# Roles

## What are roles?

Roles are used to assign access rights. With roles, you can control in a fine-grained way which [-> Users](https://docs.buildings.ability.abb/collection/english-v14/documentation/users) can access which functions of eliona.&#x20;

You can allow users to use only the functions you specify. You can prohibit the use of other functions.&#x20;

## How do roles work?

You create a role and configure read permissions and write permissions in this role.

You then assign this role to one or more users. Users with this role may then only perform those actions that the role permits them to do.&#x20;

By assigning a role to multiple users, you can quickly and easily create user groups in this way.

## System roles vs project roles

There are 2 types of roles: project roles and system roles. It is important to understand the difference between project roles and system roles.

### System roles

The settings in **System roles** govern the permissions for options that apply system-wide.\
The options controlled by this role remain the same across all projects.

### Project roles

Project roles apply per project and govern project-specific permissions, e.g. access to certain assets.&#x20;

### Automatic role assignment

When a user is created, they are always automatically assigned a system role.&#x20;

When a user is assigned to a project, they are always automatically assigned a project role.&#x20;

If a user is assigned to multiple projects, the user can have a separate project role for each project.

## Permissions

The following permissions can be defined for each individual role:

### Read permission&#x20;

If read permission has been granted, users can see entries and menu items, but not change them.

If **none** If read permission has been granted, users can **NOT** see entries.&#x20;

{% hint style="info" %}
By not granting read permissions, you can completely hide individual menu items from users.
{% endhint %}

### Write permission

If write permission has been granted, a user can enter values, delete objects, and create new ones.&#x20;

A write permission can only be granted if a read permission exists. It is not possible to have write permission without read permission.

### "Manage" permission

This permission exists exclusively in project roles.

If this permission is enabled, a user can copy the following elements to other users:

1. Dashboards
2. Analytics
3. Reports
4. Smart Views