Framework Attributes records. | None |
| Business Calendar Entry Viewer (sn_svc_appl_pgm_mg.business_calendar_entry_viewer) | Provides read access to Business Calendar Entry and Business Calendar Entry Name tables. | None |
| Pace Reader (sn_svc_appl_pgm_mg.pace_reader) | Provides read access to PaCE records. | None |
| Report Viewer (sn_svc_appl_pgm_mg.report_viewer) | Provides users the access to view reports of Program records. | None |
Roles by Plugin
| Role title [name] | Description | Contains roles |
|---|---|---|
| (sn_svc_appl_info.admin) | Provides delegated admin access to scoped applications created on the Service Application Information. |
|
| (sn_svc_appl_info.applicant_admin) | Provides create,read,write and delete access to applicant records. | sn_svc_appl_info.applicant_writer |
| (sn_svc_appl_info.applicant_viewer) | Provides read access to applicant records. | |
| (sn_svc_appl_info.applicant_writer) | Provides create,read and write access to applicant records. | sn_svc_appl_info.applicant_viewer |
| (sn_svc_appl_info.financial_details_admin) | Provides create,read,write and delete access to financial details records. | sn_svc_appl_info.financial_details_writer |
| (sn_svc_appl_info.financial_details_viewer) | Provides read access to financial details records. | None |
| (sn_svc_appl_info.financial_details_writer) | Provides create,read and write access to financial details records. | sn_svc_appl_info.financial_details_viewer |
| (sn_svc_appl_info.point_in_time_content_admin) | Provides create,read, write and delete access to point-in-time content records. | sn_svc_appl_info.point_in_time_content_writer |
| (sn_svc_appl_info.point_in_time_content_viewer) | Provides read access to point-in-time content records. | None |
| (sn_svc_appl_info.point_in_time_content_writer) | Provides create,read and write access to point-in-time content records. | sn_svc_appl_info.point_in_time_content_viewer |
| (sn_svc_appl_info.report_viewer) | Provides users the access to view reports on the Service Applicant Information platform. | None |
| Role | Description | Persona |
|---|---|---|
| sn_pace.execution_reader | A read-only user with view-only access. This user can view policies, categories, and executions. | Policy user, internal auditor. |
| sn_pace.code_reader | Can review PaCE versions, policy code, and run tests. | Internal auditor |
| sn_pace.code_editor | This user has all the sn_pace_code_reader permissions plus the ability to create PaCE policy versions. | Policy developer |
| sn_pace.policy_reader | This user has all the sn_pace_code_reader permissions plus the ability to review policy details and mapping information. | Policy user, internal auditor |
| sn_pace.policy_editor | This user has all the sn_pace_policy_reader and sn_pace.code_editor permissions plus the ability to create policies and mappings. | Policy developer |
| sn_pace.mapping_admin | This user can map policies and edit config parameters for policy mappings. | Mapping admin |
| sn_pace.admin | This user has the permissions of all the other roles plus the ability to create categories, policies, mappings, and code. | Policy admin |
| sn_pace.super_admin | This user has all the sn_pace.admin role permissions across all calling services. | Not applicable |
| Maint role | Internal user who can create default content. | Not applicable |
Granular roles
You can use predefined functional and granular roles installed with Public Sector Digital Services to establish relationships between users and public sector entities. These functional and granular roles provide different levels of access to public sector data.- Functional roles: A set of roles required to perform a function or meaningful action that requires access on multiple entities.
- Granular roles: Roles that provide access to cases, services used, and related public sector entities. One or more granular roles can be bundled together as a functional role.
A granular model controls access to data through UI-based interactions by granting the appropriate level of access to the corresponding public sector entities. With this functionality, each role is associated with a set of privileges or
responsibilities that determine users' access to information via forms, lists, and application features. You can have fine-grained access control by setting granular policies that authorize individuals to access the information
needed to work efficiently and effectively, ultimately helping improve the constituent experience.
Note:
Role-based access controls govern UI interactions. They do not restrict access by users with system-level scripting privileges or elevated platform roles. These roles control access to public sector
data through UI-based features such as forms and lists.
For example, if you extend the Government Service Case table or other tables in the Public Sector Digital Services app, you must replicate the access control lists for the extended tables. You can assign granular roles to public sector users to control access to those extended tables.
| Role title [name] | Description | Contains roles |
|---|---|---|
| case_create_granular [sn_gsm.case_create_granular] |
Provides constituents or business stakeholders with granular create access to government service cases. | sn_gsm.case_read_granular |
| case_read_granular [sn_gsm.case_read_granular] |
Provides constituents or business stakeholders with granular read access to government service cases. | sn_customerservice.case_read_granular |
| case_write_granular [sn_gsm.case_write_granular] |
Provides constituents or business stakeholders with granular write access to government service cases. |
|
| service_received_read_granular [sn_gsm.service_received_read_granular] |
Provides constituents or business stakeholders with granular read access to services-received records. | sn_install_base.sold_product_read_granular |
| License & Permits Install base read granular [sn_gsm_lic_prmt.ib_read_granular] |
Provides granular read access to issued License and Permits. |
|
| case_admin [sn_gsm_icm.case_admin] |
Provides read and write access to all the investigative cases. |
|
Business Stakeholder Roles
Business Stakeholder for Public Sector Digital Services includes plugins and roles that provide access to business stakeholder features.
Admins with access to Business Stakeholder can provide Business Stakeholder users with the rights to the following actions:
- Create cases on behalf of a business or an agency (service organization)
- View cases, case tasks, and business data.
- Approve requests.
| Role | Description | Contains roles | Plugin | User type |
|---|---|---|---|---|
| Constituent contributor [sn_gsm.constituent_contributor] |
Enables users to request services and raise government service cases on behalf of any constituent. |
|
com.sn_public_sector_digital_services_core | Internal and external |
| Business contributor [sn_gsm.business_contributor] |
Enables business stakeholders to request services and raise government service cases on behalf of any business. |
|
com.sn_public_sector_digital_services_core | internal and external |
| Relationship contributor [sn_gsm.relationship_contributor] |
Enables business stakeholders to raise government service cases on behalf of customers with which they have a relationship. |
|
com.sn_public_sector_digital_services_core | Internal and external |
| Role | Description | Contains roles | Plugin | User type |
|---|---|---|---|---|
| Agency contributor [sn_gsm.agency_contributor] |
Enables agency agents to request services and raise government service cases on behalf of the agency. |
|
Agency Support Model (com.sn_agency_support_model) | Internal and external |
| Social Benefits Business Contributor [sn_gsm_soc_bnfts.business_contributor] |
Enables users to request service and raise Social Benefits cases on behalf of any business. This allows business stakeholders to act as a requester on behalf of customers. |
|
| Role | Description | Contains roles | Plugin | User type |
|---|---|---|---|---|
| Case viewer [sn_gsm.case_viewer] |
Provides agents with read-only access to government service cases. | None | com.sn_public_sector_digital_services_core | Internal |
| Constituent viewer [sn_gsm.constituent_viewer] |
Provides agents with read-only access to constituent records. | sn_customerservice.customer_data_viewer | com.sn_public_sector_digital_services_core | Internal |
| Business viewer [sn_gsm.business_viewer] |
None | com.sn_public_sector_digital_services_core | Internal | |
| Services offered viewer [sn_gsm.service_offered_viewer] |
Provides users with read-only access to services offered records and services received records. | sn_customerservice.customer_data_viewer | com.sn_public_sector_digital_services_core | Internal |
| Government services received viewer [sn_gsm.service_received_viewer] |
Provides users with read-only access to services received records. | None |
com.sn_public_sector_digital_services_core |
Internal |
| Role | Description | Contains roles |
|---|---|---|
| report_viewer [sn_gsm.report_viewer] |
Enables users to view reports on the Public Sector Digital Services platform. | None |
| grant_management_report_viewer sn_gsm_grnt_mgmt.report_viewer |
Enables users to view reports about the grants management playbooks. | sn_gsm.report_viewer |
| License & Permit Report Viewer [sn_gsm_lic_prmt.report_viewer] |
Enables users to view reports on the Public Sector Digital Services platform. | sn_gsm.report_viewer |
| social_benefit_report_viewer [sn_gsm_soc_bnfts.report_viewer] |
Provides users access to view reports Social Benefits Playbook. | sn_gsm.report_viewer |
| (sn_svc_appl_info.report_viewer) | Provides users the access to view reports on the Service Applicant Information platform. | None |
Note:
Customers who have purchased a Public Sector Digital Services subscription can provide Business Stakeholder users with rights to actions listed under Business Stakeholder for Customer Service Management.