Built-in roles

Caseware Cloud comes with several built-in roles. These roles define both the type of access and operations a user can perform in Cloud. Each built-in role is applicable to either staff or contacts.

To view the built-in roles, go to the Settings page, then select Security | Role Permissions.

Security settings - Role permissions

Select a role to view more information about it in the menu on the right-hand side of the page.

Notes:

  • Built-in roles cannot be modified or deleted.

  • Each organization must have at least one user with the Admin role. This user has all permissions and the ability to modify any organization setting.

Staff roles

Built-in staff roles include organization and content roles. Staff roles can be assigned to staff or staff groups.

Organization roles

Organization roles provide organization-wide rights. Staff with these roles can shape and define the organization's Cloud environment.

  • If an organization role is assigned in a firm utilizing the business units feature, it applies to all business units in the organization.

  • If an organization role is assigned in a non-business unit firm, it applies to the entire Cloud site (i.e. system-wide).

The following table describes the built-in organization roles for staff.

Role Scope Description
Admin Organization-wide

Every organization must have at least one staff member with the Admin role. Admins have all permissions and the ability to modify any organization setting.

Note: You must still allocate app licenses (for apps that require them) to staff with the Admin role.

Settings Admin

Organization-wide

Settings Admins can edit all system settings.

Staff Admin

Organization-wide

Staff Admins can create, view, edit and delete staff and staff groups.

Content roles

Content roles provide system-wide, entity level or entity content level rights.

  • If a content role is assigned system-wide, it applies to all entities in the Cloud site (non-business unit firms) or a single business unit (business unit firms).

  • If a content role is assigned at the entity level, it applies to the specified entity.

  • If a content role is assigned at the content level, it applies to the specified content in an entity.

The following table describes the built-in content roles for staff.

Role Scope Description
Entities Admin System-wide Entities Admins can create, view, edit and delete contacts, contact groups, entities, and all content within entities.

Owner

System-wide, Entities and content within them

Owners can view, edit and delete entity content, and assign roles to other staff where they have this role.

Editor

System-wide, Entities and content within them

Editors can view and edit entity content where they have this role.

Viewer

System-wide, Entities and content within them

Viewers can view entity content where they have this role.

Entity Access

System-wide, Entities and content within them

Entity Access allows staff to access entities where they have this role, so that they can be assigned a security role on content such as an activity or a file. It does not allow them to view or edit staff, contacts or other entity content, but does allow them to view the entity summary and details.

This role is typically assigned to staff who would otherwise not know that an entity exists.

Contact roles

Contact roles provide entity level (an entity) or content level (content within an entity) rights. Contacts with these roles can access Cloud in a limited capacity, or not at all (with the Associated role).

The following table describes the built-in roles for contacts.

Role Scope Description

Contact - Entity Collaborator

Entities and content within them

Contact - Entity Collaborators can create new content and access existing content in entities where they have this role. They can receive file requests.

Contact - Entity Access

Entities and content within them

Contact - Entity Access allows contacts to access existing content in entities where they have this role. It does not allow them to receive file requests or initiate any communication.

Associated

Entities and content within them

Associated allows contacts to be associated with an entity. It does not allow them to sign in to Cloud, receive notifications, or access any features.

Contact - Owner

Entities and content within them

Contact - Owners can view, edit and delete content where they have this role. They cannot share content.

This role is automatically assigned on activities or files that contacts create.

Contact - Editor

Entities and content within them

Contact - Editors can view and edit content where they have this role. They cannot share content.

Contact - Viewer

Entities and content within them

Contact - Viewers can view content where they have this role. They cannot share content.