This feature is part of the Security and Permissions page.
Custom User Roles are flexible User Roles that streamline managing User permissions. Ensure that Users have the appropriate access by building Custom User Roles with specific permission sets that meet the needs of your organization.
Users can be assigned to one or more User Roles. This allows for maintaining consistency in User permissions for Users who wear multiple hats. Further fine-tuning at the User level can be used to add or remove permissions for individual Users who may need small adjustments to the Permissions granted by assigned User Roles. Please see the 'User Permissions: Permission Reference' article for more information on specific Permissions.
This article covers:
- R365 User Roles and Custom User Roles
- Permission Tree
- Creating a New User Role
- Customizing a User Role
- User Permissions at the User Level
- Changing Over to the New User Role System
R365 User Roles and Custom User Roles
There are two types of User Roles; default R365 User Roles and Custom User Roles. Users can log in without being assigned to a User Role; however, they will not be able to view or access any portion of R365 without a User Role assigned to them.
R365 User Roles
R365 User Roles are provided as default permission sets. These roles can be used as is, or they may be duplicated to create Custom User Roles. R365 User Roles are always available for assigning to Users and cannot be edited or removed.
R365 User Roles are indicated in the 'Select User Role' drop-down menu with 'R365' after their name.
R365 User Roles include:
- Above Store Manager
- Accounting Admin
- Accounting Clerk
- AP Data Entry
- Employee App Access
- Full Access
- Full View Access
- Operations Admin
- Payment Run Approver
- Restaurant Manager
- Shift Lead
Custom User Roles
Custom User Roles are created by an Admin User to group any combination of permissions together. Frequently, Custom User Roles are created as full permission sets that contain all of the permissions that the User requires. They can also be used as additional permission sets that only add a few additional permissions.
Permission Tree
User permissions are organized into a tree structure. Permission groups will contain all of the permissions for nested groups.
To expand or collapse a permission group, click the icon.
To expand or collapse all groups, click 'Expand All' or 'Collapse All' at the top of the permission tree
Permission Groups
Top-level permission groups contain all of the permissions for full modules or areas of R365, such as 'Accounts Payable', 'Administration', 'Payroll', etc.
Second-level permission groups contain all of the permissions for features of the top-level group, such as 'AP Credit Memos', 'Docs to Process', and 'Inventory Counts' within the 'Food' top-level group.
The lowest level is the individual permissions, such as 'View Inventory Counts' within the 'Inventory Counts' group.
Checkbox Legend
The following icons are used for permission group checkboxes:
- Empty Checkbox - None of the permissions in the group have been assigned
- Blue Check Checkbox - All of the permissions in the group have been assigned.
- Blue Dash Checkbox - Some, but not all, of the permissions in the group have been assigned.
The following icons are used for individual permission checkboxes:
- Blue Check Checkbox - Permission is assigned, granting the User access
- Empty Blue Checkbox - Permission is not assigned, the User does not have access
- Empty Grey Checkbox - Permission cannot be assigned because the 'View' permission for the group has not been granted.
Creating a New User Role
Creating new User Roles is done on the 'User Roles' tab of the Security & Permissions page.
Creating Blank User Roles
To create a new Custom User Role without any permissions assigned, click . The New User Role form will open.
Enter a name for the User Role, then clickto create the User Role, orto close without saving.
Copying Existing User Roles
Creating a new Custom User Role that already has permissions assigned can be accomplished by duplicating an existing User Role. This is frequently used to make adjustments to the R365 User Roles that cannot be edited. By duplicating the R365 User Role, the created Custom User Role will start with all of the permissions from the R365 User Role and then can be fine-tuned. Both R365 User Roles and Custom User Roles can be duplicated.
To duplicate a User Role, perform the following steps:
1) Select the User Role to copy, then click the pencil icon, then select 'Duplicate' from the drop-down menu.
The 'Duplicate role' menu will open.
2) Enter a new name, if desired. By default, the name of the duplicated User Role will be the name of the User Role being duplicated with '(Copy)' added to the end.
3) Choose which of the following from the selected User Role should be included in the new User Role:
- Include Permissions - All permissions assigned to the selected User Role will be assigned to the new User Role
- Include Settings - Password settings associated with the selected User Role will be assigned to the new User Role
- User Options - Choose one of the following three options for how Users associated with the selected User Role will be handled for the new User Role:
- Duplicate Users - Users from the selected User Role will be included in the new User Role. No changes will be made to the selected User Role, resulting in the Users being assigned to both User Roles.
- Transfer Users - Users from the selected User Role will be moved to new User Role. Users will be unassigned from the selected User Role, resulting in the Users only being assigned to the new User Role.
- Don't Include Users - Users from the selected User Role will not be included in the new User Role. No changes are made to the selected User Role, resulting in Users only being assigned to the selected User Role.
- Note: Users assigned to the User Role can be viewed on the Users tab.
- Duplicate Users - Users from the selected User Role will be included in the new User Role. No changes will be made to the selected User Role, resulting in the Users being assigned to both User Roles.
4) Clickto create the User Role, orto close without saving.
Customizing a User Role
Adding and Removing Permissions
All permissions are additive; if a checkbox associated with a permission is checked, the User will have that permission.
To add a permission, check the checkbox associated with the permission. Unchecking a checked checkbox will remove the permission.
To add all permissions for a group, check the checkbox associated with the permission group. Unchecking a checked checkbox will remove all of the permissions in that group.
When all desired permissions have been assigned, click 'Save' from the 'Save' menu in the upper left to save changes to the User Role.
Searching for Permissions
Entering a search term into the search bar will filter the permission tree for all permissions and permission groups that contain the search term.
Select All and Clear All
The 'Select All' and 'Clear All' buttons can be used to quickly assign or remove all permissions; they can then be fine-tuned.
assigns all privileges to the User Role.
removes all assigned privileges from the User Role.
It is recommended to use caution when assigning or removing all permissions, as these actions will overwrite all of the current selections for the User Role.
Note: Custom User Roles are not intended to provide full access to Users. If full access is needed, please use the R365 User Role called 'Full Access'. The 'Full Access' User Role will always contain all possible permissions, and will be automatically updated when new permissions are added.
Note: Custom User Roles with no assigned permissions will not provide any access to assigned Users. If the only User Role assigned to a User has no permissions, the User can log in, but they will not be able to view or access any portion of R365.
User Role Permissions at the User Level
The permissions granted by the User Roles assigned to the User can be viewed and adjusted at the User level on the 'Permissions' tab of the User Record.
Permissions that are granted from assigned User Roles will be indicated with a link icon. Hovering over the link icon will display which User Roles are granting that permission.
When permissions that were granted from an assigned User Role have been removed at the User level, the individual permission and permission group will be indicated as follows:
- Individual Permissions - Indicated with a red crossed-out link icon
- Permission Groups - Indicated with a grey crossed-out link icon
Permissions that have been granted to the User at the User level and were not granted by any of the assigned User Roles will not have a link icon.
Changing Over to the Custom User Role System
Prior to August 2022, all R365 Instances used the classic User Role system that consisted of Primary and Secondary User Roles. These static User Roles each contained a collection of permissions and granted all of those permissions when assigned to Users.
When an R365 Instance transitions from the classic User Roles to the new customizable User Roles, R365 will auto-create Custom User Roles to ensure that existing Users retain all assigned permissions.
It is recommended that Admin Users set aside time to review and clean up these auto-generated User Roles. However, this cleanup is not required.
Auto-Generated User Roles
As R365 Instances are transitioned from the classic User Roles to the new customizable User Roles, R365 will auto-generate a Custom User Role for each combination of permissions that any existing User has, then auto-assign each User to the appropriate Custom User Role. This ensures that existing Users retain all assigned permissions.
- Note: If multiple Users have the same combination of permissions, only one Custom User Role will be created. If there is any difference between Users, a second User Role will be created. It is not uncommon to see over a dozen User Roles created in this fashion when changing over to the new system.
The names of auto-generated User Roles will contain the word 'Custom' and the highest-access Primary Role assigned to the User. If multiple auto-generated User Roles are created with the same Primary Role, a number will be added.
Examples of auto-generated User Role names:
- 'Custom Accounting Manager'
- 'Custom Accounting Manager (1)'
- 'Custom Accounting Manager (2)'
Cleaning Up Auto-Generated User Roles
Review
Identify the User Roles with the most and the least Users assigned.
- The quantity of Users assigned to each User Role can be viewed in the 'Select User Role' drop-down menu
- Selecting a User Role, then clicking the 'Users' tab, will show which Users are assigned to that User Role. Toggle the 'Only Show Selected Users' to quickly see only the Users assigned.
Look at the permissions assigned to each auto-generated User Role on the 'Permissions' tab and determine if that User Role is needed, should be adjusted, or should be combined with other User Roles.
Create New User Roles or Work with the Auto-Generated User Roles
Starting Clean
To start with clean User Roles, create new User Roles using the steps above in the 'Create a New User Role' section. Assign the desired permissions to the new User Roles. Users can then be assigned to the new User Roles, and the auto-generated User Roles can be deleted.
Working with the Auto-Generated User Roles
Rename
Rename User Roles that will be maintained moving forward by clicking on the pencil icon, then selecting 'Rename'.
Enter a new name that indicates that the User Role will be maintained moving forward. It is recommended to name User Roles based on the role within the organization that the Users assigned will have, such as 'General Manager' or 'Bookkeeper'.
Consolidate
Consolidate User Roles where possible by reassigning Users to User Roles that are being maintained. Remember that if only one or two Users need additional access compared to other Users in a similar role, this can be done at the User level.
Delete Unneeded User Roles
Once a User Role has no Users assigned, it can be deleted. Click the pencil icon, then select 'Delete' to delete the User Role.