Overview
Roles are the foundation of access control in EasyContact. Each role contains a set of permissions that determine what actions users can perform. You can use built-in system roles or create custom roles tailored to your organization’s needs.System Roles
Pre-defined roles with standard permission sets that cannot be modified
Custom Roles
Create your own roles with specific permission combinations
Understanding Roles
Role Types
- System Roles
- Custom Roles
System roles are pre-configured by EasyContact and provide standard access patterns.Characteristics:
- Cannot be modified or deleted
- Always available in every organization
- Marked with a “System” badge
- Cover common use cases
| Role | Description |
|---|---|
| Administrator | Full access to all features and settings |
| Incident Admin | Full control over incidents including deletion |
| Incident Editor | Create, update, and manage incidents |
| Incident Viewer | Read-only access to incidents |
| IAM Admin | Manage users, roles, and groups |
| IAM Editor | Add and modify users and groups |
| IAM Viewer | View users, roles, and group information |
Role Scope
Tenant Scope
Permissions apply within your organization only. Most roles use this scope.
Platform Scope
Platform-wide permissions for EasyContact administrators. Rarely used.
Viewing Roles
The Roles page displays all available roles with key information:| Column | Description |
|---|---|
| Role | Role name and unique key identifier |
| Description | Brief explanation of the role’s purpose |
| Scope | Whether the role is tenant or platform scoped |
| Type | System (locked) or Custom (editable) |
| Actions | View permissions, edit, or delete |
Viewing Role Permissions
To see what permissions a role grants:- Find the role in the list
- Click the three-dot menu (⋮)
- Select View Permissions
Creating Custom Roles
1
Open Create Dialog
Click the Create Role button in the top right corner
2
Define Role Identity
Enter the role details:
- Role Key — Unique identifier (lowercase, underscores allowed, e.g.,
support_lead) - Role Name — Display name (e.g., “Support Team Lead”)
- Description — Explain the role’s purpose
3
Select Permissions
Choose the permissions this role should have:
- Use the search bar to filter permissions
- Permissions are grouped by category
- Check the boxes next to desired permissions
- The badge shows how many permissions are selected
4
Save the Role
Click Create to save your new role
Understanding Permissions
Permissions control specific actions within the platform. They follow a structured format:Permission Categories
Incidents
Incidents
Control access to incident management features.
| Permission | Description |
|---|---|
incident:read | View incidents and their details |
incident:write | Create and update incidents |
incident:delete | Delete incidents |
incident:acknowledge | Acknowledge incident alerts |
incident:resolve | Mark incidents as resolved |
Users & Access (IAM)
Users & Access (IAM)
Control access to user and access management.
| Permission | Description |
|---|---|
user:read | View user information |
user:write | Add and edit users |
user:delete | Remove users |
role:read | View roles and permissions |
role:write | Create and edit custom roles |
role:delete | Delete custom roles |
group:read | View groups and members |
group:write | Manage groups and membership |
group:delete | Delete groups |
Schedules & On-Call
Schedules & On-Call
Control access to scheduling features.
| Permission | Description |
|---|---|
schedule:read | View on-call schedules |
schedule:write | Create and modify schedules |
schedule:delete | Delete schedules |
Integrations
Integrations
Control access to third-party integrations.
| Permission | Description |
|---|---|
integration:read | View configured integrations |
integration:write | Add and configure integrations |
integration:delete | Remove integrations |
Wildcard Permissions
Wildcards allow granting broad access without selecting individual permissions:| Pattern | Meaning |
|---|---|
incident:* | All incident permissions |
*:read | Read access to everything |
*:* | Full access to everything |
Use wildcards carefully. They grant extensive access and should only be assigned to trusted roles.
Editing Custom Roles
To modify an existing custom role:1
Find the Role
Locate the custom role in the list (look for the “Custom” badge)
2
Open Edit Dialog
Click the three-dot menu (⋮) and select Edit
3
Make Changes
Update the role name, description, or permissions as needed
4
Save Changes
Click Save Changes to apply your modifications
System roles cannot be edited. If you need different permissions, create a custom role instead.
Deleting Custom Roles
Before deleting a role, ensure no users or groups are using it.1
Check Usage
Review which users and groups have this role assigned
2
Remove Assignments
Reassign users and groups to different roles if needed
3
Delete the Role
Click the three-dot menu (⋮) and select Delete
4
Confirm Deletion
Click Delete in the confirmation dialog
Assigning Roles
Roles can be assigned in two ways:Direct Assignment
Assign roles directly to individual users:- Go to Settings → Users
- Edit the user’s profile
- Select the roles in the Roles section
- Save changes
Group Assignment
Assign roles to groups for bulk access control:- Go to Settings → Groups
- Edit the group or create a new one
- Select the roles to assign
- All group members automatically inherit these roles
How Permissions Work Together
When a user has multiple roles (directly or through groups), their effective permissions are the union of all role permissions.Example: Combined Permissions
Example: Combined Permissions
User: SarahDirect Roles:
- Incident Viewer (
incident:read)
- Engineering Team → Incident Editor (
incident:read,incident:write)
incident:read✓incident:write✓
Best Practices
Follow Least Privilege
Follow Least Privilege
Give users only the permissions they need. Start with minimal access and add permissions as required rather than starting with full access and restricting.
Use Groups for Team Access
Use Groups for Team Access
Instead of assigning roles to each user individually, create groups for teams and assign roles to the group. This makes onboarding and offboarding much easier.
Create Meaningful Role Names
Create Meaningful Role Names
Use descriptive names that indicate the role’s purpose, like “Support Team Lead” rather than “Role 1”. Include the team or function in the name.
Document Custom Roles
Document Custom Roles
Use the description field to explain why the role was created and what it’s intended for. This helps future administrators understand the access model.
Review Roles Periodically
Review Roles Periodically
Audit your custom roles regularly. Remove unused roles and verify that permission assignments still match your organization’s needs.
Avoid Wildcard Overuse
Avoid Wildcard Overuse
Wildcard permissions are convenient but can grant more access than intended. Use specific permissions when possible.
Troubleshooting
User can't access a feature they should have
User can't access a feature they should have
- Check if the user has the correct role assigned
- Verify the role includes the necessary permission
- Check if the user is in a group with the role
- Ensure the user’s account is active
Can't edit or delete a role
Can't edit or delete a role
System roles cannot be modified. Look for the “System” badge next to the role. If you need different permissions, create a new custom role.
Can't delete a custom role
Can't delete a custom role
The role is still assigned to users or groups. Remove all assignments first, then try deleting again. The error message will list which users/groups need to be updated.
Permission changes aren't taking effect
Permission changes aren't taking effect
Users may need to refresh their session. Ask them to log out and back in to pick up the new permissions.