Skip to main content

1.6. User Roles

The platform uses a role-based access model, meaning that to perform certain actions, a user must be assigned an appropriate role. Each user can have one or multiple roles.

1.6.1. Types of Roles

The table below describes the system roles. If none of these meet your needs, you can create a new role.

RoleDescriptionRole Permissions
AdminAdministrator (built-in role)Highest access level providing full access to all platform elements.
DeveloperDeveloperAccess to all shortcuts within the Studio desktop.
MonitorMonitoring (built-in role)Ability to work with configured elements such as:
  • documents
  • shortcuts
  • search templates
SupervisorSecurity Administrator
  • Create users
  • Create roles
SysOpsSupport EngineerAccess to shortcuts in the Maintenance Tools group under the Administration desktop.
DataManagerData ManagerPermission to edit directory content:
  • general directories
  • classifiers
  • custom directories (via shortcut)
OrganizationManagerOrganization Structure Manager
  • Edit organizational structure
  • Access all shortcuts under the Org. Structure desktop
LocalOrgManagerLocal Organization Manager
  • Edit the organizational structure of their own organization
  • Access two shortcuts under the Org. Structure desktop: Org. Structure and Additional
bpmAdminBPM Process AdministratorAccess to all BPM processes and tasks in the platform.
dfx_massexporterMass Export ExecutorPerform mass document export. Available only if the additional package is installed.
dfx_supervisorDocument SupervisorView all documents in the system.
Archivist
available when the additional package dfx-archive is installed
Archivist roleProvides full access to archive entities and the ability to move documents to the archive.

Built-in System Roles

Each user is automatically assigned one of these roles by the server.

These roles cannot be manually assigned.

RoleDescriptionRole Permissions
UserAuthorized UserCan work with configured documents, shortcuts, and search templates. Assigned to all authenticated users.
AnonymousUnauthorized UserAssigned to all unauthenticated users.
EveryoneAny UserAssigned to all users in the Anonymous and User roles.
Note:

We recommend assigning at least two users the Admin role. This ensures that administrative access is preserved if the primary administrator account becomes unavailable due to a potential security incident.

1.6.2. Create a Role

In addition to system roles, an administrator can create new roles. When configuring document types, you can grant access not to specific users but to roles.

To create a new role, follow these steps:

  1. In the navigation panel, select the Studio desktop 1.

  2. Select the Developer Tools shortcut group 2, then choose the System Roles shortcut 3.

  3. In the toolbar, select Create 4.

    Screenshot
  4. Fill in the required fields 1 using the table below, then in the toolbar select Save 2.

    Screenshot
Field NameDescription
Role*Name of the role.
Description*Description of the role. Specify the purpose for which this role is created.

ℹ️ Note: You can set alternative descriptions for different languages. To do this, select the icon and fill in the fields for other languages.
Session Timeout*Session duration for users in this role (in minutes). Defines the period after which the session will expire if the platform remains open but inactive.
Note:

Fields marked with an asterisk (*) are required.

1.6.3. View Roles Assigned to Users

  1. In the navigation panel, select the Administration desktop 1.

  2. Select the Users and Groups shortcut group 2, and then choose the User Role Membership shortcut 3.

    Screenshot

1.6.4. Assign a Role to a User

  1. In the navigation panel, select the Administration desktop 1.

  2. Select the Users and Groups shortcut group 2, and then choose the User Role Membership shortcut 3.

  3. In the toolbar, select Create 4.

    Screenshot
  4. Fill in all required fields marked with an asterisk (*) 1, then in the toolbar select Save 2.

    Screenshot