Create custom security roles

In the course of regular business for your organization, you need to control access to your client files. Different engagement teams require access to their specific client files, but they are restricted from accessing other clients' materials. Some staff require access to all client files for an engagement, while others only need to access the documents assigned to them.

You can manage access to your organization's engagements and the related engagement material in Cloud using security roles.

The built-in security roles cover the more common types of security access that you might want to give to your users. You can, however, also create custom roles for your organization.

To create custom security roles:

  1. Ensure that you have the Settings Admin role or the equivalent privileges.

  2. From the Cloud menu, select Settings.

  3. Select Security | Role Permissions.

    Security Role Permissions

  4. Select Add Role.

  5. Complete the following fields:

    • Name

    • Description

    • Applies To: (Staff or Contacts)

    • Scope (System-wide, Content within entities or both)

    The New Role dialog.

  6. Select Next.

  7. Select one or more permissions to add those permissions to the role. When you are finished, select OK.

    The bottom of the Role Permissions dialog. The permissions to create, read, edit, delete and share files are all selected.

    Best Practice: Note that the Share permission allows users to grant themselves and others all available permissions for entities or entity content, even if the permissions provide a higher level of access than the user currently has. For example, if you create a custom system-wide role that has only the Share permission for entities, users with this role will be able to grant themselves and other users the Owner role on any entity. We recommend using the built-in Admin, Entity Admin, and Owner roles to grant users the ability to manage entity access. To learn more, see Built-in roles.