User Roles and Permissions
User roles are the primary means to control what users are allowed to do on a site, which tabs and links they see, which reports they can run, etc.
Each user is assigned a User Role in their user profile.
We are often asked what are typical user roles and the permissions for each. Our suggestions.
In this Article:
- Adding and Editing User Roles
- Parent and Child User Roles (Permission Inheritance) (Separate Article)
- Controlling Search Menu Links by Role
- Controlling Processes, Profiles, and Reports by Role
- Settings on Each User Role Page
- Permissions List (Separate Article)
Adding and Editing User Roles
The user roles available on a site are a lookup list maintained on the Admin > Lookups page.
The permissions assigned to each role are managed on the Admin > User Roles (Permissions) page.
You can create as many user roles as desired. However each role adds to the options in various places, so we recommend keeping the list of roles to only those actually needed.
NB: If your site uses timekeeping, you likely will need to edit the Funding Code block on each timeslip form if users with the new role need to edit the funding code on timeslips. Or the Contract Term Allocations block if your site uses Electronic Verification of Time or Advanced Grants Management.
NB2: If you add a new role, it will not have many Search menu links. See the "Controlling Search Menu Links by Role" section below. You will need to select the new role for each of the Search links these users should see.
NB3: If you add a new role, it may not have permission to view some section fronts, like Clinics and Organizations. The warning message will mention "search settings". To give these users access to those pages, adjust the settings on the Search tab of the Admin > Top Level Navigation Bar/Search page. For access to the Clinics section front the selector is "Roles allowed to view 'Clinic Appointments' search", for Organizations it is "Roles allowed to view 'Other Organizations' search", etc.
Parent and Child User Roles (Permission Inheritance)
See User Role Inheritance (Parent and Child Roles).
Controlling Search Menu Links by Role
The Search tab on the Admin > Top Level Navigation Bar/Search page has several options for turning off various Search menu links entirely, or by role.
Controlling Processes, Profiles, and Reports by Role
In addition to the permissions that can be assigned to a role, most processes and profiles have a Permissions section, where each user role can be given or denied permission to use a process or display a profile.
For example, if a site has an auxiliary process that allows editing the legal problem code on closed cases, permission to use that process (to see the link on a closed case) can be limited to the Administrator role. Permissions on individual processes and profiles are maintained on the Admin > Processes, Forms, and Profiles page.
Each report has a "Roles Allowed to View this Report" section, with a checkbox for each user role.
Settings on each User Role Page
Click on a role name on the Admin > User Roles (Permissions) page to see the settings for that role.
These pages include several elements:
- Internal Permissions
- External Permissions
- Viewable Navigation Tabs (internal)
- Viewable Navigation Tabs (external)
- Viewable User Stripe Items
The external permissions and navigation tabs sections only apply if a site is configured to control access based on the IP address a user is connecting from. See Restricting Access to LegalServer by IP Address for more information. For sites that do not use this feature, only the internal settings apply.