This article describes how to view, add and customize user roles and how to remove or assign user roles to specific accounts.
Your Code42 environment has a pre-existing set of user roles or privileges that can be applied to user accounts. These built-in user roles generally provide administrators with the fine-grained set of permissions and roles needed for most use cases. In addition, you can create your own custom roles for more flexible management of user permissions within your Code42 environment.
Administrative privilege requirements
- Only users with the SYSADMIN or System Administrator roles have the ability to add, delete, or edit roles.
- Only a SYSADMIN can add the admin permission to a role, or edit and delete roles that have the admin permission.
- You must have your own master server to create and modify custom roles. If your Code42 environment is entirely within the Code42 cloud, you can only view roles and assign them to your users.
Custom roles and permission dependencies
Due to the dependency between permissions, your custom role may not perform as expected. If possible, use an existing role as a template, and carefully add or remove permissions from this duplicated role. Test all custom roles thoroughly before assigning them to users.
For more information on our recommended best practices, refer to Best Practices For Custom Roles & Permissions.
If you require assistance with the creation of custom roles, please contact our sales team. Assistance with custom roles is beyond the scope of regular support.
View existing roles
Follow these steps to view which permissions make up each role.
- Sign into the administration console as a SYSADMIN user.
- Navigate to Settings > Security > Roles.
- Under the Roles list, select a role.
The permissions granted by the selected role are displayed in the right pane under Permissions.
To create a new or custom role, use the following steps.
- From Settings > Security > Roles, click Add located in the lower left-hand corner of the screen. The Edit Roles and Permissions pane is displayed.
- Name the new role.
- Select the permissions to assign to the new role.
- Click Save.
The new role is now listed within the Roles pane.
Duplicate existing role
To use an existing role as a template for a new role, use the following steps.
- Select the existing role to act as the template.
- Click the Duplicate this role icon to create a new role in the Roles pane.
- Edit the copied role to fine-tune permissions.
To modify or make changes to an existing role, use the following steps.
- Select the role you would like to make changes to.
- Click the Edit this role icon to display the Edit Roles and Permissions pane.
- Update the roles's name.
- Select or de-select permissions to add or remove permissions from the role.
- Click Save.
Note: Only user created roles can be edited or modified. System default roles cannot be changed.
To remove or delete an existing role, use the following steps.
- Select the role you would like to remove.
- Click the Remove this role icon.
- Confirm the deletion of the selected role.
Note: Only user created roles can be removed or deleted. System default roles cannot be removed.
Assign role to specific user
To assign a role to a specific user, follow the below steps.
- Navigate to the User Detail view.
- From the Action Menu, select Edit.
- Select the Roles tab.
- From the Available Roles list, select the role you'd like assigned to the user.
- Click the right facing arrow to add the selected role.
- Select Update User to save your changes.
Advanced role assignment using LDAP integration
Your Code42 environment's LDAP integration can be configured to assign user roles based on specific LDAP attributes. You must have at least one LDAP server created and fully configured before you can assign roles via LDAP Attribute Mapping.
- Go to Settings > Security > LDAP.
- Verify the Role name script code outputs the correct values for your environment using the LDAP search results in the right column.
- Click Save to apply the changes.
For assistance creating a Role name script, please contact Sales.