Not to be confused with a job role, a security role is a collection of privileges. For example, we can create a Project Viewer role having the privileges: View Project : Granted, View Task : Granted, and View Financials : Denied. We can also create another role Project Collaborator with New Discussion : Granted and Add Document : Granted privileges.

Role Based Access Control (RBAC)

Role based access control is an approach where access to an object for a user is controlled based on the roles the users is playing in that object. In this approach instead of directly assigning privileges to users, privileges are assigned to roles and roles, in turn, are assigned to users.


Why not just assign privileges to users? Wouldn’t that be easier? For teams with less than 10 users, the way of assigning privileges indirectly through security roles (RBAC) is probably an overkill. But as the number of permissions increase (Celoxis has around 60) and team sizes increase, managing privileges becomes difficult, error-prone and time consuming. When new employees are added to the team, the administrator will have to spend a lot of time giving them privileges and at the same time ensuring none of them are accidentally given (or denied) a privilege not intended for them.

With roles based security, admins would simply assign the new employee the right roles in the right workspaces. E.g. when Mark Marketer joins the company, all the admin would have to do is assign him the Junior Marketing Executive security role in the Marketing workspace. Mark is just another junior marketing executive whose security role has been carefully populated with the right access control privileges.

Managing Roles

Only administrators can manage roles in Celoxis. To manage, click Top MenuAdminAccount ManagementAccess Control.

AClick to add a security role
BClick to edit or delete a security role
CClick to view and modify users playing this role
DAuto-assigned roles. Note how you cannot assign it to members.
ERole Executive has been granted the View Financials privilege. Click to change it.
FRole External Users has been denied the View Financials privilege. Click to change it.
GClick a tab to set privileges associated with it.