There are various preconfigured roles within the OneTrust platform that you can assign to users. However, if you need a custom role to better meet your organization's needs, you can create a new role either manually from scratch or from a copy of another role. OneTrust recommends starting off with a copy of an existing role and adjusting the permissions accordingly.
Note
Custom roles must be manually managed. A maximum of 150 custom roles can be created in a OneTrust platform account.
You can view all system and custom roles created within the platform using the Roles screen. In addition to seeing the name and description of each role, you can differentiate between system and custom roles at a glance using the Source column and identify the number of users assigned to each role using the Users column. You can click the link in the Users column to access the list of users with the given role if needed.
To create a custom role based on an existing role
Note
This is the recommended method for creating a new custom role.
If you create a custom role based on the default Site Admin role, not all permissions will be copied automatically. Some permissions are omitted to prevent unauthorized actions.
Click the gear icon in the upper right-hand corner to access Global Settings.
On the Global Settings menu, select User Management > Roles. The Roles screen appears.
Hover over the role you want to use as the source for the new role you are creating, and click the Context Menu icon that appears.
On the Context menu, select Copy. The Copy a role modal appears.
Note
Alternatively, you can click the Copy button on the View Role Details screen for a system role or on the Edit Custom Role screen for a custom role.
Enter a name and description for the custom role. Then click the Next button. The Add Custom Role screen appears with permissions copied over from the source role.
Configure permissions for the custom role using either of the following methods:
Select the check boxes corresponding to general permission levels, such as Viewer, Collaborator, or Manager, for a given permission group.
Click a link in the Permission Group column to drill-down into a permission group and assign individual permissions. This view displays individual permission names and descriptions along with additional details, such as the object, action, and permission level, to help you identify what each permission controls.
Module or feature set that the permission levels support.
Viewer
Permission level that allows users to view records and submit their own records through the Self-Service Portal.
Collaborator
Permission level that allows users to contribute to the programs and data by editing records and collaborating through comments and tasks.
Manager
Permission level that allows users access to full functionality, including the ability to create new records, delete records, and update settings or configurations.
Check Box Selection Statuses
Selection Status
Description
The blank box indicates that no permissions within that permission level for the permission group are currently enabled for the role, but can be enabled if needed.
The grayed-out box indicates that the permission group does not contain any permissions that can be enabled at that permission level.
For example, the Custom Object Management permission group in the image above does not contain any Viewer or Collaborator-level permissions. As a result, those levels display grayed-out boxes that cannot be enabled.
The checked box indicates that all permissions within that permission level for the permission group are enabled for the role. A check mark will appear when you directly select the box for general permission levels, such as Viewer, Collaborator, or Manager, for a given permission group.
For example, the Controls Library permission group in the image above has checked boxes for the Viewer and Manager permission levels. This means that every Viewer and Manager-level permission within the Controls Library permission group is enabled for the role.
The minus box indicates that some permissions within that permission level for the permission group are enabled for the role. A minus will appear when you drill-down into a permission group and assign individual permissions.
For example, the Assessments permission group in the image above has minus boxes for the Collaborator and Manager permission levels. This means that some but not all Collaborator and Manager-level permissions within the Assessments permission group are enabled for the role.
Note
To access this view, click a link within the Permission Group column on the previous screen.
Field
Description
Permission Group
Module or feature set that the permission supports.
Object
Object to which the permission is associated.
Action
Type of action available when a user has the permission.
Permission Name
Name of the permission.
Description
Brief description that details what the permission allows.
Permission Level
Level of access or persona of the permission.
To manually create a custom role
Click the gear icon in the upper right-hand corner to access Global Settings.
On the Global Settings menu, select User Management > Roles. The Roles screen appears.
Click the Add Role button. The Add Role screen appears.
In the Role Details step, enter a name and description for the custom role. Then click the Next button. The Assign Permission step appears.
In the Assign Permissions step, configure permissions for the custom role using either of the following methods:
Select the check boxes corresponding to general permission levels, such as Viewer, Collaborator, or Manager, for a given permission group.
Click a link in the Permission Group column to drill-down into a permission group and assign individual permissions. This view displays individual permission names and descriptions along with additional details, such as the object, action, and permission level, to help you identify what each permission controls.
Click the Next button. The Role Summary step appears with a summary of the role name, description, and total number of actions per type assigned to the role.
Click the Submit button.
To edit a custom role
Note
System default roles cannot be edited.
Click the gear icon in the upper right-hand corner to access Global Settings.
On the Global Settings menu, select User Management > Roles. The Roles screen appears.
Click the link in the Role Name field for the role you want to edit. The Edit Custom Role screen appears.
Note
You can also select Edit on the Context menu for the role you want to edit.
Modify the permissions for the custom role using either of the following methods:
Select the check boxes corresponding to general permission levels, such as Viewer, Collaborator, or Manager, for a given permission group.
Click a link in the Permission Group column to drill-down into a permission group and assign individual permissions. This view displays individual permission names and descriptions along with additional details, such as the object, action, and permission level, to help you identify what each permission controls.
