On this page
A role is assigned to a user who has the responsibility to perform specific actions on the assigned resource(s). There are two types of roles in Teamwork Cloud: predefined and custom.
- A predefined role is a ready-to-use role that an authorized user can assign to other users. A predefined role is not editable and cannot be deleted.
- A custom role is a role created by an authorized user. An authorized user can also edit a custom role and change its permissions.
Predefined roles
Predefined roles are default roles that come with your Teamwork Cloud installation. You can select these ready-to-use roles and assign them to one or more users. Each predefined role comes with its own default permissions, which you can see on the Role detail pane. You cannot delete a predefined role, or change its permissions.
The following table describes all predefined roles in Teamwork Cloud:
Role | Description | Scope |
---|---|---|
Data Markings Manager | The user with this role can mark or unmark Users, User Groups, Resources, and Categories with predefined clearance and classification levels. | Global |
Index Manager | This role allows users to manage resource indexing configurations. To manage indexing configurations of all resources in the server, the role scope should be set to global. | Category or resource-specific |
Resource Contributor | This role allows users to modify the contents of resources (projects or documents). | Category, resource, or branch-specific |
Resource Creator | This role allows users to add new resources to the server, categorize them, create new categories or manage the existing ones. | Category-specific |
Resource Locks Administrator | This role allows users to release other users' locks in the selected resources. | Category or resource-specific |
Resource Manager | This role allows users to manage resources and grant permissions to other users to access resources. | Category, resource, or branch-specific |
Resource Reviewer | This role allows users to open and review resources (projects or documents). | Category or resource-specific |
Resource Synchronization Manager | Users with this role can set up and manage synchronization of remote Teamwork Cloud repository resources. | Category-specific |
Security Manager | This global role allows users to grant permissions to other users, specify the scope, and assign any role in any scope to other users. | Global |
Server Administrator | This global role allows users to configure server settings, LDAP integration, secure connection, and server licenses. | Global |
User Manager | This global role allows users to create, import, and manage users. | Global |
Role scopes
- A global role allows users to carry out tasks (depending on role permissions) across all resources, protected objects, and users in Teamwork Cloud. The scope of any category or resource-specific role can be set to global as well. In this case, role permissions for the assigned users will be applied to all resources in Teamwork Cloud.
- A category-specific role allows users to carry out tasks across all resources stored in a specific category. All new resources added to such a category automatically inherit role permissions. Any resource removed from such a category automatically loses role permissions.
- A resource-specific role allows users to carry out tasks only across assigned resources.
- A branch-specific role allows users to carry out tasks only across the specific branches of the assigned resources.
Custom roles
In Teamwork Cloud you can create a new role with a desired set of permissions. This type of role is called a custom role. You can delete a custom role or change its permissions. Even though the role name should be unique, it can have the same set of permissions as other roles.
- To create custom roles, you need to have the Manage Security Roles permission or the Security Manager role.
- You cannot give global scope permissions, such as Create Resource, Manage User Permissions, Mark Data, Configure Data Markings, etc., to a custom role.