Administrators can create and assign roles to users to govern access to user-created objects in .
defaultrole, which allows users to use the user-created object types.
As needed, you can create user roles to define different access levels for different object types.
NOTE: You must be an administrator to create new roles.
NOTE: Roles are additive. If you assign multiple roles to a user account, the user receives the highest level of access for each privilege among the assigned roles.
NOTE: When a role is assigned, unassigned, or modified, the changes to privileges are immediately applied to the associated user accounts. A new login is not required.
To create a new role, please complete the following steps.
Create Role dialog
For more information, see Create Role Dialog.
Suppose you wish to limit a set of users to read-only access to role-based objects.
Privileges: For each available privilege, select
NOTE: Some privileges may not have a
Suppose you wish to limit a set of users to only be able to work with flows. These users should be able to view, share, edit, schedule, run jobs, and delete flows.
For the flows privilege, select
For every other privilege, select
In some circumstances, you may wish to assign an empty role to a user. For example, you may wish to limit some administrators to only be able to configure aspects of the platform without providing access to any user-created objects.
For every privilege, select
After a role has been created, you can assign it to users.
NOTE: Assigning a role adds the role to the user's account. It does not replace any role that is already present in the account.
NOTE: When you assign or unassign a role, the privileges are immediately applied to the assigned user's account. The user does not need to re-login to see the changes.
In the Assign role dialog, enter a list of email addresses for users to whom you wish to assign the role.
After a role has been created, you can modify it as needed.
NOTE: When the privileges of a role are modified, the changes are applied immediately to all users who are currently assigned the role. Before making modifications, you should review the users who could be affected. See Role Details Page.
Tip: If you are changing the privileges of a role, you might want to create a role that contains only the replaced privileges. For example, if you are changing access to flows in Role A from
Suppose you wish to reduce privileges for the
default role, which is assigned to all users. At the same time, some user should be assigned author-level access to the available objects. Here is the following general flow for managing this modification.
NOTE: You cannot modify the name of the
Flow Authorrole, which has
authorprivilege for flows and no other privilege. Optionally, for the other privileges, you could provide
vieweraccess, which enables read-only access.
Assign these roles to users as needed. For example, for the
Flow Author role, you can assign it to each user that must create flows.
Tip: Since roles are additive, you have not removed any privileges yet.
Use the following steps to remove a role from a user account.
NOTE: Removing a role from a user account may remove access to objects that the user has created. If the user is the owner of these objects, some access may be removed permanently, even if the object is shared. For more information, see Overview of Sharing.
For more information, see Role Details Page.
You are permitted to delete roles that are still assigned to users. Deleting a role removes the role from all user accounts and cannot be undone. Before you delete a role, you should review the list of affected users and the objects to which they have access.
See Roles Page.