Creating custom roles for account permissions

Who can use this feature:
 
 Admins
 
 Available for Enterprise only
 

We’re excited to announce a new game-changing capability within account permissions! Introducing…custom roles! 🎉

With custom roles, Enterprise admins can create unique, account-level roles according to a team member’s job title, department, or any other suitable definition and then assign specific permissions for that role. This feature was built with the goal of simplifying the effective governance of an account while giving the proper amount of freedom to employees within their domain.

How to locate it

The custom roles feature is part of the larger account permissions. Therefore, to access it, start by clicking on your profile picture in the bottom left corner, selecting “Admin”, and then click into the “Permissions” section, as shown below.

Create a new role

Custom roles are created based on existing roles (also known as user types) on the account, and they can then be customized and assigned to any user.

To start creating a new role, click on the “New role” button at the top of the screen, as shown below. 

Note: At the moment, when creating a new role, you can choose to create it based on any user type aside from the account admin role.
 

Next, enter a name for your custom role and select an existing role which it will inherit permissions from. As an example, if you select the existing role of “Guest,” your new custom role will inherit the default permissions that a guest has, such as the ability to only access boards that are shared with them (amongst other Guest permissions as well).

Once complete, click on “Create” to finalize the creation of your new role! 

Define its permissions

Now that you’ve created a new role on your account, it’s time to define and customize the permissions that it entails! To do so, make sure your new role is selected and highlighted in blue under “Account roles,” and then select specific permissions on the right side to apply them to that role or de-select them to remove that capability from the role.

And voila! You now have a brand new, unique user role on your account, which you can assign to any team member. Continue reading to learn how this can be done. ⬇️

Assign the role 

To assign a custom role to team members on your account, start by entering the user management section. After locating the team member(s) who you’d like to assign to this role, click on the drop-down arrow under the “User Type” column and select the custom role.

Edit or delete a custom role.

Looking to rename or remove a custom role that you’ve created? This can easily be done by hovering or selecting the custom role and then clicking on the three-dot menu on the right of it. From the resulting menu, you can click on “Rename” to change the name of the role or on “Delete” to remove it fully!

Use cases

While there are endless uses for the custom roles feature, check out a few common use cases that can be really valuable to try out!

  • Create a sub-admin role.

If you’re looking to create an account role that will be able to perform specific admin actions (such as managing account users, security, or billing) without providing them full admin access, then creating a “sub-admin” role can be the solution for you!

Here, we’ll create a “Billing Admin” role which is based on the “Member” role, and then we’ll select the “Access the Billing section” permission under “Admin Privileges”. This will allow any Billing Admin to have full control of the account billing, without granting them other admin capabilities, such as managing account security, for example.

 Tip: Check out this article to learn more in-depth about what each of these admin-level permissions means!

  • Enable only specific members of a team to create automations.

For this first use case, we’re looking to allow only specific members of a team to create automations, and to prevent others from having this ability.

To do this, we first created a new custom role which is similar to the “Member” role, except that it does not allow automations to be created. Then, after filtering the user management page to only display members from our Marketing team, we can select this role to prevent specific team members from being able to create automations.

  • Enable only specific team members to set up integrations 

Last but certainly not least, we are looking for a way to restrict the ability to create certain integrations from specific users on our account. To do this, we created a new custom role that inherits permissions form the Member role and then unchecked the box next to “Create integrations.”

This custom role will now act like a full Member role with the exception of the ability to create new integrations, and it can then be assigned through the user management section with ease!

SCIM provisioning with custom roles

A system for Cross-domain Identity Management (a.k.a. SCIM) is a protocol for user management across multiple applications. It allows an IT or Operations team to easily provision (add), de-provision (deactivate), and update user data across multiple applications at once.

For more information about SCIM setup options and how to set up SCIM provisioning to support custom roles, please visit the dedicated support article.

For further questions, please visit our Knowledge Center.  To view the Knowledge Center, click the Home Page icon the top right of your page, then select “Support” and make you way to “Help Center” in the bottom left.  If you have additional questions, please feel free to contact our team by selecting the blue “Contact Us” button.