# Manage Roles and Permissions

<p class="callout info">**Roles and Permissions** in OPSCOM provide granular control over what administrative users can access and do within the system. This feature allows administrators to define specific responsibilities, enhance security, and ensure that each user has appropriate access levels, streamlining operations and maintaining data integrity.</p>

### Using this Feature

1. Click **System Configuration,** then **Admin Management,** and click **Manage Roles.**

##### <span style="text-decoration: underline;">Creating and Managing Roles</span>

Roles are central to the permissions system, acting as templates for sets of permissions.

1. The **Manage Administrator Roles** page will display. The **System Administrator** (Primary) role is pre-defined and allows you to create new roles and assign them to other admin users.
2. To create a new role, click the **Add New Role** button at the bottom of the page.
3. Enter a descriptive **Role Name** and a **Description** for that role. 
    - The description will appear as a rollover tooltip when you mouse over the **Edit Role** button for that role.
4. Click **Save Role** to save your new role.  
      
    [![FVUimage.png](https://opscom.wiki/uploads/images/gallery/2025-06/scaled-1680-/fvuimage.png)](https://opscom.wiki/uploads/images/gallery/2025-06/fvuimage.png)

##### <span style="text-decoration: underline;">Editing Existing Roles</span>

You can modify the name and description of any role (except the **System Administrator** role).

1. On the **Manage Administrator Roles** screen, click the **Edit Role** button next to the role you wish to update.
2. Make your desired changes to the **Role Name** and/or **Description**.
3. Click **Save Role** to save your edits.

##### <span style="text-decoration: underline;">Assigning Permissions to a Role</span>

Once a role is created, you'll define what actions users assigned to that role can perform by setting its permissions. [Refer to this article for more detailed Permissions information.](https://opscom.wiki/books/adminstrators-setup-configuration/page/permissions-in-OPSCOM)

1. On the **Manage Administrator Roles** screen, click the **Permissions** button next to the role you want to configure. The **Editing Permissions** screen will display.
2. The top bar displays various icons, mirroring the OPSCOM menu structure. The number next to each icon indicates how many permissions within that category have been selected for the current role.
3. Click an icon (e.g., a "Permit" icon, a "Violations" icon) to display the specific permissions available within that category.
4. To grant a permission, enable the checkbox next to that permission's name.
5. Once you have navigated through each icon and selected all the necessary permissions for the role, click **Save Permissions**. The role, with its defined permissions, is now created and ready for assignment.

##### <span style="text-decoration: underline;">Assigning Roles to Admin Users</span>

After roles are defined, you can assign them to your administrative users.

1. Click **System Configuration,** then **Admin Management,** and click **Edit Admin Users**. The **Manage Active Administrators** page will display.
2. Select an existing user you wish to modify, or choose to create a new user.
3. On the left side of the screen, add or confirm the **User Information** (e.g., name, email).
4. On the right side, select the role(s) you wish to apply to that user from the available options.
5. You can also add a **Comment** for any relevant notes about the user's role or status.
6. Click **Update User** when you have finished making your changes.

---

### <span style="color: rgb(22, 145, 121);">Best Practices &amp; Considerations</span>

- <span style="color: rgb(22, 145, 121);">**Principle of Least Privilege**: Always adhere to the principle of least privilege. Grant users only the permissions absolutely necessary for them to perform their job functions. This minimizes security risks and potential for accidental errors.</span>
- <span style="color: rgb(22, 145, 121);">**Role-Based Access Control**: Utilize roles to manage permissions efficiently. Instead of assigning individual permissions to each user, create roles (e.g., "Enforcement Officer," "Permit Manager," "Finance Admin") and assign users to those roles. This simplifies onboarding, offboarding, and auditing.</span>
- <span style="color: rgb(22, 145, 121);">**Clear Role Descriptions**: Use the role description field to clearly state the purpose of the role and the types of permissions it encompasses. This helps administrators understand what each role is intended for.</span>
- <span style="color: rgb(22, 145, 121);">**Regular Review**: Periodically review your defined roles and user assignments to ensure they remain appropriate as job responsibilities change or staff join/leave your organization.</span>
- <span style="color: rgb(22, 145, 121);">**Test New Roles**: Before deploying a new role to active users, test it with a test administrator account to confirm that the assigned permissions function as expected and do not inadvertently grant too much or too little access.</span>