On this page

A role is assigned to a user who has the responsibility to perform specific actions on the assigned resource(s). There are two types of roles in Teamwork Cloud: predefined and custom.

  • A predefined role is a ready-to-use role that an authorized user can assign to other users. A predefined role is not editable and cannot be deleted.
  • A custom role is a role created by an authorized user. An authorized user can also edit a custom role and change its permissions.

Predefined roles

Predefined roles are default roles that come with your Teamwork Cloud installation. You can select these ready-to-use roles and assign them to one or more users. Each predefined role comes with its own default permissions, which you can see on the Role detail pane. You cannot delete a predefined role, or change its permissions.

The following table describes all predefined roles in Teamwork Cloud:

Role
Description
Scope
Data Markings ManagerThe user with this role can mark or unmark Users, User Groups, Resources, and Categories with predefined clearance and classification levels.Global
Index ManagerThis role allows users to manage resource indexing configurations. To manage indexing configurations of all resources in the server, the role scope should be set to global.Category or resource-specific
Resource ContributorThis role allows users to modify the contents of resources (projects or documents).Category, resource, or branch-specific
Resource Creator

This role allows users to add new resources to the server, categorize them, create new categories or manage the existing ones. 

Category-specific
Resource Locks AdministratorThis role allows users to release other users' locks in the selected resources.Category or resource-specific
Resource ManagerThis role allows users to manage resources and grant permissions to other users to access resources. Category, resource, or branch-specific
Resource ReviewerThis role allows users to open and review resources (projects or documents). Category or resource-specific
Resource Synchronization ManagerUsers with this role can set up and manage synchronization of remote Teamwork Cloud repository resources.Category-specific
Security ManagerThis global role allows users to grant permissions to other users, specify the scope, and assign any role in any scope to other users.Global
Server AdministratorThis global role allows users to configure server settings, LDAP integration, secure connection, and server licenses.Global
User ManagerThis global role allows users to create, import, and manage users. Global

Role scopes

  • A global role allows users to carry out tasks (depending on role permissions) across all resources, protected objects, and users in Teamwork Cloud. The scope of any category or resource-specific role can be set to global as well. In this case, role permissions for the assigned users will be applied to all resources in Teamwork Cloud.
  • A category-specific role allows users to carry out tasks across all resources stored in a specific category. All new resources added to such a category automatically inherit role permissions. Any resource removed from such a category automatically loses role permissions.
  • A resource-specific role allows users to carry out tasks only across assigned resources.
  • A branch-specific role allows users to carry out tasks only across the specific branches of the assigned resources.


Custom roles

In Teamwork Cloud you can create a new role with a desired set of permissions. This type of role is called a custom role. You can delete a custom role or change its permissions. Even though the role name should be unique, it can have the same set of permissions as other roles.

  • To create custom roles, you need to have the Manage Security Roles permission or the Security Manager role.
  • You cannot give global scope permissions, such as Create Resource, Manage User Permissions, Mark Data, Configure Data Markings, etc., to a custom role.