Skip to content

Role Assignments

Configuration Scope: Exportable

This setting is included in configuration exports and will be the same across all environments once the config file is imported.

Understanding Permission Levels

Role assignments link permission sets to users. For an overview of how permission levels work (System Admin, Record Admin, and User), see Understanding User Permission Levels.

Overview

Control who gets what permission set from the Role Assignments tab. The permissions work like Share Point permissions - for example you can grant everyone read access, and then grant specific users, groups, or roles additional access

Add Assignment

  • Click Add Assignment

image.png

  • From Content Type Scope choose which Record Type this assignment should be connected to, e.g. All or a specific Record Type
  • In Unique Identifier add a unique but meaningful name for your role assignment
  • In Description explain what the permissions are meant to do
  • Select the relevant Permission Set you want to use (if you don't see any options, check the Permissions Set instructions on how to add options)

image.png

  • When choosing who to provide permissions to, you can select from one or more of the following:

  • Public Access would allow this permission for all users

  • In User ID use Graph User ID or UPN to provide access to a named user(s)
  • In AAD Group Name specify AAD group display names from Entra, separated by commas, to provide access to groups
  • In Record Role Names select the role(s) you want to provide access to
    • Note for Record Creation Permissions (v2.3.0+): The Record Role Names field is not applicable when configuring record creation permissions, as roles only exist on records that have already been created

image.png

  • Choose whether the permissions are to be restricted to a specific Organisation (see Organisation Levels and Organisation for details on how to manage these options)
  • Choose whether the permissions apply to all record stages or a specific record Stage

image.png

  • Not used often, but an additional level of control about when to apply the permissions is available using Field, for example you can specify a rule about applying permissions when a selected field equals a certain value

image.png

  • Select Save when ready to save the Role Assignment

image.png

Manage Assignment

  • Locate a Role Assignment
  • Select Edit to modify the details
  • Select the arrow next to Edit to Clone or Delete

image.png