# system roles

## About the system role

The settings in **System roles** govern the permissions for options that apply system-wide.\
The options controlled by this role remain the same across all projects.

Each user always has exactly 1 system role. Users cannot have more than 1 system role at the same time.

## Default system roles

By default, eliona is delivered with the following roles:

### system owner

This role is created during system deployment and has **all** permissions. 

* The "System-Owner" role is the only role that can create new system roles.
* The "System-Owner" role is the only role that can grant the "System-Admin" role.

### System-Admin

A role with extensive permissions. Users with this role can, among other things, create new users. Users with the "System-Admin" role can give other users **NOT** the role **"**"System-Admin".

### System-User

This role is automatically assigned to every newly created user. Users with this role have no write permissions whatsoever and can create neither new System-Admins nor new System-Users.

{% hint style="info" %}
Default roles cannot be changed or deleted.
{% endhint %}

## Create a custom system role

{% hint style="info" %}
Only holders of the "System-Owner" system role can create new system roles.
{% endhint %}

You can create and customize an unlimited number of custom roles.

Proceed as follows to create a new system role

{% @supademo/embed demoId="bb1-CwIMkdiuUCmi78DJU" url="<https://app.supademo.com/demo/bb1-CwIMkdiuUCmi78DJU>" fullWidth="true" %}

## System role options

<div data-full-width="true"><figure><img src="https://content.gitbook.com/content/Nyvwhz1kEMXcHf4HLuZ8/blobs/3Jx2k6ue1oNFWsOlCvBS/C658B2D2-8CA8-492F-B2E5-B2BCA3F960ED.png" alt=""><figcaption><p>Options for a system role</p></figcaption></figure></div>

{% hint style="info" %}
Disable a universal toggle to hide the corresponding menu item
{% endhint %}

<table><thead><tr><th width="85"></th><th width="264"></th><th></th></tr></thead><tbody><tr><td>A</td><td>Name</td><td>Name of the system role</td></tr><tr><td>B</td><td>Role Access</td><td>If this switch is enabled, other authorized users (e.g. admins) can assign this role to users. <a href="#role-access">-> More info</a></td></tr><tr><td><strong>C</strong></td><td><strong>Universal toggle "Asset"</strong></td><td><strong>Enable/disable all read and write access for the "Asset" function</strong></td></tr><tr><td>C1</td><td>asset</td><td>Grant write access/read access for "Asset Modeling"</td></tr><tr><td><strong>D</strong></td><td><strong>Universal toggle "Connection"</strong></td><td><strong>Enable/disable all read and write access for the "Asset" function</strong><br><br>Disable switch to hide menu item</td></tr><tr><td>D1</td><td>format</td><td>Grant write access/read access for "Format"</td></tr><tr><td>D2</td><td>Features</td><td>Grant write access/read access for the "Functions"</td></tr><tr><td><strong>E</strong></td><td><strong>Universal toggle "Eliona"</strong></td><td><strong>Enable/disable all read and write access for the "eliona" function</strong></td></tr><tr><td>E1</td><td>Projects</td><td>Grant write access/read access for "Projects"</td></tr><tr><td>E2</td><td>Provider</td><td>Grant write access/read access for "Provider"</td></tr><tr><td>E3</td><td>Roles</td><td>Grant write access/read access for "Roles"</td></tr><tr><td>E4</td><td>Tags</td><td>Grant write access/read access for "Tags"</td></tr><tr><td>E5</td><td>User</td><td>Grant write access/read access for "Users".<br><br>If write access is enabled for this item, users with this system role can create new users.</td></tr><tr><td><strong>F</strong></td><td><strong>Universal toggle "Monitoring"</strong></td><td><strong>Enable/disable all read and write access for the "Monitoring" function</strong></td></tr><tr><td>F1</td><td>Monitoring</td><td>Grant write access/read access for "Monitoring"</td></tr><tr><td><strong>G</strong></td><td><strong>Universal toggle "Settings"</strong></td><td><strong>Enable/disable all read and write access for the "Settings" function</strong></td></tr><tr><td>G1</td><td>Apps</td><td>Grant write access/read access for "Apps"</td></tr><tr><td>G2</td><td>Audit Log</td><td>Grant write access/read access for "Audit Log"</td></tr><tr><td>G3</td><td>API Keys</td><td>Grant write access/read access for "API Keys"</td></tr><tr><td>G4</td><td>license</td><td>Grant write access/read access for "License"</td></tr><tr><td>G5</td><td>System</td><td>Grant write access/read access for "System"</td></tr><tr><td>G6</td><td>Templates</td><td>Grant write access/read access for "Templates"</td></tr></tbody></table>

## \[B] Role Access

With this option you can define who can assign the corresponding system role to other users.

This function can be configured separately for each system role.

<div data-full-width="true"><figure><img src="https://content.gitbook.com/content/Nyvwhz1kEMXcHf4HLuZ8/blobs/EavskeH4gOdq3J19umQG/C2EE0A49-0EAC-4AFD-A70D-9291F26CEC11.png" alt=""><figcaption></figcaption></figure></div>

**Switch enabled** \
This system role can be assigned by users whose system role has write permissions in the area *Roles* .

**Switch disabled**\
This role can only be assigned by the System-Owner.&#x20;

## Assign a system role to a user

{% @supademo/embed demoId="B9-AfwFUnk\_k4AZXoz8wr" url="<https://app.supademo.com/demo/B9-AfwFUnk_k4AZXoz8wr>" fullWidth="true" %}