# Managing Your Team With Role-Based Access Control
To perform the tasks in this guide, you'll need:
The ability to assign granular, comprehensive roles to team collaborators is essential to working in a team.
Role-based access control (RBAC) is a key feature of Workato Teams that allows team admins to fully define the permissions of every collaborator in the team through the creation of custom roles.
In this guide, we'll cover:
- How RBAC works
- How to create custom roles
- How to assign roles to team collaborators
- How to clone roles
- How to delete roles
# How Role-Based Access Control Works
Role-based access control (RBAC) allows you to restrict access to Workato features and functions based on a team collaborator's role in a team.
Access can be based on the criteria you define, such as:
- Authority, such as manager versus entry-level
- Responsibility, such as engineer versus Quality Assurance (QA)
- Department, such as IT versus marketing
- Employee type, such as permanent versus contractor
Allowing collaborators to only access the features they need to do their jobs ensures that your organization's sensitive data and applications remain secure. Using roles to control access can be helpful for monitoring activity, but also if there are third parties working in your account.
In addition to controlling access to features in Workato, roles also allow you to define the type of access collaborators have to those features. For example: Collaborators may be able to View connections but not Create them.
# Role Types
You can also create and assign custom roles.
# Creating Custom Roles
CUSTOM ROLES IS AN ADD-ON
Custom roles is available as an add-on. Contact your Customer Success Manager for more info.
Using custom roles allows you to create roles with appropriate privileges for the various people and teams collaborating in your workspace.
To create a custom role:
Click + Add role.
Name the role by clicking the New role copy in the top-left corner of the page, entering a name, and clicking the checkmark to save.
Using the tabs on the left side of the page, assign privileges to the role. Refer to the Privileges reference for more info about what each privilege does.
When assigning privileges, note that:
New roles have a few pre-selected permissions. By default, new roles are automatically granted View privileges for Recipes, Connections, and Folders. If not required for the role, de-select the privileges.
Some privileges are interdependent on other privileges. For example: The View folders permission is required to allow viewing Recipes and Connections, as these assets are contained in Folders.
If a privilege has dependencies, these dependencies will be highlighted when you hover over a privilege:
Autoselecting interdependent privileges
When a privilege with dependencies is selected or de-selected, its dependencies will also be selected or de-selected.
When finished, click Save changes.
# Assigning Roles To Team Collaborators
Get the quick version in this video!
# Cloning Roles
Roles can be programmatically cloned via the Workato API.
Cloning a role makes a copy of the role that can be modified without affecting the original.
To clone an existing system or custom role in the Workato app:
Click on the role you want to clone. This will open Edit role page.
Click the Clone role button in the top-right corner of the page.
Re-name and modify the role as needed.
Click Save changes when finished.
# Deleting Roles
Only custom roles may be deleted.
We recommend migrating collaborators to new roles before deleting a role to prevent accidental access issues.
When a role is deleted:
If Environments is not enabled in the workspace, all collaborators with the role will lose access to the team. These collaborators must be assigned to new roles before they'll be able to access the team again.
If Environments is enabled in the workspace, all collaborators with the role will lose access to the environment where the role was assigned.
For example: A collaborator has access to DEV and TEST environments. In DEV, they're assigned the HR - Dev custom role and in TEST, the Tester role. If the HR - Dev role is deleted, the collaborator will lose access to the DEV environment until they're assigned a new role.
To delete a role:
Click on the role you want to delete. This will open Edit role page.
Click the trash can icon in the top right corner of the page.
When prompted to confirm, click Delete role.