Create Custom Security Role

Summary

In addition to the default Security Roles in Property Tree, you can also create custom Security Roles to only allow specific permissions for users, such as areas they can access and tasks they can perform. This article will cover an overview of how to create custom Security Roles.

Covered in this article: 

• How to Create Custom Security Roles
• Recommendations and Best Practice for User Security Management
• Important Information to Note

How to Create Custom Security Roles

Up to 20 custom Security Roles can be created in Property Tree and can be added in the Security Roles Tab, under User Management.  You must be an Administrator User to be able to view the Security Roles Tab.  

To create a new custom Security Role, go to:

• Configurations > User Management > Security Roles Tab
• Next click the + button 

Note: Custom Security Roles can also be cloned from default roles to mimic the permissions of the existing role. This is helpful when creating a custom role that is similar to a default role, allowing you to make minimal changes. 

• Enter the Name and Description for this Security Role

• Select the Actions Menu options that will be accessible for this Security Role; this is for the toolbar menu on the left side of Property Tree. If you choose to not select certain options from the Actions Menu, users assigned to this Security Role will not be able to view that menu icon  
• Next select the required permissions for this Security Role. Permissions can be selected in bulk by clicking on the checkbox next to the category heading. Alternatively, to select individual options, expand the category and select each permission as necessary 

Note: There are 38 default permissions that come automatically assigned when creating a new Security Role. These permissions cannot be deselected. 

• Click OK to save 

The new Security Role will be visible in the Security Roles Tab, along with the Users and Permissions Assigned. It will also be available to select for new and existing users in the Users Tab. Also see article User Management Overview for details on the Security Role Comparison Chart.

Some of the permission names in the charts have been updated as per the below: 

Recommendations and Best Practice for User Security Management

• The Security Access tab will only be visible and can be accessed by users having Administrator security roles.
• Billing contact & sensitive Alerts can only be assigned to a Administrator or a super user role. It cannot be assigned to any other standard or custom role.
• For users who need access to Trust & Reports, Accounts; it is recommended to leave them assigned to the standard roles of Administrator, Super user, or standard user.
• A maximum of 20 custom security roles can be created.
• Always clone a custom role from one of the four standard security roles. This ensures that any additions/updates that are made to the permissions of these standard roles will apply to the new role.  Cloning a new role using a custom role can  cause variations in user experience
• A custom role can be deleted only if no users (active or revoked) are assigned to that role. 
• Administrators can configure permissions at an individual level or at a security group level. For a more consistent experience configure permissions at the group level instead of the individual permission level.
• It is best recommended not to assign 'Delete company history' to custom roles
• Administrators will be able to restrict user access to certain menu functions located on the side navigation menu by selecting/de-selecting permissions from the ‘Actions Menu’ security group.  The 4 menu options that can be configured are:
  • Accounting
  • Configuration 
  • Sales
  • Trust & Reports
• When creating custom security roles, the User Security Comparison Chart article can be used to confirm permissions and their relevant comments

Important Information to Note

• To completely remove access to certain modules (like Trust & Reports, Sales, Accounting, or Configurations); disable the relevant permission from the ‘Actions Menu’ as well as the security groups. The navigation menu functions will be hidden if the permission is disabled for a security role. 
• There are 38 default permissions that will always be assigned to any new custom role. These cannot be removed or unselected
• The document management system has multiple permissions which will change based on the profile/entity that the user is in

Still need assistance? 

Click on the Need Help icon to the right hand side of your Property Tree screen and select Need Further Support to contact our Support Team.