On this page

A role is assigned to a user who has the responsibility to perform specific actions on the assigned resource(s). There are two types of roles in the TWCloud system: Predefined and resource-specific roles.

  • A pre-existing role is a predefined and ready-to-use role that an authorized user can assign to other users. A pre-existing role is not editable and cannot be deleted.
  • A custom role is a role that allows an authorized user to create, attach permissions to it, and assign to other users. 

Predefined roles

Predefined roles are default roles that have been created in the TWCloud system. You can select these ready-to-use roles and assign them to one or more users. Each predefined role comes with its own default permissions, which you can see on the Role detail pane. Unlike an editable custom role, you cannot delete a predefined role, or add or delete its permission(s).

The following table provides the description of the predefined roles in the TWCloud system.

Role
Description
Type
Resource ContributorThis resource-specific role can modify the contents of resources (projects or documents).Global or Custom
Resource Creator

This global role can add resources to the server, categorize them, create new categories or manage existing ones. 

Global
Resource Locks AdministratorThis resource-specific role can release other users' locks in a selected resource.Global or Custom
Resource ManagerThis resource-specific role can manage resources and grant permissions to other users to access resources. Global or Custom
Resource ReviewerThis resource-specific role can open and review resources (projects or documents). Global or Custom
Security ManagerThis global role can grant permissions to other users and specify the scope, and assign any role in any scope to other users.Global
Server AdministratorThis global role can configure server settings, LDAP integration, secure connection, and server licenses.Global
User ManagerThis global role can create, import, and manage users. Global
  • Users with a global role such as User Manager do not need a resource assignment to carry out the role's tasks.
  • Global role means that the scope of permissions is global. Therefore, when the scope of the role is Global, selecting individual resources is not required.
  • Custom role allows you to select what resources you want to assign to the user.
  • A user with the Security Manager role whose permission is Manage User Permissions can assign any role in any scope to other users. A user whose permission is Manage Owned Resource Access Right can assign resource roles to the authorized resources scope only.

Predefined roles are created for various administrative tasks. Only Resource Manager and Resource Reviewer roles allow users to work on the document resources. The other roles can assign the document scope to users, but the functions have not been provided in this release yet.


Resource-specific roles

You can create a new role and add it to the TWCloud system. This type of role is called a custom role. You can edit or delete a custom role. You can assign permission to a resource-specific role in the custom scope only. The global scope permissions, such as Create Resource, Manage User Permissions, etc., are not allowed for custom roles.

Users whose permission is Manage Security Roles can create a custom role and assign permissions to the role through the Roles Management page of TWCloud Admin. You can add or delete more permissions to a custom role. A custom role is a resource-specific role.

A role name is unique but it may have the same permissions as those of the other roles. When creating a custom role, you can assign it to one or more users at the same time and assign a project/document for the role to work on.