# Controlling Access with Roles Roles define what actions users can perform in Atra RMS. Each role is a set of permissions that controls access to Devices, Users, Organizations, VPN, and Roles features. **Key Benefits:** - Security through least-privilege access - Easy permission management - Organization-specific customization # View Roles View all roles in your organization and child organizations. [![image.png](https://docs.atreyo.in/uploads/images/gallery/2026-04/scaled-1680-/dSPimage.png)](https://docs.atreyo.in/uploads/images/gallery/2026-04/dSPimage.png) **Actions:** - **+CREATE ROLE** **(Teal button)** - Create new role - **Search Bar** - Filter by role name or organization - **Refresh** - Update list **Table Columns:** - **Roles** - Role name (click to view details) - **Organization Name** - Where role exists **Navigation:** Rows per page (5, 10, 15, 20, 25) | Page controls # Role Creation Guide #### Quick Steps 1. Click **+CREATE ROLE** button 2. Enter **Role Name** (3-50 characters, letters/numbers/spaces/-/\_) 3. Select **Organization** 4. Check permissions for each section 5. Click **CREATE** [![image.png](https://docs.atreyo.in/uploads/images/gallery/2026-04/scaled-1680-/C1Timage.png)](https://docs.atreyo.in/uploads/images/gallery/2026-04/C1Timage.png) #### Role Name Rules ✅ **Valid:** Company Admin, Device\_Manager, Field-Technician ❌ **Invalid:** \_Admin (starts with \_), Role- (ends with -), Admin\_\_Role (consecutive \_\_) --- #### Permissions by Section ##### 1. Devices - **Register** - Add new devices - **View** - See device list and details - **Edit** - Modify device info - **Unregister** - Remove devices ##### 2. Users - **Create** - Invite new users - **View** - See user list - **Edit** - Change names/roles - **Delete** - Remove users ##### 3. Roles - **Create** - Define new roles - **View** - See role list - **Edit** - Modify permissions and name - **Delete** - Remove roles ##### 4. Organizations - **Create** - Add child organizations - **View** - See organization list - **Edit** - Change names - **Delete** - Remove organizations ##### 5. VPN - **Create** - Make VPN tunnels - **View** - See VPN list - **Edit** - Change tunnel names - **Delete** - Remove tunnels, and remove devices and users from tunnel - **Start/Stop** - Control VPN process - **Enable/Disable** - Manage tunnel status --- #### Permission Rules ##### ⚠️ View Dependency Must check View permission when checking any other permission in that section. ✅ **Valid:** Devices View + Register ❌ **Invalid:** Devices Register only (system auto check View) ##### ⚠️ VPN Dependency Must check Devices View when checking any VPN permission. ✅ **Valid:** VPN View + Devices View ❌ **Invalid:** VPN View only (system auto check Devices View) --- #### Common Role Templates **System Administrator** ✓ All permissions in all sections **Device Manager** ✓ **Devices**: Register, View, Edit ✓ **Users:** View ✓ **Organizations:** View **Field Technician** ✓ **Devices:** Register, View **Network Administrator** ✓ **Devices:** View ✓ **VPN:** All permissions **Read-Only Viewer** ✓ **All sections:** View only # Understanding Role Permissions Click any role name in the list to open the Role Detail Page. [![image.png](https://docs.atreyo.in/uploads/images/gallery/2026-04/scaled-1680-/hCgimage.png)](https://docs.atreyo.in/uploads/images/gallery/2026-04/hCgimage.png) #### Role Detail Page Shows: - Role name and metadata (Created By, Created On) - Permissions table with all sections - Edit button (✏️) to modify role - Refresh button (🔄) to update data --- #### Permissions Table Displays all permissions in table format with toggle switches. [![image.png](https://docs.atreyo.in/uploads/images/gallery/2026-04/scaled-1680-/bw5image.png)](https://docs.atreyo.in/uploads/images/gallery/2026-04/bw5image.png) **Columns:** Section | View | Create | Edit | Delete | Register | Unregister | Start/Stop | Enable/Disable **Toggle States:** - **ON (Teal/Green, right position)** - Permission granted - **OFF (Gray, left position)** - Permission not granted **Section-Specific Columns:** - **Register/Unregister** - Devices only - **Start/Stop, Enable/Disable** - VPN only - **Dashes (-)** - Not applicable --- #### Editing a Role ##### Entering Edit Mode 1. Open Role Detail Page (click role name) 2. Click Edit button (✏️) in header 3. Page becomes editable [![image.png](https://docs.atreyo.in/uploads/images/gallery/2026-04/scaled-1680-/8o5image.png)](https://docs.atreyo.in/uploads/images/gallery/2026-04/8o5image.png) #### What Changes in Edit Mode **Role Name:** Becomes text input field (editable) **Toggle Switches:** Become active (clickable) **Buttons:** SAVE CHANGES and CANCEL appear --- #### Modifying Permissions **To Grant Permission:** 1. Click toggle switch (currently OFF/gray) 2. Switch moves right, turns teal/green 3. Permission granted when saved **To Revoke Permission:** 1. Click toggle switch (currently ON/teal) 2. Switch moves left, turns gray 3. Permission revoked when saved --- #### Dependency Enforcement System automatically maintains dependencies: **View Dependency:** - Turning ON any permission → Auto-enables View - Turning OFF View → Auto-disables other permissions in that section **VPN Dependency:** - Turning ON any VPN permission → Auto-enables Devices View - Turning OFF Devices View → Auto-disables all VPN permissions --- #### Saving Changes 1. Review all modifications 2. Click SAVE CHANGES button (teal) 3. Changes apply immediately to all users with this role **To Discard Changes:** Click CANCEL button (red) --- #### Important Notes ##### Company Admin Role ⚠️ Cannot be edited - System-protected role with full access. Edit button is hidden. Need custom admin? Create a new role with desired permissions. ##### Permission Changes ✅ Take effect immediately after saving ⚠️ Users may need to refresh browser to see changes 💡 Best practice: Notify users before major permission changes ##### Browser Refresh **⚠️ Refreshing browser in Edit Mode loses all unsaved changes** # Roles & Permissions FAQs #### Quick Troubleshooting **Can't see Edit button?** - Check you have "Roles Edit" permission - Verify not trying to edit Company Admin role **Can't toggle switches?** - Click Edit button first to enter Edit Mode **Changes not saving?** - Check role name follows rules (3-50 chars) - Verify dependencies satisfied - Check internet connection **Role not appearing when inviting users?** - Verify role created in correct organization - Refresh page --- #### Permission Matrix
Section View Create Edit Delete Register Unregister Start/Stop Enable/Disable
Devices - - - -
Users - - - -
Roles - - - -
Organizations - - - -
VPN - -
Legend: ✓ = Available | - = Not applicable --- #### Summary **Role Management Workflow:** 1. Create role → Define permissions 2. View role details → Check permissions table 3. Edit role → Modify permissions as needed 4. Assign to users → Permissions apply immediately **Key Points:** - Always enable View when enabling other permissions - Enable Devices View when enabling VPN permissions - Company Admin role cannot be edited - Changes take effect immediately upon saving - Test roles before production deployment ---