Skip to main content

Roles and Permissions

The Roles and Permissions feature allows administrators to define custom roles with granular permission control and assign them to users. This enables fine-grained access control across the Consentrix platform.

Prerequisites

Before you begin, ensure you have:

Required Permissions

Permission CodeAccess
roles_permissions:viewView roles and permissions
roles_permissions:createCreate new roles
roles_permissions:editEdit roles and permissions
roles_permissions:deleteDelete roles

Key Features

FeatureDescription
Create RoleDefine a new role with name, description, and permissions
View RoleView role details with permissions and assigned users
Edit RoleModify role name, description, and permissions
Delete RoleRemove a role (automatically removes from all users)
Link UsersAssign a role to specific users
Unlink UsersRemove a role from specific users

Permission Actions

Permissions in Consentrix are organized by actions that can be performed on resources:

ActionDescription
VIEWView resources
CREATECreate new resources
EDITModify existing resources
DELETERemove resources
REVIEWReview resources
APPROVEApprove resources
WITHDRAWWithdraw resources
EXPORTExport resources
  1. Log in to the Consentrix platform.
  2. Go to Administration > Roles and Permissions.

You will see a list of all existing roles with their names, descriptions, and last updated timestamps.

Roles and Permissions List

Create a New Role

Creating a role involves defining its name, description, and the permissions it grants.

Steps

  1. On the Roles and Permissions page, click Create Role.
  2. On the Create Role and Permission page:
    • Role Name: Enter a unique name for the role (e.g., "Customer Service", "Content Editor", "Read Only").
    • Description: Enter a description explaining the role's purpose (optional but recommended).
    • Permissions: Check the permissions you want to assign to this role.
  3. Click Submit.
  4. In the confirmation dialog, click Confirm.
  5. You will be redirected to the Role Detail page.

Create Role Page

Selecting Permissions

The permissions are organized in a table by resource categories:

  • Select All Category: Check the header checkbox to select all permissions in that category.
  • Individual Permissions: Check specific permissions as needed.
  • Permission Dependencies: Some permissions have dependencies. Selecting one permission may automatically select other required permissions.

Tip: Start with a minimal set of permissions and add more as needed. This follows the principle of least privilege.

View Role Details

The Role Detail page provides a comprehensive view of a role with two tabs:

Permissions Tab

Shows a read-only list of all permissions assigned to this role, organized by resource categories.

Role Detail - Permissions Tab

Users Tab

Shows all users who have this role assigned. This tab also allows you to link or unlink users:

Role Detail - Users Tab

FeatureDescription
Link UserAssign this role to a user
Unlink UserRemove this role from a user

User Linking Protections

The system includes safety protections when managing user roles:

  • Cannot unlink the last role from a user (every user must have at least one role).
  • Cannot modify IAM users (users authenticated via Identity & Access Management).
  • Cannot remove your own role (prevent self-lockout).

Edit a Role

You can modify a role's name, description, and permissions at any time.

Steps

  1. From the Roles and Permissions list, click View on the role you want to edit.
  2. On the Role Detail page, click Edit Role.
  3. On the Edit Role page:
    • Modify the Role Name as needed.
    • Modify the Description as needed.
    • Check/uncheck Permissions to update the role's access.
  4. Click Save.
  5. Confirm the changes.

Edit Role Page

Note: Permission changes take effect immediately for all users with this role.

Delete a Role

Deleting a role removes it from the system and automatically removes it from all users who had it assigned.

Steps

  1. From the Role Detail page, click Delete Role.
  2. A confirmation dialog will appear warning that the role will be removed from all users.
  3. Click Confirm to delete the role.

Delete Role Dialog

Warning: This action cannot be undone. Ensure no critical users depend on this role before deletion.

Search for Roles

You can filter the role list by name:

  1. In the search bar at the top of the Roles and Permissions page, enter part or all of a role name.
  2. The table will filter to show matching roles.
  3. Clear the search to view all roles.

Best Practices

Role Naming Conventions

Use clear, descriptive names that indicate the role's purpose:

Good ExamplesAvoid
Customer Service AgentRole 1
Content EditorEditor
Finance AdminAdmin

Permission Assignment

  1. Principle of Least Privilege: Grant only the permissions necessary for the role's tasks.
  2. Group by Function: Create roles based on job functions (e.g., "Marketing Manager", "Support Agent").
  3. Document Roles: Use the description field to document the intended use of each role.
  4. Regular Reviews: Periodically review roles and remove unnecessary permissions.

User Management

  1. Assign Roles Carefully: Ensure users have appropriate roles for their responsibilities.
  2. Monitor Access: Use the Users tab to review who has access to sensitive roles.
  3. Remove Deprecated Roles: Delete roles that are no longer needed to reduce complexity.

Troubleshooting

"Create Role" button is not visible

  • Your user account does not have the roles_permissions:create permission. Contact your administrator.
  • The user may have only one role assigned (cannot remove the last role).
  • The user may be an IAM user (cannot modify IAM user roles).
  • You may be trying to remove your own role (self-protection).

Permission dependencies auto-select other permissions

  • This is expected behavior. Some permissions require other permissions to function correctly. The system automatically selects dependent permissions.