Skip to main content

Managing Roles

Roles define what a set of users can do. Each user has one role, and a role has a set of permission scopes.

Viewing roles​

Go to Admin → Roles. You'll see all roles with their name and a summary of their permissions.

Requires admin:roles:view permission.

Creating a role​

Click New Role, enter a name, and save.

Requires admin:roles:create permission.

Editing a role's name​

Click Edit on a role row and change the name.

Requires admin:roles:edit permission.

Changing a role's permissions​

Click Manage Permissions on a role row. Toggle the scopes on or off. All users with that role will immediately gain or lose the changed scopes on their next token refresh (or next login).

Requires admin:role:permissions:manage permission.

Deleting a role​

Click Delete. Note: you cannot delete a role that has users assigned to it — reassign those users first.

Requires admin:roles:delete permission.

Default roles​

The system ships with one built-in role: Admin. See Your Role for what the Admin role can do by default.

caution

Changing a role's permissions affects all users with that role. Think carefully before removing a scope — it may break someone's workflow immediately.