Roles, Role Profiles and Rights can be configured within the system. While Smart Completions offers a full suite of roles (and their rights-assignments) against managers, projects can configure their own, specific roles. If you need to configure roles and rights, that you open a Service Request through Smart Support to discuss what you need to create. The role profiles and role configurations are database wide. For this reason, only trusted administrators should be granted access to roles, User Application and Resources.
When defining the Roles, Role Profiles and Rights, the following definitions apply:
System User = a person or resource
Role = a function which defines access to specific managers
Rights = permissions granted to perform a specific action within a specific manager, by a specific role.
Role Profile = a group of roles defining the ‘authority/access’ levels
Although it’s easy to confuse role profiles and rights / permissions sets with roles, both control two very different things. Roles primarily control a user’s record-level access permissions against various managers.
Designating a Role or Role Profile as "Admin" will protect that profile and the rights associated with it. Any user with a role that includes "Manage" rights can assign roles to themselves and other users. If a Role Profile is designated as "Admin," then it is only available to certain administrative users. In this way, you can allow some users to create and assign roles, but limit their capability for high level administrative rights. For instance, one of these users cannot use the Role Profile or Roles manager to grant him/herself additional rights. Only users with these admin roles assigned to them will be able to see these check marked roles in the manager.