We're excited to announce a new game-changing capability within account permissions! Introducing...custom roles! 🎉
With custom roles, Enterprise admins can create unique, account-level roles according to a team member's job title, department, or any other suitable definition, and to then assign specific permissions for that role. This feature was built with the goal of simplifying effective governance of an account, while giving the proper amount of freedom to employees within their domain.
How to locate it
The custom roles feature is part of the larger account permissions. Therefore, to access it, start by clicking on your profile picture in the upper right corner, selecting "Administration", and then click into the "Permissions" section, as shown below.
Create a new role
Custom roles are created based off of existing roles (also known as user types) on the account, and they can then be customized and assigned to any user.
To start creating a new role, click on the "New role" button at the top of the screen, as shown below.
Next, enter a name for your custom role and select an existing role which it will inherit permissions from. As an example, if you select the existing role of "Guest", your new custom role will inherit the default permissions that a guest has such as the ability to only access boards that are shared with them (amongst other Guest permissions as well).
Once complete, click on "Create" to finalize the creation of your new role!
Define its permissions
Now that you've created a new role on your account, it's time to define and customize the permissions that it entails! To do so, make sure your new role is selected and highlighted in blue under "Account roles" and then select specific permissions on the right side to apply them to that role, or de-select them to remove that capability from the role.
And, voila! You now have a brand new, unique user role on your account which you can assign to any team members. Continue reading to learn how this can be done. ⬇️
Assign the role
To assign a custom role to team members on your account, start by entering the user management section. After locating the team member(s) who you'd like to assign with this role, click on the drop-down arrow under the "User Type" column and select the custom role.
Edit or delete a custom role
Looking to rename or remove a custom role that you've created? This can easily be done by hovering or selecting the custom role and then clicking on the three-dot menu on the right of it. From the resulting menu, you can click on "Rename" to change the name of the role, or on "Delete" to fully remove it!
While there are endless uses for the custom roles feature, check out a few common use-cases that can be really valuable to try out!
- Create a sub-admin role
If you're looking to create an account role which will be able to perform specific admin actions (such as managing account users, security, or billing) without providing them full admin access, then creating a "sub-admin" role can be the solution for you!
Here, we'll create a "Billing Admin" role which is based on the "Member" role, and then we'll select the "Access the Billing section" permission under "Admin Privileges". This will allow any Billing Admin to have full control of the account billing, without granting them other admin capabilities such as managing account security, for example.
- Enable only specific members of a team to create automations
For this first use case, we're looking to allow only specific members of a team to create automations, and to prevent others from having this ability.
To do this, we first created a new custom role which is similar to the "Member" role except that it does not allow automations to be created. Then, after filtering the user management page to only display members from our Marketing team, we can select this role to prevent specific team members from being able to create automations.
- Enable only specific team members to create new workspaces
For this use case, we want to prevent the creation of unnecessary workspaces on the account. For this, we first removed the ability to "Create workspaces" from the standard Member role, and then we created a new custom role titled "Member (with Workspaces)" which will allow users to have the ability to create new workspaces.
Now that this custom role is created, any user who is assigned to the normal "Member" role will not be able to create workspaces, while anyone assigned to "Member (with Workspaces)" will be able to. 🙌
- Enable only specific team members to set up integrations
Last, but certainly not least, we are looking for a way to restrict the ability to create certain integrations from specific users on our account. To do this, we created a new custom role which inherits permissions form the Member role, and then un-checked the box next to "Create integrations".
This custom role will now act like a full Member role with the exception of the ability to create new integrations, and it can then be assigned through the user management section with ease!
SCIM provisioning with custom roles
System for Cross-domain Identity Management (a.k.a. SCIM) is a protocol for user management across multiple applications. It allows an IT or Operations team to easily provision (add), de-provision (deactivate), and update user data across multiple applications at once.
For more information about SCIM setup options and how to set up SCIM provisioning to support custom roles please visit the dedicated support article.
If you have any questions, please reach out to our team right here. We’re available 24/7 and happy to help.