Overview

Roles & Permissions is the foundation of Elementum’s security model. Best practice is to give permissions to things in Elementum via roles rather than individual user permissions. This role-based approach ensures consistent access control and simplifies permission management across your organization.

Role-Based Access Control

Control who can access and modify resources by assigning users to roles with specific permissions. Roles can be applied at organization and app levels for granular security.
Key Benefits:
  • Centralized Control: Manage permissions through roles instead of individual users
  • Scalable Security: Easily manage access for large teams and complex organizations
  • Consistent Access: Ensure uniform permissions across similar user types
  • Audit-Ready: Clear role assignments for compliance and security reviews

Permission Levels

1

Organization-Level Permissions

Permissions granted at the organization level provide access across all apps the user has access to. Org admins act as global overseers with broad system access.
2

App-Level Permissions

Permissions granted at the app, element, or task level provide access only to those specific resources and their related features.
Important: Organization-level permissions cascade down to all accessible apps. Use org-level roles carefully and primarily for administrative oversight.

Managed Roles

Elementum provides predefined managed roles with standard permission sets for common use cases.

Managed Roles Characteristics

  • Fixed Permissions: Permission sets cannot be modified
  • Membership Control: You can add/remove users and groups
  • Standard Templates: Cover common organizational roles

Common Managed Roles

App Admin

Full administrative access to all features and settings within the app. Managed role with predefined permissions.

Content Editor

Can create and manage content but cannot change app settings. Managed role with predefined permissions.

Content Viewer

Read-only access to content and basic features. Managed role with predefined permissions.

Custom Roles

Create custom roles with any permission set your organization requires. Custom roles provide complete flexibility for unique access control needs.

Custom Role Benefits

  • Full Control: Set any combination of permissions
  • Tailored Access: Create roles specific to your workflows
  • Flexible Membership: Assign users and groups as needed
  • Auto-Share Options: Automatically assign roles based on user actions

Creating Custom Roles

1

Define Role Details

  1. Click “Create Custom Role”
  2. Enter a descriptive Role Name
  3. Add a Description explaining the role’s purpose
2

Assign Users and Groups

  1. Select Users who should have this role
  2. Select Groups that should receive this role
  3. Configure Auto Share Options if desired
3

Configure Permissions

Set permissions for each resource type:
  • Records: Create, Read, Update, Delete, Comment
  • Automations: View, Create, Modify, Execute
  • Agents: Access, Configure, Monitor
  • AI Providers: Use, Configure, Manage
  • Analytics: View, Create, Export
  • Apps: View, Configure, Manage
  • And more…

Permission Types

Core Permissions

Available Permissions:
  • Create Records: Allow creating new records
  • Read Records: Allow viewing records (respects Data Access policies)
  • Update Records: Allow editing existing records
  • Delete Records: Allow removing records
  • Comment on Records: Allow adding comments to records

Auto Share Options

Managing Roles

Role Administration

1

View All Roles

Navigate to SecurityRoles & Permissions to see all managed and custom roles
2

Manage Membership

Click “Manage Role” on any role to add/remove users and groups
3

Edit Custom Roles

Modify permissions and settings for custom roles as business needs change
4

Delete Unused Roles

Remove custom roles that are no longer needed (managed roles cannot be deleted)

Role Membership

Individual Users

Assign specific users to roles for targeted access control

User Groups

Assign entire groups to roles for efficient bulk permission management

Mixed Assignment

Combine individual users and groups within the same role as needed

Multiple Roles

Users can be assigned to multiple roles - permissions are additive

Best Practices

Role Design Strategy

Best Practice: Always use roles to grant permissions rather than individual user assignments. This ensures consistency and simplifies management.
1

Plan Role Hierarchy

Design roles that match your organizational structure and workflow responsibilities
2

Use Descriptive Names

Create clear, descriptive role names that indicate purpose and scope
3

Start with Managed Roles

Use managed roles when they fit your needs before creating custom alternatives
4

Regular Role Audits

Periodically review role assignments and permissions to ensure they remain appropriate

Organization vs App-Level Roles

Use When:
  • Users need consistent access across multiple apps
  • Administrative oversight is required
  • Global policies need to be enforced
Examples:
  • IT Administrators
  • Compliance Officers
  • Executive Leadership

Security Considerations

Permission Management

Principle of Least Privilege

Grant only the minimum permissions necessary for users to perform their job functions

Regular Reviews

Conduct periodic reviews of role assignments and permissions

Separation of Duties

Ensure critical functions require multiple roles or approvals

Audit Trails

All role changes are logged in the Activity Log for security monitoring

Common Security Patterns

Remember: Roles & Permissions is the foundation of Elementum security. Design your role structure thoughtfully to support both current needs and future growth while maintaining security best practices.