TABLE OF CONTENTS
Introduction & Context
A Role represents a specific function within the organisation's hierarchy (e.g. Risk Manager, Internal Auditor).
In the CGR Platform, a Role is not just a single entity but a central organisational unit that binds Users, Teams, and Security Groups together.
- Users are assigned to Roles
- Teams are assigned to Roles
- Roles are linked to Security Groups where permission sets are assigned to Registers.
This structure helps ensure that permissions are granted in an organised and consistent manner across all users, teams, and groups, reducing administrative overhead while maintaining security in access control.
Key Features & Functions
- Role-Centric User Management: When Role-based user management is enabled, Roles serve as the intermediary between Users and Permissions.
- Assignment of Users and Teams to Roles: Users and Teams are assigned to specific Roles, which are then linked to Security Groups.
- Hierarchical Structure: Roles are organised hierarchically, much like business units, locations, and projects. This hierarchy mirrors your organisation's structure and ensures that the access control aligns with your organisational needs.
- Multiple Roles Per User: A single User can be assigned multiple Roles. The permissions granted to that User are defined by the Security Groups associated with those Roles.
- Role Sharing Across Users: Roles can be shared by multiple users who perform similar tasks. For instance, a 'Management' Role can be assigned to several users who share similar responsibilities within the organisation.
Important Notes
Roles can be assigned to users by:
- System Administrator
- Team Administrator or Team Manager (if team management is enabled). Note that team admins/managers can only assign Roles that are linked to the team by a system administrator.
Note: Roles can be assigned to users only if user centric management is disabled in settings.
Step-by-Step Guide To Create a Role
- Navigate to the Admin section, enter Roles in the search box and click on the Roles icon to navigate to 'Roles' list view.
- Click the Add button to open the 'Add Role' form.
- Fill in the required and other relevant fields
| Field | Description |
| Title | Name of the Role (e.g. Internal Auditor) |
| Description | An optional field to provide additional context or purpose of the role. |
| Reports To | Defines the hierarchical parent role. Used to model organisational structure. |
| External ID | A reference identifier for external system integrations, if applicable. |
| Active | Indicate whether the Role is active. |
| Users | Assign users to this Role. A role can be filled by one or more users. Each assigned user will inherit the Security Groups linked to the role. |
| Security Groups | Security groups granted through this role that determine the projects and modules that the users linked to this role can access. |
| Teams | Teams associated with this Role. |
4. Click Save to finalise the Role configuration.
Common Issues & Troubleshooting
Can a user have multiple Roles and vice-versa?
Yes, a user can be assigned multiple Roles if their responsibilities require them to have different permissions or tasks across various areas of the organisation. Likewise, multiple users can share the same Role, especially when they have similar responsibilities (e.g. a 'Management' Role can include several users).
How are Security Groups related to Roles?
Security Groups are assigned to Roles to control user access permissions. Users inherit permissions from the Security Groups linked to their assigned Roles.
What happens if a user is not assigned a Role?
If User-Centric Group Management is disabled, users without a Role can’t access registers, except in the case where they are linked to items via ABAC or when Global permission set is enabled.
How do I find out the Role(s) assigned to me?
If User-Centric Group Management is Disabled:
- Go to the Admin section and select 'Users' from the top dropdown.
- Find your name in the Users list and click the Edit icon.
- Scroll to the 'Security' section to view your assigned role(s)
If User-Centric Group Management is Enabled:
- Roles are automatically created and mapped to users. Role details can be found in Admin Roles, but they are less significant in this mode.
Important points to remember: - Administrator access is required to check User Role assignments.
- Check a user's level of access by navigating to the User's Access Control Matrix linked to your profile in the Admin Users List View.
A User can’t access a register.
Check the user's Role assignments and ensure the correct Security Groups are linked. Use the User's Access Control Matrix to verify access permissions.
A newly added user is assigned a Security Group by default.
Verify if a Security Group has 'Default' enabled, which automatically assigns it to all new users.
A User can see all registers without being linked to a Role.
Check if a Global Permission Set is enabled. If so, all users have access to all registers.
A User can see a few registers but there is no linked Role or Security Group on the User page.
A user can be assigned a Role through their teams. Security groups assigned via teams won't appear on the User profile page but still apply to the user.
How do I change a user's Role?
Navigate to Admin > Users, select the user, edit their profile, and update their assigned Role(s).
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article