About Magentrix Security Roles

Security Roles are the foundation of access control in Magentrix, determining what users can see and do within the portal. They work in conjunction with User Groups to provide comprehensive permission management across all modules and content areas.

Understanding Security Roles

What are Security Roles?

Security Roles contain permissions and access settings that control:

Entity Access: Read, Create, Edit, and Delete permissions for specific entities
Field Security: Granular control over individual fields within entities
Module Access: Permissions for specific Magentrix modules and features
Data Scope: Combined with user license types to determine data visibility boundaries

Integration with User Management System

Security Roles work closely with other Magentrix access control mechanisms:

User License Types: Employee, Partner, Customer, and Partner Account-based licenses determine the data scope
User Groups: Control content sharing and module access within the permissions granted by Security Roles
Team Access Module: Team Managers can assign specific Security Roles within their authorized scope

Security Permission Levels

Entity-Level Security

To access an entity or its associated modules, users must have appropriate permissions:

Read: View entity records and data
Create: Add new entity records
Edit: Modify existing entity records
Delete: Remove entity records

By default, entity access grants users access to all fields within that entity, but this can be restricted through Field Security.

Field-Level Security

Field Security provides granular control over individual fields within entities:

Purpose: Restrict access to sensitive or confidential fields
Common Usage: Field Security is commonly used and should be reviewed during role configuration
Best Practice: Administrators should review and limit field exposure for each role and entity combination
Implementation: Applied after entity permissions to further refine access

Security Role Types

Security Role types align with user license types and determine the scope of data access:

Employee Security Roles

User License Compatibility: Can only be assigned to users with Employee licenses
Data Access Scope: Access records within the entire organization without account-based restrictions
Security Model: Controlled by organizational hierarchy and record sharing model
Administrative Capabilities: Can include limited or full administrative permissions
Manager Hierarchy: Supports internal security hierarchy for Employee users

Partner & Customer Security Roles

User License Compatibility: Can only be assigned to users with Partner User, Customer User, or Partner Account-based licenses
Data Access Scope: Access limited to records associated with their specific Account and Contact records
Security Model: Controlled by Account and Contact associations and external organizational hierarchy
Account Hierarchy: Supports hierarchical access when parent/child account relationships are configured
Team Access Integration: These roles can be assigned by Team Managers through the Team Access module

Guest Security Roles

Purpose: Control access for public visitors not logged into the portal
Default Permissions: No Read, Create, Edit, or Delete permissions by default
Module Access: Module data is not shared with Guest roles by default
Public Access: When permissions are granted, content becomes publicly accessible without authentication
Custom Communities: Separate Guest roles are created for the main portal and each Custom Community
Security Warning: Any content made accessible to Guest roles becomes public domain

System Roles

Magentrix provides default Security Roles for essential system functions:

Administrator System Role

Highest Privileges: Complete system access and configuration capabilities
Default Permissions: Read, Create, Edit, and Delete access to all components and modules
Exclusive Access: Some features (portal design, layout, system settings) require Administrator role
User Assignment: Can be assigned to Employee license users only
Security Recommendation: Limit Administrator role assignments to minimize security exposure
Best Practice: Only assign to users who need complete system access

Guest System Role

Purpose: Represents public visitors without user accounts
Default State: No entity or module permissions by default
Customization: Administrators can grant specific permissions for public access needs
Scope: Separate Guest roles for main portal and Custom Communities

Security Role Design Best Practices

Role Strategy and Planning

Minimize Role Count: Keep the number of Security Roles as small as possible to simplify administration
Role Consolidation: Combine similar permission requirements into single roles rather than creating many specialized roles
Clear Naming: Use descriptive names that clearly indicate the role's purpose and scope
Documentation: Maintain records of each role's purpose and intended user base

Permission Configuration

Start Minimal: Begin with minimum required permissions and expand as needed
Entity Review: Systematically review entity permissions for each role
Field Security: Always review and restrict field access based on role requirements
Regular Audits: Periodically review role permissions to ensure they remain appropriate

User Type Alignment

License Type Matching: Ensure Security Roles align with appropriate user license types
Scope Consistency: Verify that role permissions make sense within the user's data access scope
Team Manager Compatibility: For Partner & Customer roles, consider whether they should be assignable through Team Access

Role Assignment and Management

Assignment Rules

One Role Per User: Each user can have only one Security Role assigned
License Type Restrictions: Roles can only be assigned to compatible user license types
Team Manager Limitations: Team Managers can only assign Partner & Customer Security Roles

Common Role Patterns

Employee Roles

Employee - Standard: Basic employee access with limited administrative capabilities
Employee - Manager: Enhanced permissions for team management and content creation
Employee - Administrator: Full system access for system administrators

Partner Roles

Partner - Basic: Standard partner access to shared content and resources
Partner - Advanced: Enhanced partner access with additional module permissions
Partner - Team Manager: Partner role with Team Access module permissions

Customer Roles

Customer - Standard: Basic customer support and community access
Customer - Premium: Enhanced customer access based on service level
Customer - Team Manager: Customer role with Team Access module permissions

Integration with Access Control Systems

User Groups and Content Sharing

Security Roles determine what entities and modules users can access, while User Groups control:

Content sharing within those permissions
Module-specific access (LMS courses, Articles, Playbooks, etc.)
Auto-segmentation for dynamic content delivery

Team Access Module Integration

Security Roles enable Team Access functionality by:

Defining which roles have Team Manager capabilities
Determining which Partner & Customer roles can be assigned by Team Managers
Setting boundaries for delegated user administration

Module-Specific Permissions

Each Magentrix module respects Security Role permissions:

Module access requires appropriate entity permissions
Module content sharing uses User Group segmentation
Module functionality may require specific Security Role capabilities

Advanced Security Implementations

Custom Security Requirements

While Magentrix Security Roles provide comprehensive out-of-the-box access control, some organizations require specialized security implementations that go beyond standard entity and field permissions.

Junction Object Visibility

The most common custom security requirement involves controlling visibility through junction objects - relationships between entities that require specialized access logic. Examples include:

Complex partner hierarchies with multiple relationship layers
Customer access based on project or contract relationships
Multi-tiered partner programs with specialized access requirements

Professional Services Implementation

When standard Security Role configurations cannot meet specific business requirements:

Assessment Required: The Magentrix Professional Services (PS) team evaluates the security requirements
Custom Development: PS team implements specialized security logic and junction object relationships
Testing and Validation: Custom implementations are thoroughly tested to ensure proper access control
Documentation: PS team provides implementation documentation and maintenance guidance

When to Engage Professional Services

Contact the Magentrix PS team when you need:

Complex multi-entity relationship security
Junction object-based access control
Custom organizational hierarchy implementations
Specialized partner or customer access patterns that exceed standard Security Role capabilities

These custom implementations ensure that Magentrix can accommodate even the most complex organizational security requirements while maintaining system integrity and performance.

Data Protection

Field Security: Use Field Security to protect sensitive personal or business information
Scope Limitation: Ensure roles provide appropriate access without over-permissioning
Regular Review: Audit role permissions regularly for compliance and security

Access Control Validation

Test Role Permissions: Validate role access with test user accounts
Cross-Role Testing: Ensure different roles have appropriate access boundaries
Module Integration: Test role permissions across all relevant Magentrix modules

Security Roles form the foundation of Magentrix's comprehensive access control system, working seamlessly with user license types, User Groups, and modules to provide secure, scalable permission management across your entire portal ecosystem.

Tutorial video for managing security roles:

See more:

Magentrix Security Roles Checklist >>

Table of Contents