Online Help | Desktop App

Creating security roles

Updated in 2025

To create a security role:

  1. Under Users & Security > Accounts and Roles > Roles, click New. The New Security Role form appears.

  2. On the General tab, enter a name for the role (required) and any description (optional). If you plan to assign this role to all new Technician Accounts by default, select the This role will be assigned by default to all newly created Technician accounts check box.

    3. TIP: You can mark multiple roles as default. When you create a Technician Account, all the default roles will be automatically assigned to it.

  3. Click the Permissions tab and specify the access permissions that the role grants to its members as follows:

    • To grant the role's members full permissions on a particular object, select the check box next to the object's name.

    • To allow specific actions on an object, double-click the object's name and select the actions the role’s members will be allowed to perform.

      • TIP: You can expand all nodes on the list of permissions by choosing Expand All from the pop-up menu. To collapse the expanded nodes, choose Collapse All.

  4. Optional: To add members to this role on the fly, click the Members tab, click Add, select the Technician accounts in the Select Accounts window, and click OK.

    NOTE: If these accounts are currently in use, your changes will be applied the next time the users log in.

  5. You can restrict access to specific workspaces, organizations, or both.

    A role with a restricted access scope applies (grants permissions to) only to the objects that have the Workspace or Organization attribute, and their values match the workspaces and organizations for which the role allows access to.

    INFO: For additional information, see Administration Guide: Controlling the Access Scope.

    1. Click the Access Scope tab.

    2. Click Workspaces and clear the check boxes of the workspaces you want excluded from the access scope. By default, all workspaces are included.

      NOTE: You manage the list of available workspaces in the General > Workspaces section. For details, see Managing workspaces.

      IMPORTANT: Workspace-related restrictions apply only to objects that have the Workspace attribute. The most of Alloy Navigator objects ave this attribute. However, some of them, including Stock Rooms, PO Items, and Discovered Installations, do not have the Workspace field, so any workspace restrictions will not affect user access to these entities.

    3. Click Restrict access to organizations and add the organizations to include in the access scope:

      • To allow role members access to their own organizations (i.e., the organization which the current user belongs to) and objects within them, select the Allow access to objects within Current User’s Organization check box.

      • To allow role members access to certain organizations and objects within them, click Add, select the organizations, and click OK. To include sub-organizations, select them explicitly, even if the parent organization is already selected.

      NOTE: Organization-related restrictions apply only to organization-related objects (objects that have the Organization field).

  6. Click OK.

Related Information:

Understanding security roles

Marking security roles as default

Managing Alloy Navigator accounts

Managing technician role membership

Managing user sessions

Managing workspaces