IXL CORE
All guides
Admin SetupGuide Β· v1.0

Create roles and permissions

Compose roles from the shared capability catalogue by binding capabilities to a scope level as permissions, then attaching those permissions to named roles.

Build the roles your people will hold by composing them from the shared capability catalogue β€” you bind capabilities to a scope level as permissions, then group those permissions under a named role.

Before you start

  • You need an administration role that already holds the capabilities you intend to confer. You may only attach capabilities you hold yourself β€” an admin cannot grant an ability they lack.
  • The capability catalogue is global: it is shared by every tenant and authored only by the platform operator. You compose from it; you cannot create or edit capability entries, and authoring a permission entry is likewise a platform-operator concern.

Steps

Browse the capability catalogue

  1. Open Admin Setup β†’ Access β†’ Capabilities and review the abilities available, grouped by domain (for example crm.leads.view or settings.manage).
  2. Note the scope levels each capability may be exercised at β€” a permission’s scope must be one the capability allows.

    [screenshot: Capability catalogue]

Understand permissions

A permission binds a capability to a scope level β€” organisation, entity, branch, department or position β€” with an allow effect, an optional set of constraints, and a status of active, inactive or reserved. A capability may carry only one active permission per scope level and effect. Tenant administrators compose roles from existing permissions rather than authoring new catalogue entries.

Create a role

  1. Open Admin Setup β†’ Access β†’ Roles and create a role.
  2. Enter the Name (required) and a Code (required, unique within the organisation). The code must be lower-case, using dots, underscores or hyphens between segments β€” for example sales.manager.
  3. Choose a Status (required): active, inactive or reserved.
  4. Optionally add a Description, and set the Is system and Is assignable flags. Save.

    [screenshot: Create role]

Attach permissions to the role

  1. Open the role and attach a Permission (required β€” select an existing permission).
  2. Only active permissions may be attached, and only active, assignable roles may receive them.
  3. Repeat to build up the role’s rights. Every change is audited.

Result

Your role carries the permissions that define what its holders may do, each capability enforced on the request itself rather than merely hidden in the interface. The role is ready to grant to your team.

Put this into practice