Organizational roles
Organizational roles are user groups that represent company units, departments or subdivisions in the organizational structure, for example, the "Boston Office Sales Department" or the "Washington Office HR Department." Each organizational role can be assigned access permissions that apply to all of its users. Organizational roles also automatically inherit access permissions from their parent organizational roles.
To manage organizational roles, click → Organizational roles.
The Organizational roles section contains the company’s organizational structure (represented in the form of a folder tree) and the information about individual organizational roles.
By default, only system administrators have access to this section. Users need to have permission to the "Manage user list" ("CanManageUsers" code) system operation to work with this section.
Add an organizational role
-
Click → Organizational roles.
-
In the list of organizational roles, select the corresponding parent role. For example, an organizational role for the regional office.
-
Click Add and select the role type: "Organization" or "Division." For example, create a "Marketing department" division for the regional office.
-
Enter the name of the role. The name of each organizational role must be unique.
-
Open the Functional roles tab and add functional roles. For example, "Marketing Manager," "Copywriter," etc. All users in these functional roles will obtain all permissions of the organizational role.
This step is optional.
noteAlternatively, you can connect a functional role to an organizational role on the functional role page. Read more: Connect functional and organizational roles.
-
Click → Update roles for changes to take effect (Fig. 1).
As a result, a new organizational role will be added to Creatio. It will automatically obtain the same access permissions as its parent organizational role.
Add a management role
Set up special access permissions for management staff by adding a management role to an organizational role. The management role exists as a standalone organizational role in Creatio and may have its own access permissions, but it is not visible in the list of organizational roles.
Management role inherits the subordinate role's and users access permissions automatically.
To add a management role:
-
Click → Organizational roles.
-
Select the corresponding organization and/or division to assign a management role in the list of organizational roles. For example, to assign a manager to the HR Department, select the "HR Department" role.
-
Select the Management role exists checkbox on the Managers tab.
-
Specify the name of the management role (Fig. 2) in the Management role field.
-
Take the following steps on the Managers tab:
-
Click and select Add existing to add an existing user. Select the corresponding user in the pop-up box (Fig. 3).
-
Click and select Add new to add a new user assigned to this role. You will need to fill out the new user page.
-
As a result, the management role will be added to the organizational role. The users that have the management role will obtain all access permissions of the role, including permissions inherited from the subordinate role (e. g., "HR Department").
Sometimes, managers can inherit unnecessary permissions. For example, if an employee was granted extended permissions to accomplish tasks. You can restrict the automatic delegation of permissions for specific roles to ensure the managers do not inherit unneeded permissions.
To do this, add the needed organizational or functional roles to the "User roles not inherited by managers" lookup. By default, the lookup includes the "System administrators" role.
Learn more in separate articles: [Object operation permissions](a href=https://academy.creatio.com/documents?id=262), Record permissions, Column permissions, System operation permissions.
Add users to an organizational role
You can create a list of users in an organizational role in any of the following ways:
- add an existing user (selecting a user from the list)
- add a new user via a new user page
- import LDAP users
You can import LDAP users only if the LDAP user integration has been set up. Learn more: Set up LDAP synchronization.
All users added to the organizational role will inherit any access permissions configured for it.
To add users to an organizational role:
-
Click → Organizational roles.
-
Select the corresponding organization and/or division in the list of functional roles represented as a folder tree.
-
Take the following steps on the Users tab:
-
Click and select Add existing to add an existing user. Select the corresponding user in the pop-up box (Fig. 4).
-
Click and select Add new to add a new user assigned to this role (you will need to populate the new user page).
-
As a result, selected users will be added to the organizational role. The users will inherit any access permissions configured for the organizational role.
Learn more about access permissions in separate articles: Object operation permissions, Record permissions, Column permissions, System operation permissions.