Table of Contents


Assigning Security Roles to Users

Security Roles can be assigned during user creation or modified after user accounts exist. Proper role assignment ensures users have appropriate access permissions while maintaining security and supporting business processes.

Understanding Security Role Assignment

When to Assign Security Roles

  • During User Creation: Assign appropriate roles when creating new users
  • Role Changes: Update roles when user responsibilities change
  • Access Adjustments: Modify roles to grant or restrict access as needed
  • Organizational Changes: Update roles to reflect new business structures or processes

Security Role Compatibility Requirements

Security Role assignment must respect user license type compatibility:

Employee Users

  • Can be assigned Employee Security Role types only
  • Include Administrator System Role, standard employee roles, and limited administrative roles

Partner and Customer Users

  • Can be assigned Partner & Customer Security Role types only
  • Cannot be assigned Employee or Administrator roles due to license type restrictions

Critical Role Change Restrictions

  • Employee to Partner/Customer: Users assigned Employee roles CANNOT later be changed to Partner or Customer roles
  • Partner/Customer to Employee: Users assigned Partner or Customer roles CANNOT later be changed to Employee roles
  • Partner ↔ Customer: Users can be changed between Partner and Customer roles (provided sufficient licenses are available)

Role Type Validation The system prevents assigning incompatible Security Role types to users, ensuring proper access control and license compliance.

Requirements and Permissions

Administrator Assignment

To assign Security Roles to users, you must have:

  • Administrator System Role permissions

Team Manager Assignment (Delegated)

Team Managers can assign specific Security Roles within their scope:

  • Limited to Partner & Customer roles that have been authorized by administrators
  • Account-based restrictions apply based on Team Manager's scope
  • Configured through Team Access module permissions

Assigning Security Roles

Standard Administrative Assignment

  1. Navigate to the Setup Home page
  2. Click Security > Manage Users
  3. Click the user you want to assign a Security Role to
  4. Click Edit
  5. In the Role dropdown list, select the appropriate Security Role
  6. Click Save

Result: User permissions are immediately updated to reflect the new Security Role settings.

Role Selection Strategy

Choosing Appropriate Roles

  • Match Business Function: Select roles that align with the user's job responsibilities and access needs
  • Principle of Least Privilege: Choose roles that provide necessary access without over-permissioning
  • License Type Alignment: Ensure selected roles match the user's license type (Employee vs Partner/Customer)
  • Organizational Structure: Consider how role permissions support team collaboration and hierarchy

Common Role Assignment Patterns

Employee Users

  • New Employees: Start with basic Employee roles and expand as needed
  • Managers: Assign roles with hierarchical permissions appropriate for their team scope
  • Content Creators: Grant roles with module-specific permissions for courses, articles, or other content
  • Administrators: Carefully limit Administrator System Role assignments

Partner Users

  • Standard Partners: Assign basic partner access roles for general collaboration
  • Key Partners: Grant enhanced partner roles for strategic relationships
  • Partner Managers: Assign Team Manager-enabled roles for partner organizations with delegated user management needs

Customer Users

  • Standard Customers: Provide basic customer support and community access
  • Premium Customers: Grant enhanced access based on service level agreements
  • Customer Administrators: Assign Team Manager-enabled roles for customer organizations managing their own teams

Role Assignment Impact and Considerations

Immediate Effects of Role Changes

  • Permissions Update: Access changes take effect immediately
  • Interface Changes: User interface adapts to new role permissions
  • Module Access: Module availability updates based on new role settings
  • Data Visibility: Users may gain or lose access to specific records or fields

User Experience Considerations

  • Session Management: Users may need to log out and back in to see all interface changes
  • Training Requirements: Role changes may require user training on new capabilities or restrictions
  • Communication: Inform users about role changes and any new responsibilities or limitations

Security and Compliance Impact

  • Audit Trail: Role changes are logged for compliance and security monitoring
  • Access Review: Document reasons for role changes for security audits
  • Separation of Duties: Ensure role assignments maintain appropriate separation of sensitive functions

Best Practices for Role Assignment

Strategic Role Management

  • Role Standardization: Use consistent role assignment patterns across similar user types
  • Documentation: Maintain records of role assignments and the business rationale
  • Regular Review: Periodically audit user role assignments for continued appropriateness
  • Change Management: Establish approval processes for role changes, especially for elevated permissions

Security Considerations

  • Access Validation: Test role assignments to ensure they provide appropriate access without over-permissioning
  • Sensitive Role Monitoring: Closely monitor assignments of roles with administrative or sensitive data access
  • Role Proliferation: Avoid creating too many specialized roles; use standard roles when possible
  • Temporary Access: Plan for temporary role assignments and ensure they're reviewed regularly

Operational Efficiency

  • Bulk Assignment: For large user bases, consider patterns that minimize individual role management
  • Team Manager Utilization: Leverage Team Manager capabilities to distribute role assignment responsibilities appropriately
  • User Self-Service: Where appropriate, enable Team Managers to handle routine role assignments

Validation and Testing

Post-Assignment Verification

After assigning Security Roles:

Access Testing

  • Login Validation: Confirm user can log in successfully with new role
  • Permission Verification: Test that user has appropriate entity and module access
  • Interface Check: Verify user interface shows expected options and restrictions
  • Data Access: Confirm user can access appropriate records and fields

Business Process Validation

  • Workflow Testing: Ensure role supports user's actual job functions
  • Collaboration Check: Verify role enables appropriate team interactions
  • Module Functionality: Test that role permissions work correctly across relevant modules

Troubleshooting Common Issues

Role Assignment Failures

  • Compatibility Check: Verify Security Role type matches user license type
  • Permission Validation: Confirm you have Administrator System Role or appropriate Team Manager permissions
  • System Issues: Check for any system errors or conflicts

Access Problems After Assignment

  • Session Refresh: User may need to log out and back in for all changes to take effect
  • Permission Conflicts: Review Field Security and other granular permissions that might restrict access
  • Module Dependencies: Some module access may require additional configuration beyond Security Role assignment

Integration with User Management System

Relationship to Other Access Controls

Security Role assignment works within the broader Magentrix access control framework:

User License Types: Determine compatible Security Role types and data access scope User Groups: Control content sharing within Security Role permissions Team Access: Enable delegated role assignment for Partner and Customer roles Field Security: Provide additional granular control within role permissions

Long-Term Role Management

  • User Lifecycle: Plan role progression as users advance in responsibilities
  • Organizational Changes: Adapt role assignments to support evolving business structures
  • Platform Growth: Design role strategy that scales with organizational expansion
  • Compliance Requirements: Ensure role assignments continue to meet regulatory and security requirements

Proper Security Role assignment ensures users have appropriate access while maintaining security, supporting business processes, and enabling effective collaboration across your Magentrix platform.

 

<< Assigning Record Types To Security Roles


Privacy & Security StatementTerms & Conditions
Copyright © 2025 by Magentrix Corporation - All rights reserved.
Powered by Magentrix