Custom roles let Enterprise admins define account-level roles that reflect a team member’s responsibilities. Each role starts from an existing user type and can be customized with specific permissions that support effective account governance.
Locate the custom roles
The custom roles feature is part of the larger account permissions. To find custom roles, click your profile picture in the upper right corner of the screen and select Administration. From there, open the Permissions tab.
Create a custom role
In the Permissions section, click New role at the top right of the screen. Enter a name for the role and select a base user type to inherit permissions from. You can choose any type except account admin. Once ready, click Create to finalize. For example, if you base the role on a guest, the new role will inherit all default guest permissions, such as access only to shareable boards.
Set permissions for a custom role
After the role is created, make sure it is selected under Custom account roles. On the right-hand side, you can check or uncheck the permissions you want to include. The changes take effect immediately, and the role is then available to assign to team members.
Assign the role
To assign a custom role, head to the Directory section and select Users. Locate the team member you want to update, open the dropdown under the User role column, and select the custom role:
Manage custom roles
If you want to rename or delete a role, hover over it and click the three-dot menu on the right. From there, you can select Rename to update the name or Delete to remove it completely:
Examples of custom roles
One common example is creating a sub-admin role. This type of role gives someone the ability to perform certain admin actions, such as managing account users, security, or billing, without granting full admin access. For instance, you can create a “Billing Admin” role based on the Member type and enable only the Access the Billing section permission under Admin Privileges. This gives finance team members control over billing while keeping other admin privileges restricted.
Another example is restricting who can create automations or integrations. You can base a custom role on Member and remove the ability to create automations or integrations. In the User management section, filter by team and then assign this custom role in bulk to the relevant people:
You can also control workspace creation. The standard Member role can have the Create workspaces permission turned off, while a second custom role called “Member (with Workspaces)” allows that capability. This way, only selected people can add new workspaces.
SCIM provisioning with custom roles
System for Cross-domain Identity Management (a.k.a. SCIM) is a protocol for user management across multiple applications. It allows an IT or Operations team to easily provision (add), de-provision (deactivate), and update user data across multiple applications at once.
If you have any questions, please reach out to our team right here. We’re available 24/7 and happy to help.