Understanding user roles, permissions, and access control in the Thena platform
Role-based access control (RBAC) is a foundational security model in the Thena platform that ensures users have appropriate access based on their responsibilities and organizational hierarchy. This system protects sensitive operations while enabling efficient collaboration.
The Thena platform implements a progressive access model with five distinct user roles, each designed for specific use cases and access requirements
The Thena platform provides five user roles, each with specific access levels and capabilities. Use the tabs below to explore each role in detail:
Org admin
Org user
Lite user
Customer admin
Customer user
Organization administrators have comprehensive access to manage their organization’s resources, settings, and members. This is the highest level of access within an organization.
Team management
Create and delete teams
Add and remove team members
Update team configurations
Manage routing rules
Configure team settings
Set up team hierarchies
System configuration
Manage ticket priorities, statuses, and types
Configure custom fields and objects
Set up tags and categories
Manage forms and templates
Configure organization settings
Control workflow automation
User management
Send organization invitations
Manage user access and permissions
Configure notification channels
Oversee bulk operations
Control user role assignments
Manage user onboarding/offboarding
Billing and subscriptions
View subscription details
Create and manage subscriptions
Access billing portal
Monitor usage and costs
Manage payment methods
Control subscription features
Organization users have full access to operational features within their organization for daily work. This is the standard role for most team members.
Ticket management
View, create, and update tickets
Add comments and reactions
Escalate and assign tickets
Create sub-tickets and link related tickets
Archive/unarchive tickets
Log time and view time logs
Use ticket templates and automation
Account management
View and create accounts
Update account information
Manage customer contacts
Add account notes and tasks
Track account activities
Manage account relationships
Access account history and insights
Personal settings
Update personal profile and settings
Configure business hours and availability
Manage skills and integrations
Set notification preferences
Configure view preferences
Customize dashboard and workspace
Team collaboration
View team information and members
Access team configurations
View routing rules
Participate in communications
Use search and view features
Collaborate on shared resources
Lite users have limited access focused on essential ticket management and viewing capabilities. This role is ideal for users who need basic access without full operational permissions.
Basic ticket access
View assigned tickets
View ticket history
Access basic ticket information
Receive ticket notifications
Limited account access
View account information (read-only)
View account activities (read-only)
See account relationships
Access contact information (read-only)
Personal profile
Update basic profile information
Configure personal notifications
View personal dashboard
Manage personal preferences
Access help resources
Team viewing
View team information (read-only)
See team members
Access basic team resources
View team structure
See team contact information
Customer administrators manage customer-facing portal features and customer organization settings. This role is designed for customers who need administrative control over their portal experience.
Customer portal management
Configure customer portal settings
Manage customer-facing features
Control customer access and permissions
Customize portal branding
Set up customer workflows
Manage portal integrations
Customer organization
Manage customer organization settings
Control customer user access
Configure customer workflows
Oversee customer integrations
Set up customer team structure
Manage customer billing preferences
Customer user management
Invite and manage customer users
Assign customer user permissions
Configure customer user settings
Monitor customer user activity
Control customer user access levels
Customer users have access to customer-facing features and their own tickets through the customer portal. This is the standard role for end customers using the platform.
Here are typical scenarios for role assignment and user access management:
New team member
Lite user access
Administrative promotion
Customer onboarding
Scenario: A new employee joins your organization and needs access to the platform for daily work.
1
User registration
New employee creates an account or receives an invitation to join the organization
2
Role assignment
Organization admin assigns the org user role, providing complete operational access
3
Team assignment
Admin adds the user to relevant teams, granting team-specific access and permissions
4
Ready to work
User can now manage tickets, accounts, and collaborate with team members effectively
Most new team members should start with the org user role as it provides the right balance of access for daily operations without administrative privileges.
Scenario: A contractor, part-time employee, or external collaborator needs limited access to specific tickets.
1
Access requirement
User needs to view only assigned tickets without full platform access
2
Lite user assignment
Organization admin assigns the light user role for restricted access
3
Ticket assignment
Admin assigns specific tickets to the light user for their work
4
Limited operations
User can only view assigned tickets but cannot add comments, update status, or access broader platform features
Lite users have view-only access to assigned tickets. They cannot create tickets, add comments, update statuses, or manage customer contacts. Ensure they have the necessary tickets assigned by an admin.
Scenario: An existing team member is promoted to a management role and needs administrative access.
1
Current access
User currently has org user role with operational access
2
Role upgrade
Organization admin promotes the user to org admin role
3
New capabilities
User gains access to team management, system configuration, and billing features
4
Administrative responsibilities
User can now manage teams, invite users, configure settings, and oversee organizational operations
Consider providing training on administrative features when promoting users to ensure they understand their new responsibilities and capabilities.
Scenario: External customers need access to submit tickets and track their support requests.
1
Customer registration
Customer creates an account through the customer portal or receives an invitation
2
Customer user role
Customer is automatically assigned the customer user role with portal access
3
Portal access
Customer can access the customer portal, submit tickets, and track their requests
4
Customer admin setup
If needed, promote a customer contact to customer admin for managing their organization’s portal settings
Customer users can only see and manage their own tickets. Customer admins can manage multiple customer users and configure portal settings for their organization.
.svg?fit=max&auto=format&n=fnPhXvYfm-TNmZho&q=85&s=dc407af2e287b4714cedea5b8d7abf4d){kind=logo}