Custom roles are administrator-defined permissions to access a team.
All custom roles start from the basic user roles: viewer, builder, manager. A user can have multiple roles in a tenant, but only one role per team.
You can turn on and off individual features for that user role.
Administrators own creating custom roles.
To start: Navigate to the user profile and choose
Choose the +Role button in the top left corner
Name the role
Give a description, this appears below the role for other users
Customize the feature level permissions (see the feature table below)
createin the bottom left of the modal
Administrators can make updates to custom role permissions.
To do this, they:
Click the role you want to edit
Change the permissions
As a reminder, you cannot change the role name, only the permissions.
These features allow granualar access. They are binary (on or off). The table details what permissions enabling the feature allows. Below is a brief overview of those permissions.
Readpermissions allow a builder to see the information, but not interact with it.
Writepermissions allow a builder to update the information, but not perform destructive or permissive actions (add members, change permissions, etc.).
Managepermissions allow the builder to move, change permissions, or perform destructive actions. This should be limited to roles where a builder can perform destructive actions.
Note: Assigning a less restricted permission for a feature will not allow that role to inherit the more restricted permissions - e.g., assigning a Manage type permission will not grant the role the Edit and View type permissions for that feature, so when adding a Manage permission you will typically want to add the Edit and View permission for that object type as well.
To help get started, you can choose to start from a team role template. Then customize from there. This auto-enables the team RBAC feature permissions.
All disabled features default to view-only.