# System Roles

### About the System Role

The settings in **System Roles** regulate the permission for options that apply system-wide. The options controlled by this role remain the same in all tenants.

Every user always has exactly 1 system role. Users cannot have more than 1 system role at the same time.

### Standard System Roles

BuildingPro Suites is delivered with the following roles by default:

#### System Owner

This role is created during the system deployment and has **all** permissions.

* The "System Owner" role is the only role that can create new system roles.
* The "System Owner" role is the only role that can assign the "System Admin" role.

#### System Admin

A role with extensive rights. Users with this role can, among other things, create new users. Users with the "System Admin" role can **NOT** assign the "System Admin" role to other users.

#### System User

This role is automatically assigned to every newly created user. Users with this role have no write permissions and can neither create new system admins nor new system users.

{% hint style="info" %}
Standard roles cannot be changed or deleted.
{% endhint %}

### Create a Custom System Role

{% hint style="info" %}
Only owners of the "System Owner" system role can create new system roles.
{% endhint %}

You can create and customize an unlimited number of custom roles.

Proceed as follows to create a new system role:

{% @supademo/embed url="<https://app.supademo.com/demo/bb1-CwIMkdiuUCmi78DJU>" demoId="bb1-CwIMkdiuUCmi78DJU" fullWidth="true" %}

### System Role Options

<div data-full-width="true"><figure><img src="https://3489494878-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F9GvUpaatBiReR43XFSMg%2Fuploads%2F6VRUmZeqZDRdATsb299I%2FC658B2D2-8CA8-492F-B2E5-B2BCA3F960ED.png?alt=media&#x26;token=7a86d491-b433-44a6-a959-60a1affc3568" alt=""><figcaption><p>Options for a system role</p></figcaption></figure></div>

{% hint style="info" %}
Deactivate a universal switch to hide the corresponding menu item
{% endhint %}

<table data-full-width="true"><thead><tr><th width="68.20001220703125"></th><th width="252"></th><th></th></tr></thead><tbody><tr><td>A</td><td>Name</td><td>Name of the system role</td></tr><tr><td>B</td><td>Role Access</td><td>When this switch is activated, other authorized users (e.g. admins) can assign this role to users. <a href="#b-role-access">-> More info</a></td></tr><tr><td><strong>C</strong></td><td><strong>Universal switch "Asset"</strong></td><td><strong>Activate/deactivate all write and read access for the "Asset" function</strong></td></tr><tr><td>C1</td><td>Asset</td><td>Grant write/read access for "Asset Modeling"</td></tr><tr><td><strong>D</strong></td><td><strong>Universal switch "Connection"</strong></td><td><strong>Activate/deactivate all write and read access for the "Asset" function</strong><br><br>Deactivate the switch to hide the menu item</td></tr><tr><td>D1</td><td>Format</td><td>Grant write/read access for "Format"</td></tr><tr><td>D2</td><td>Functions</td><td>Grant write/read access for "Functions"</td></tr><tr><td><strong>E</strong></td><td><strong>Universal switch "BuildingPro Suites"</strong></td><td><strong>Activate/deactivate all write and read access for the "BuildingPro Suites" function</strong></td></tr><tr><td>E1</td><td>Tenants</td><td>Grant write/read access for "Tenants"</td></tr><tr><td>E2</td><td>Provider</td><td>Grant write/read access for "Provider"</td></tr><tr><td>E3</td><td>Roles</td><td>Grant write/read access for "Roles"</td></tr><tr><td>E4</td><td>Tags</td><td>Grant write/read access for "Tags"</td></tr><tr><td>E5</td><td>Users</td><td>Grant write/read access for "Users".<br><br>When write access is activated for this item, users with this system role can create new users.</td></tr><tr><td><strong>F</strong></td><td><strong>Universal switch "Monitoring"</strong></td><td><strong>Activate/deactivate all write and read access for the "Monitoring" function</strong></td></tr><tr><td>F1</td><td>Monitoring</td><td>Grant write/read access for "Monitoring"</td></tr><tr><td><strong>G</strong></td><td><strong>Universal switch "Settings"</strong></td><td><strong>Activate/deactivate all write and read access for the "Settings" function</strong></td></tr><tr><td>G1</td><td>Apps</td><td>Grant write/read access for "Apps"</td></tr><tr><td>G2</td><td>Audit Log</td><td>Grant write/read access for "Audit Log"</td></tr><tr><td>G3</td><td>API Keys</td><td>Grant write/read access for "API Keys"</td></tr><tr><td>G4</td><td>License</td><td>Grant write/read access for "License"</td></tr><tr><td>G5</td><td>System</td><td>Grant write/read access for "System"</td></tr><tr><td>G6</td><td>Templates</td><td>Grant write/read access for "Templates"</td></tr></tbody></table>

### \[B] Role Access

With this option, you can specify who can assign the corresponding system role to other users.

This function can be configured separately for each system role.

<div data-full-width="true"><figure><img src="https://3489494878-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F9GvUpaatBiReR43XFSMg%2Fuploads%2Fy7zjSKEJHZelzLjFIios%2FC2EE0A49-0EAC-4AFD-A70D-9291F26CEC11.png?alt=media&#x26;token=37b40b82-e980-4f2c-ba47-bd897f4cbaa4" alt=""><figcaption></figcaption></figure></div>

**Switch activated** This system role can be assigned by users whose system role has write permissions in the *Roles* area.

**Switch deactivated** This role can only be assigned by the System Owner.

### Assign a System Role to a User

{% @supademo/embed url="<https://app.supademo.com/demo/B9-AfwFUnk_k4AZXoz8wr>" demoId="B9-AfwFUnk\_k4AZXoz8wr" fullWidth="true" %}