Built-in roles
Caseware Cloud comes with several built-in roles. These roles define both the type of access and operations a user can perform in Cloud. Each built-in role is applicable to either staff or contacts.
To view the built-in roles, go to the Settings page, then select Security | Role Permissions.
Select a role to view more information about it in the menu on the right-hand side of the page.
Notes:
-
Built-in roles cannot be modified or deleted.
-
Each organization must have at least one user with the Admin role. This user has all permissions and the ability to modify any organization setting.
Staff roles
Built-in staff roles include organization and content roles. Staff roles can be assigned to staff or staff groups.
Organization roles
Organization roles provide organization-wide rights. Staff with these roles can shape and define the organization's Cloud environment.
-
If an organization role is assigned in a firm utilizing the business units feature, it applies to all business units in the organization.
-
If an organization role is assigned in a non-business unit firm, it applies to the entire Cloud site (i.e. system-wide).
The following table describes the built-in organization roles for staff.
Role | Scope | Description |
---|---|---|
Admin | Organization-wide | Every organization must have at least one staff member with the Admin role. Admins have all permissions and the ability to modify any organization setting. Note: You must still allocate app licenses (for apps that require them) to staff with the Admin role. |
Settings Admin | Organization-wide | Settings Admins can edit all system settings. |
Staff Admin | Organization-wide | Staff Admins can create, view, edit and delete staff and staff groups. |
Content roles
Content roles provide system-wide, entity level or entity content level rights.
-
If a content role is assigned system-wide, it applies to all entities in the Cloud site (non-business unit firms) or a single business unit (business unit firms).
-
If a content role is assigned at the entity level, it applies to the specified entity.
-
If a content role is assigned at the content level, it applies to the specified content in an entity.
The following table describes the built-in content roles for staff.
Role | Scope | Description |
---|---|---|
Entities Admin | System-wide | Entities Admins can create, view, edit and delete contacts, contact groups, entities, and all content within entities. |
Owner | System-wide, Entities and content within them | Owners can view, edit and delete entity content, and assign roles to other staff where they have this role. |
Editor | System-wide, Entities and content within them | Editors can view and edit entity content where they have this role. |
Viewer | System-wide, Entities and content within them | Viewers can view entity content where they have this role. |
Entity Access | System-wide, Entities and content within them | Entity Access allows staff to access entities where they have this role, so that they can be assigned a security role on content such as an activity or a file. It does not allow them to view or edit staff, contacts or other entity content, but does allow them to view the entity summary and details. This role is typically assigned to staff who would otherwise not know that an entity exists. |
Contact roles
Contact roles provide entity level (an entity) or content level (content within an entity) rights. Contacts with these roles can access Cloud in a limited capacity, or not at all (with the Associated role).
The following table describes the built-in roles for contacts.
Role | Scope | Description |
---|---|---|
Contact - Entity Collaborator | Entities and content within them | Contact - Entity Collaborators can create new content and access existing content in entities where they have this role. They can receive file requests. |
Contact - Entity Access | Entities and content within them | Contact - Entity Access allows contacts to access existing content in entities where they have this role. It does not allow them to receive file requests or initiate any communication. |
Associated | Entities and content within them | Associated allows contacts to be associated with an entity. It does not allow them to sign in to Cloud, receive notifications, or access any features. |
Contact - Owner | Entities and content within them | Contact - Owners can view, edit and delete content where they have this role. They cannot share content. This role is automatically assigned on activities or files that contacts create. |
Contact - Editor | Entities and content within them | Contact - Editors can view and edit content where they have this role. They cannot share content. |
Contact - Viewer | Entities and content within them | Contact - Viewers can view content where they have this role. They cannot share content. |