Roles and Permissions

AngelTrack uses "role-based access control". Employees are granted access to AngelTrack's various features via belonging to roles. Each role confers access to certain features.

An employee can belong to any number of roles, even all of them.

Access badge

Permissions Always Held by All Employees

At all times, all active employees (but not Onlookers) can do any of the following:

☑ Provisional

Membership in the Dispatcher, Call-taker, Biller, Lieutenant, and Captain role can be granted provisionally: the role can be exercised only when connected to a company-owned network. That is to say: Provisional role membership grants no privileges while the employee is in the field, or is logging in from home.

AngelTrack determines that an employee is connected to a company-owned network by consulting the Timeclock Hosts List, which is the list of intenet IP addresses of company facilities. When the employee's computer or mobile device is connected to one of the networks in that list, their provisional role memberships take effect.

If you do mark an employee as provisional, then make sure they understand that they will receive various "Access denied" error messages if they are accessing AngelTrack on their mobile device when they leave the office.

Movi integration

Because provisional dispatcher accounts are restricted to company-owned IP addresses, they cannot be used for Movi integration. When Movi connects to AngelTrack via a provisional dispatcher account, AngelTrack will refuse the connection, and note it as a failed logon attempt in the employee's logon history.

☑ Call-taker

Call-takers have the following privileges:

☑ Dispatcher

Dispatches have all the privileges of Call-takers plus:

☑ Biller

Billers have the following privileges:

☑ QA Reviewer

QA Reviewers have the following privileges:

☑ Human Resources

Members of Human Resources have the following privileges:

☑ Lieutenant

Lieutenants have the following privileges:

☑ Captain

Captains have all of the privileges of Lieutenants plus:

☑ Mechanic

Members of the Mechanic role have the following privileges:

☑ Salesperson

Members of the Salesperson role have the following privileges:

☑ Administrator

Members of the Administrator role can read and write any data anywhere in AngelTrack, at any time. They can also:

☑ ★ Principal

Members of the Principal role can do just three things, all of them critical:

  1. Sign the Terms of Service document, binding your company and AngelTrack LLC in the agreement
  2. Alter your retail prices, which are used in many places including the amounts claimed against insurance carriers
  3. Use the Bulldozer to perform bulk moves of dispatches forward or back in the postprocess workflow

No other role is permitted to do these three critical things; not even Administrators. But these are the only privileges conferred by the Principal role.

Only the staff of AngelTrack Headquarters Technical Support can add or remove employees from the Principal role. Normally this role is assigned only to the proprietor, or to the managing partner, or to the general manager. Nobody else should have these privileges. If you wish to designate a different employee as the Principal, then you must contact AngelTrack Headquarters Technical Support -- rather than your reseller's support line -- at (800) 946-1808 to request the change.

☑ ⨀⨀ Onlooker

Members of the Onlooker role can view a special abbreviated dispatch board, which displays all calls that are active and assigned to shifts and affiliates. They can also view these same calls on the Live Map. They cannot see calls that are unassigned or inactive, nor view any details, nor make any changes.

They are also permitted to use the incident system as would any other employee, however they cannot be blamed in any incident. They also cannot be targeted by announcements, even those for "Everyone", unless they belong to other security roles indicating that they are regular employees.

The Onlooker role is intended for use by city and state officials who require real-time oversight of your units. This means you will be issuing an employee account to the official(s), and instructing them how to access and login to your AngelTrack cloud server. Once they log in using an Onlooker account, AngelTrack will automatically take them to the abbreviated dispatch board.

You can restrict each onlooker to a certain city, or a certain county, if they do not have the right to view your other dispatch activity. You can also restrict them to viewing only your emergent and critical calls; AngelTrack will not show them your low-acuity and scheduled work. All of these restrictions can be set for each individual Onlooker, using the Employee Edit page.

☑ Medical Director

Members of the Medical Director role can access the Medical Director Review Queue and perform medical reviews of completed runs, as required by your city and state health regulations. Naturally, your medical director can perform this task remotely over the internet, from home or work or mobile.

When each review is completed, it subsequently appears at the bottom of the QA Review Form.

Medical directors can also use the incident system and the timeclock. They are not targetable by announcements, except via their membership in other security roles.

☑ Doctor

Members of the Doctor role can be selected as the attending doctor in a telemedicine call. The role confers no other privileges.

AngelTrack Help Index - Training Portal - AngelTrack Support