Purpose Statement

Roles and Permissions allow administrators to create and manage custom user roles within First Due. This feature enables departments to define specific access levels, security requirements, and operational permissions tailored to different positions and responsibilities within their organization, ensuring users have appropriate access to system features while maintaining data security and operational efficiency.

Background Information

User roles are fundamental to system security and operational workflow management in Fire/EMS departments. Each role defines what a user can see, access, and modify within the platform. Properly configured roles ensure that personnel have the tools they need to perform their duties while protecting sensitive information and maintaining compliance with department policies. Common roles include field personnel, supervisors, dispatchers, administrators, and training officers, each requiring different levels of system access and functionality.

Required Permissions

• Roles 
  
• User Permissions (Read, Update, Create, Delete)

Video

Step-by-Step Guide

Step 1: Access the Roles and Permissions Module

Navigate to Admin > Roles and Permissions

Step 2: Create a New Role

Click the "Add New Role" button in the upper left corner of the screen

Step 3: Configure General Settings

In the General tab:

1. Add the Name of the Role - Enter a descriptive name that clearly identifies the role's function (e.g., "Field Supervisor", "EMS Captain")
2. Determine the Page Layout - Select the appropriate dashboard and interface layout that best suits this role's responsibilities. (Reach out to your Client Success Manager for more Layouts)
3. Add a Description - Provide a detailed description of the role's purpose, responsibilities, and typical use cases
   

Step 4: Configure Security Settings

Navigate to the Security tab:

1. Multi-factor Authentication - Toggle ON/OFF to determine if users with this role will require MFA upon login
2. Password on Sign-Out - Enable this option to require password confirmation when signing out
   • Note: This feature is particularly useful for apparatus devices to prevent unauthorized or accidental sign-outs
     

Step 5: Set Pre-Plan Container Access

Click on the Pre-Plan Containers tab:

1. Review the list of available pre-plan containers
2. Check the boxes next to containers this role should access

Step 6: Navigate to the Users Portion 

Best Practices

• Naming Conventions: Use consistent, descriptive role names that clearly indicate the position or function (avoid abbreviations that might be confusing)
• Security Layers: Enable MFA for roles with administrative or sensitive data access
• Apparatus Device Configuration: Always enable "Password on Sign-Out" for roles used on shared apparatus devices
• Regular Audits: Review and update role permissions on a scheduled basis to ensure they align with current operational needs
• Documentation: Maintain a spreadsheet documenting each role's purpose and key permissions for reference
• Test Before Deployment: Create test users to verify role configurations before widespread assignment
• Principle of Least Privilege: Grant only the minimum permissions necessary for users to perform their duties

Troubleshooting & FAQs

1. Q: Why can't I see the Roles and Permissions? 
   
1. A: You need System Administrator permissions to access this. Contact your system administrator for access.
   
2. Q: Can I duplicate an existing role to create a new one? 
   
1. A: Yes, use the "Duplicate Role" option from the actions menu next to any existing role to create a copy that you can then modify.
   
3. Q: What happens to users if I delete a role they're assigned to? 
   
1. A: Users will lose access permissions associated with that role. Always reassign users to a different role before deletion.
   
4. Q: Why is the password requirement on sign-out not working? 
   
1. A: Verify that the setting is enabled in the Security tab and that the changes have been saved. Clear browser cache if the issue persists.
   
5. Q: Can a user have multiple roles? 
   
1. A: Yes, users can be assigned to multiple roles. 
   
6. Q: How do I know which Pre-Plan Containers to assign? 
   
1. A: Review the operational requirements for each role and consult with department leadership about necessary pre-plan access levels.
   

Additional Considerations

Use Case Examples

• Fire Captain Role: Full pre-plan access, MFA enabled, standard page layout
• Apparatus Operator: Limited permissions, password on sign-out enabled, simplified dashboard
• Training Officer: Access to training modules and reporting, customized training layout

Compliance & Security

• Document role configurations for audit purposes
• Review roles monthly for compliance with department SOPs
• Ensure HIPAA compliance for EMS-related roles with patient data access