Custom roles

Introduction 

Custom roles are administrator-defined permissions to access a team.

💡Note

All custom roles start from the basic user roles: viewer, builder, manager. A user can have multiple roles in a tenant, but only one role per team.

🪄Tip

You can turn on and off individual features for that user role.

Creating a custom role 

Administrators own creating custom roles.

  1. To start: Navigate to the user profile and choose Custom roles

  2. Choose the +Role button in the top left corner

  3. Name the role

  4. Give a description, this appears below the role for other users

  5. Customize the feature level permissions (see the feature table below)

  6. Click create in the bottom left of the modal

Updating custom roles 

Administrators can make updates to custom role permissions.

To do this, they:

  1. Navigate to Custom roles

  2. Click the role you want to edit

  3. Change the permissions

  4. Click Save

As a reminder, you cannot change the role name, only the permissions.

Feature permission list 

These features allow granualar access. They are binary (on or off). The table details what permissions enabling the feature allows. Below is a brief overview of those permissions.

  • Read permissions allow a builder to see the information, but not interact with it.

  • Write permissions allow a builder to update the information, but not perform destructive or permissive actions (add members, change permissions, etc.).

  • Manage permissions allow the builder to move, change permissions, or perform destructive actions. This should be limited to roles where a builder can perform destructive actions.

Note: Assigning a less restricted permission for a feature will not allow that role to inherit the more restricted permissions - e.g., assigning a Manage type permission will not grant the role the Edit and View type permissions for that feature, so when adding a Manage permission you will typically want to add the Edit and View permission for that object type as well.

Permission templates 

To help get started, you can choose to start from a team role template. Then customize from there. This auto-enables the team RBAC feature permissions.

All disabled features default to view-only.

Take a look 

▲  Take a look at creating a role
Was this helpful?