Create a Custom Role
Define custom permission sets for specific job functions.
When to Create Custom Roles
Create a custom role when:
- Default roles don’t match your needs
- You need specific permission combinations
- Different team members need different access
- You want to limit access to certain features
Examples of Custom Roles
| Role Name | Use Case | Key Permissions |
|---|---|---|
| Billing Staff | Handle payments only | subscription:read, subscription:update |
| Network Tech | Manage servers only | server:all, olt:all |
| Client Support | Help customers | client:read, client:update, subscription:read |
| Auditor | Review activities | all read permissions, audit:read |
Step-by-Step Guide
1. Navigate to Roles
Go to Users > Roles in the sidebar.
2. Click Add Role
Click the Add Role button.
3. Fill in Role Details
Basic Information
| Field | Description | Example |
|---|---|---|
| Name | Short, descriptive name | ”Billing Staff” |
| Description | What this role is for | ”Handle subscription payments and renewals” |
4. Select Permissions
Choose which permissions to include:
Method 1: Individual Selection
Check each permission individually:
- ☑
client:read - ☐
client:create - ☑
subscription:read - ☑
subscription:update
Method 2: Resource Groups
Select all permissions for a resource:
- ☑ Client: All
- ☐ Package: All
Method 3: Action Groups
Select the same action across resources:
- ☑ All read permissions
- ☐ All create permissions
5. Review Selection
Before saving, verify:
- All needed permissions are included
- No unnecessary permissions are selected
- The combination makes sense for the role
6. Save the Role
Click Save to create the role.
Permission Guidelines
For Read-Only Roles
Include only read permissions:
client:read
subscription:read
package:read
server:readFor Operational Roles
Include read, create, update:
client:read, client:create, client:update
subscription:read, subscription:create, subscription:updateFor Management Roles
Include all except system settings:
client:all
subscription:all
package:all
server:allFor Admin-Like Roles
Be cautious with:
user:*- User managementrole:*- Role managementsettings:*- System settings
Testing Your Role
After creating a role:
- Create a test user with the new role
- Log in as that user
- Verify they can:
- Access expected pages
- Perform expected actions
- NOT access restricted areas
- Adjust permissions if needed
Editing a Custom Role
To modify a custom role:
- Find the role in the list
- Click Edit
- Add or remove permissions
- Save changes
Changes affect all users with this role immediately.
Deleting a Custom Role
To remove a custom role:
- Reassign users to a different role first
- Click Delete on the role
- Confirm deletion
You cannot delete a role that has users assigned.
Role Naming Conventions
Good names:
- “Billing Clerk”
- “Network Administrator”
- “Customer Support L1”
- “Regional Manager”
Avoid:
- “Role 1”
- “New Role”
- “Test”
- Names that duplicate default roles
Common Mistakes
Too Many Permissions
Don’t give permissions “just in case.” Only include what’s actually needed.
Missing Read Permissions
If a user can update but not read, they can’t see what to update. Always include read when giving update.
Forgetting Related Permissions
Some tasks require multiple permissions:
- Creating subscriptions needs
subscription:createANDclient:readANDpackage:read
Overlapping Roles
Don’t create multiple roles with nearly identical permissions. Consolidate or clearly differentiate.
Troubleshooting
Can’t assign role to user
Check:
- Role was saved successfully
- Role is not marked as inactive
- You have permission to modify users
Users with role can’t access expected features
Review the role’s permissions:
- Is the required permission included?
- Are dependent permissions (like
read) included?
Can’t delete role
Remove all users from the role first. Go to Users, filter by role, and reassign each user.