Table of Contents


Creating and Cloning Security Roles

Administrators can create new Security Roles or clone existing roles to configure user access to the portal. While Magentrix provides default System Roles, administrators must create and customize Security Roles specifically designed for their user base and business requirements.

Understanding Security Role Creation

Why Create Custom Security Roles?

Default System Roles (Administrator, Guest) are designed for system functions, not regular portal users. Custom Security Roles allow you to:

  • Define specific permissions for different user types and responsibilities
  • Implement your organization's access control policies
  • Create role-based access that aligns with business processes
  • Maintain security by providing only necessary permissions

Role Creation Strategy

Best Practice: Keep the number of Security Roles minimal to simplify administration. Before creating roles:

  • Identify distinct user groups with different access needs
  • Plan role permissions based on business functions, not individual preferences
  • Consider how roles will integrate with User Groups for content sharing
  • Design roles that can accommodate multiple similar users

Requirements

To create and manage Security Roles, you must have:

  • Administrator System Role permissions

Creating New Security Roles

Step-by-Step Role Creation

  1. Navigate to the Setup Home page
  2. Click Security > Security Roles
  3. Click New
  4. Select Role Type and click Next
  5. Configure role settings (see detailed options below)
  6. Click Save

Important: After creation, you must configure entity and field permissions. The role is created but non-functional until permissions are set.

Choosing the Right Role Type

Employee Role Type

  • Use for: Internal staff, administrators, content managers
  • User Compatibility: Can only be assigned to users with Employee licenses
  • Data Scope: Access to organizational data without account-based restrictions
  • Common Examples: Employee - Standard, Employee - Manager, Employee - Content Creator

Partner & Customer Role Type

  • Use for: External partners, customers, distributors, resellers
  • User Compatibility: Can only be assigned to users with Partner User, Customer User, or Partner Account-based licenses
  • Data Scope: Access limited to data associated with their Account and Contact records
  • Team Access Integration: These roles can be assigned by Team Managers
  • Common Examples: Partner - Basic, Customer - Standard, Partner - Team Manager

Guest Role Type

  • Use for: Public visitors and unauthenticated access
  • User Compatibility: Applied to non-logged-in visitors
  • Data Scope: Public domain access only
  • Security Warning: Any content accessible to Guest roles becomes publicly available

Role Configuration Options

Basic Information

  • Name: Use descriptive names that clearly indicate purpose and scope
    • Good examples: "Partner - Basic Access", "Customer - Premium Support"
    • Avoid: Generic names like "Role1" or overly specific names like "John's Role"

Advanced Features

  • Track Record Views: Enable to monitor the last 30 record views for users with this role

    • Use cases: Compliance tracking, user behavior analysis, audit requirements
    • Consideration: May impact system performance with large user bases

  • Social Collaboration: Grant access to Social Collaboration module features

    • Use cases: Community building, internal collaboration, knowledge sharing
    • Module Integration: Must be enabled for users to participate in social features

Documentation

  • Description: Document the role's purpose, intended users, and business rationale
    • Best Practice: Include role boundaries, key permissions, and any special considerations
    • Maintenance: Update descriptions when role permissions change

Cloning Security Roles

When to Use Role Cloning

Cloning is efficient when you need roles with similar permissions:

  • Creating role variations (Basic vs Advanced user access)
  • Establishing role hierarchies (Standard vs Premium customer access)
  • Copying complex permission sets to save configuration time
  • Creating region-specific or department-specific role variants

Step-by-Step Role Cloning

  1. Navigate to the Setup Home page
  2. Click Security > Security Roles
  3. Click the Security Role you want to clone
  4. Click Clone
  5. Modify the cloned role settings:
    • Update Name: Always change the name to reflect the new role's purpose
    • Adjust Settings: Modify Track Record Views, Social Collaboration, or Description as needed
  6. Click Save

Result: The cloned role inherits all entity and field permissions from the source role. You can then modify permissions as needed.

Post-Creation Configuration Requirements

Essential Permission Configuration

After creating or cloning a role, you must configure:

Entity Permissions

  • Set Read, Create, Edit, Delete permissions for each relevant entity
  • Align permissions with the role's business purpose and security requirements
  • See "Configuring Security Role Permissions" for detailed guidance

Field Security

  • Review and restrict access to sensitive fields within each entity
  • Apply field-level restrictions based on role requirements and data sensitivity
  • Critical for protecting personal information and confidential business data

Module-Specific Sharing Permissions

Many Magentrix modules require additional configuration beyond basic Security Role permissions:

Content Sharing Modules

  • Document Library: Configure folder access and sharing permissions
  • Articles: Set up article visibility and sharing rules
  • Events: Configure event visibility and participation permissions
  • Learning Management System (LMS): Establish training access and assignment rules

User Group Integration These sharing permissions often work in conjunction with User Groups to provide granular content access control within the permissions granted by Security Roles.

Integration with Access Control System

Security Role Relationships

Security Roles work within Magentrix's comprehensive access control framework:

User License Types: Determine data scope and role compatibility User Groups: Control content sharing within Security Role permissions Team Access Module: Enable role assignment by Team Managers (Partner & Customer roles only) Module Permissions: Each module respects Security Role permissions and may have additional sharing controls

Testing and Validation

After creating and configuring Security Roles:

Permission Testing

  • Create test users with the new role
  • Validate entity access, field visibility, and module functionality
  • Test data scope restrictions (especially for Partner & Customer roles)
  • Verify integration with User Groups and content sharing

Cross-Role Validation

  • Ensure different roles have appropriate access boundaries
  • Test that sensitive information is properly restricted
  • Validate that business processes work within role permissions

Best Practices for Role Management

Role Design Principles

  • Minimum Viable Roles: Create the fewest roles necessary to meet business requirements
  • Clear Boundaries: Ensure each role has a distinct purpose and user base
  • Future-Proof Design: Consider how roles will scale with organizational growth
  • Documentation: Maintain clear records of each role's purpose and permissions

Ongoing Role Management

  • Regular Reviews: Audit role permissions periodically for continued appropriateness
  • Permission Creep: Monitor and prevent gradual expansion of role permissions beyond intended scope
  • User Feedback: Gather feedback from role users about access limitations or unnecessary permissions
  • Compliance Alignment: Ensure roles continue to meet security and regulatory requirements

Tutorial video for creating security roles

 

<< Magentrix Security Roles Checklist | Configuring Security Roles Permissions >>


Privacy & Security StatementTerms & Conditions
Copyright © 2025 by Magentrix Corporation - All rights reserved.
Powered by Magentrix