Skip to content

How do I create a custom role?

Requires Basic

If the four base roles aren’t enough, create a custom role under Administration → Roles: give it a name, choose permissions from the catalog, and set the scope (this tenant or global). You then assign the role to users — its permissions add to their base role.

Available in all plans.

  1. Open Roles. Administration → Roles“Create role”.

  2. Define the role. Enter a name and, optionally, a description, choose the scope (Tenant or Global), and check the desired permissions. Permissions are grouped by area (Assets, Network, …, Administration).

    A custom role bundles any permissions from the catalog.
  3. Save and assign. After saving, the role appears in the list. Assign it to the relevant accounts via the user detail page (“Assign roles”).

  • Catalog check. Every permission code you provide is checked against the fixed catalog; unknown codes are rejected with 422. Notory removes duplicate entries; the order stays stable.
  • Scope determines visibility. scope: "tenant" binds the role to your tenant (tenant_id set). scope: "global" (tenant_id = NULL) makes it available to all tenants — hence the super-admin restriction.
  • Additive, never subtractive. An assigned role extends a user’s permissions. To revoke permissions, remove the role again or lower the base role.
  • Custom roles can be deleted. Unlike built-in system roles (is_system), self-created roles can be edited and deleted at any time. When deleted, assigned users only lose the additional permissions from that role.