Built-in roles

Caseware Cloud comes with several built-in roles. These roles define both the type of access and operations a user can perform in Cloud. There are two types of built-in roles: Staff roles and Contact roles.

To view the built-in roles, go to the Settings page, then select Security | Role Permissions. The Role Permissions page is displayed.

Security settings - Role permissions

You can select a role to display more information about it in the role menu on the right-hand side of the page.

Note: Built-in roles cannot be modified or deleted. Each organization has at least one user with the Admin user. This super user has the ability to modify organization settings and has permission for everything on the system.

Staff roles

The following tables describe the built-in staff roles.

Administrative roles

These roles are assigned to staff and provide authoritative controls to shape and define an organization's Cloud environment - including its members. Administrative roles typically apply at the system level and cannot be assigned at the entity or item levels.

Role Level What users can do...
Admin System

Every Cloud account must have at least one user assigned to this role. Users with the Admin role can access all content and perform any action. Admins must still be assigned a license to use apps that require one.

Entities Admin

System Create, edit and delete contacts, contact groups, entities, and all content within entities.

Staff Admin

System Create, edit and delete staff and staff groups.
Settings Admin System Access and modify all system settings.

Non-administrative staff roles

These roles are assigned to staff and enable users to work and interact within a defined space (an entity) in Cloud. Staff roles apply at all object levels (system, entity, and item) enabling firms to assign the same role for different user groups while maintaining control over access to content.

Role Level What users can do...

Owner

System

View, edit and delete all items for all entities. In addition, users can grant other people security roles on these items where they are the owner.

Entity

View, edit and delete items for a specific entity. In addition, users can grant other people security roles on items within that entity where they are the owner and create invoices.

Item

View, edit and delete a specific item for a specific entity. In addition, users can grant other people security roles on that item where they are the owner.

Editor

System

View and edit all items for all entities, but not to delete. The user can edit all files and activities content for all entities.

Entity

View and edit all items for a specific entity, but not to delete. The user can edit all files and activities content for that entity only.

Item

View and edit a specific item for a specific entity. The user can edit content for that item only.

Viewer

System View all items for all entities but not to modify this content.
Entity View all items for a specific entity but not to modify this content.
Item View a specific item for a specific entity but not to modify this content.

Entity Access

This role is assigned to staff and enables users to access entities. The Entity Access role does not enable the user to view or manage staff and contacts or any items in an entity. This role is typically assigned to users who would otherwise not know that an entity exists.

  • [System level] At this level, this role enables the user to access all available entities in the system.
  • [Entity level] At this level, this role enables the user to access a specific entity.
  • [Item level] Entity Access is not applicable at this level.

Contact roles

These roles are assigned to Contacts with an email address and enable external parties to access Cloud in a limited capacity. Contact roles typically apply at the item level (for a specific entity or specific items within an entity).

Role Level Description

Contact - Entity Collaborator

Entity

A contact can be given the Contact - Entity Collaborator role for an entity to collaborate on activities and files within the entity. They also require an Owner, Editor, or Viewer role on any activities and files they will be working with.

These users can create and upload files and activities. They are assigned a Contact - Owner role on these files and activities.

This role is assigned to contacts to associate them to an entity without the ability to receive notifications or access any features.

Contact - Entity Access

Entity

A contact can be given the Contact - Entity Access role to read the entity details from the Entities app. They also require a Owner, Editor, or Viewer role on any activities and files they will be working with.

The Contact - Entity Access role can be removed, so the contact can no longer view the entity.

Contact - Owner

Item

A contact will be given the Contact - Owner role when they create an activity or file. They are automatically assigned an Owner role for that item. The contact's Owner role is the only contact role that grants the permission to delete an item. This role does not provide permissions to share items.

The Contacts - Owner role can be removed, so the contact can no longer delete the item, but the interface still tracks who created the item and when.

Contact - Editor

Item

A contact can be given the Contact - Editor role access to a file or an activity. The Contact - Editor role enables the contact the ability to edit and download the file or activity where they have this role. This role does not provide permissions to share items.

The Contact - Editor role can be removed, so the contact can no longer edit the item, but the interface still tracks their changes and will list the item as " Last Modified By" as applicable.

Contact - Viewer

Item

A contact can be given the Contact - Viewer role to access a file or an activity. The Contact - Viewer role enables the contact the ability to view the file or activity where they have this role and comment on the activities. This role does not provide permissions to share items.

The Contact - Viewer role can be removed, so the contact can no longer view the item.

Associated

This role is assigned to contacts to associate them to an entity and without the ability to sign in to Cloud, receive notifications, or access any features.