Skip to main content

System Roles

A system role is a named bundle of permissions that decides which application screens and actions a user can reach. The Role Management screen is where administrators create those roles, choose exactly what each one can do using a permission matrix, and see how many people hold each role.

Role Management page overview

How to open this screen

From the left navigation, open Administration → System Roles. The application route is /configuration/role-management.

  • Access required: You need the ROLES.VIEW permission. If you don't have it, the page won't appear in your menu.

What you see on this screen

Page header and summary

The header has a New Role button, plus summary counters that show:

  • Active roles — roles that can currently be assigned and used.
  • Inactive roles — roles that have been switched off.
  • Permissions in use — how many distinct permissions are granted across all your roles, out of the total available in the system.

Toolbar

  • A search box filters roles by name.
  • A status filter (All / Active / Inactive) narrows the list.
  • A Clear action resets the filters.

Roles table

Each row shows the role's name, whether it's active, and the number of users who currently hold it. Selecting rows enables bulk actions.

Viewing a role's permissions

Open a role's View action to see a read-only summary of everything it grants. The dialog groups the granted permissions by screen (for example Documents, Users, Reports) and lists the specific actions allowed under each. It also lists the users currently assigned to the role. Use the show all option if the permission list is long.

Role view dialog showing the permission summary

Creating a role

  1. Click New Role in the top-right.
  2. A side drawer opens. Enter:
    • Role name (required).
    • Description (optional) — explain who the role is for.
  3. Use the permission matrix to choose what the role can do (see below).
  4. Click Save.

A confirmation message appears and the role joins the list.

The permission matrix

The matrix is the heart of role design. It lists every screen in the application, and under each screen a set of actions — such as View, List, Create, Update, Delete, Download, Comment, Review, Publish, Share, Lock, Export, Move, Restore, Sign, Start Workflow, Upload Version, and View Audit Log. Each action is represented by a checkbox with a matching icon.

  • Tick an action to grant it; untick to remove it.
  • Use a screen's select-all control to grant or clear every action for that screen at once.
  • The matrix search box filters the screens so you can jump to the area you care about.

Role drawer with the permission matrix

The permissions you grant here are exactly what control whether users with this role can open the matching screens and perform those actions elsewhere in DocLock.

Editing a role

  1. Open a role's Edit action.
  2. The drawer opens pre-filled with the role's name, description, and current permission selections.
  3. Adjust the name, description, or any matrix checkboxes.
  4. Click Save.

Note: A role must be active to be edited. If you try to edit an inactive role, you'll be prompted to activate it first.

Activating, deactivating, cloning, and deleting

  • Activate / Deactivate — switch a role on or off. A deactivated role can't be edited or assigned until it's reactivated.
  • Clone — duplicate an existing role as a starting point for a new one, then adjust its permissions. This saves time when two roles are similar.
  • Delete — remove a role permanently. You'll be asked to confirm. Roles can also be deleted in bulk by selecting several rows.

System roles vs. workspace roles

The roles on this page are system roles — they govern access to application modules and screens. They are different from workspace roles, which govern what members can do with documents inside an individual workspace. Design workspace-level access on the Workspace Roles page.

Tips

  • Build roles around job functions (for example Records Clerk, Compliance Reviewer) rather than individuals.
  • Use Clone to create a variation of an existing role instead of rebuilding the matrix from scratch.
  • Before deleting a role, check the user count so you don't strip access from people who still rely on it.

Troubleshooting

ProblemWhat to check
The page or menu item isn't visibleYou may not have the ROLES.VIEW permission.
Edit shows a warning instead of openingThe role is inactive — activate it first, then edit.
Users still can't reach a screen after I granted itConfirm they actually hold this role (check the View dialog's user list), and have them sign out and back in.
I can't find a screen in the matrixUse the matrix search box to filter by screen name.
Deleting a role is blocked or riskyReassign its users to another role first; check the user count before deleting.