Give people access by assigning a role to an existing member of your organisation at the exact level it should apply. There is no email invitation step โ you assign roles to members who already belong to the organisation, not to new people by email.
Before you start
- The person must already be a member of the organisation. Membership means they are an employee in the organisation or already hold a role assignment there; assigning a role provisions an existing member, it is not an invite flow.
- You may only assign a role whose every capability you already hold yourself โ this anti-escalation ceiling stops an admin curating access around their own limits.
- The role must belong to the same organisation and be active and assignable.
Steps
Choose the member and role
- Open Admin Setup โ Access โ Assignments and create an assignment.
- Select the User (required) โ an existing member of this organisation.
- Select the Role (required).
[screenshot: New role assignment]
Set the scope
- Choose the Scope level (required): organisation, entity, branch, department or position.
- Name the scope targets the level requires:
- Entity scope requires an Entity.
- Branch scope requires an Entity and a Branch.
- Department scope requires Entity, Branch and Department.
- Position scope requires Entity, Branch, Department and Position.
- The scope must be internally consistent โ the branch must sit under the named entity, the department under that branch, and each level must belong to this organisation. A field that is not permitted for the chosen scope level is rejected.
Time-box the grant (optional)
- Optionally set a Starts at date and an Ends at date (the end date must be on or after the start date).
- Save โ the assignment, and any later change to it, is written to the audit trail.
Result
The member now holds the role at the scope you chose, for the period you set. Two protections stay in force: the anti-escalation ceiling on what you may confer, and a last-admin guard that refuses to expire the final remaining access-administration grant, so the organisation can never lock itself out of its own access controls.
