User Roles

When navigating to the User Roles section in the Administration area, the admins will land on an overview page that shows all the User Roles currently configured on the workspace. For additional context, the description of each role is also visible.

There are three different actions available on this page:

  • New User Role: Creating a new user role, optionally based on an existing role. More information is in the next section.
  • Edit User Role: Admins are able to edit existing roles by hovering over the entry, e.g., to add translations to the default roles.
  • Deleting User Role: Similar to the Edit functionality, the Delete functionality is also available. The default roles are not deletable. Deletion of roles can not be reversed.
User Roles Overview page

User Roles Overview page

Creating new User Roles

Clicking on the New User Role button will bring up a form where admins have the ability to create additional roles. In the form, multiple attributes have to be provided, such as:

  • Technical name: This is a technical key that is used to uniquely identify the role. This will also be used in your SSO mapping to assign this role to specific users. For more information on that, see the related documentation SSO: Attribute Mapping
  • Clone From: This dropdown allows admins to choose an existing role to use as a starting point for the new role. This is a one-time snapshot, not a dynamic relation that is actively maintained. Leaving the selection empty will skip this functionality. New roles not based on a previous role will get a set of default permissions ensuring that the workspace still functions as expected.
  • Translations: In this section, admins are able to translate the Technical Name of the new role into a more readable format. This will be displayed on the overview page as well as in multiple parts of the product. Multiple languages can be defined at once.
New User Role creation page

New User Role creation page


For customers who are not managing their roles outside of LeanIX (also known as External_IDP management) the New User Role button is disabled, restricting the ability to create custom roles. We believe that manually managing user role assignment is not a scalable approach, nor a core day-to-day task of an Enterprise Architect, and therefore do not want to go into that direction.