User Roles

Configure custom user roles (if you're managing roles within your single sign-on identity provider) and edit translations for user roles.

In the User Roles section of the administration area, you can:

  • Create custom user roles — if you’re managing roles within your single sign-on (SSO) identity provider (IdP)
  • Edit translations for user roles

Standard User Roles and Permissions

The following table lists standard user roles available in LeanIX.

User RoleDefault Permissions
ViewerCan view, subscribe to, and comment on all fact sheets
MemberCan view, create, and modify all fact sheets
AdminHas all permissions of a Member user as well as administrator permissions for a workspace

As an administrator, you can customize permissions for each role. For more information, see Managing Permissions.

📘

Note

You can not delete standard user roles.

Creating Custom User Roles

When configuring SSO for LeanIX, you choose how you want to manage user roles: internally within LeanIX or externally within your IdP. For more information, see Managing User Roles with SSO.

The possibility to create custom user roles depends on how you manage roles:

  • Managing user roles internally within LeanIX: Only standard roles are available: Viewer, Member, and Admin. You can not create custom user roles.
  • Managing user roles externally within your IdP: You can create custom user roles in addition to standard roles. This lets you assign permissions that are more granular than those provided by standard user roles.

📘

Note

A standard role is still required for access, but the custom role takes precedence.

If a user is assigned multiple custom roles, their permissions are aggregated.

To create custom user roles, follow these steps:

  1. In your IdP, add claims role and customerRoles, then create the corresponding roles.

    • role: Create the following roles using uppercase letters: VIEWER, MEMBER, and ADMIN.
    • customerRoles: Create custom user roles using uppercase letters, for example, AUDITOR.
      To learn more about attribute mapping, see Attribute Mapping.
  2. In LeanIX, create the corresponding user roles in the User Roles section of the administration area.

    1. Click New User Role. You land on the role configuration page.

    2. In the Technical Name field, enter the role name using uppercase letters as specified in your IdP, for example, AUDITOR. The name serves as the unique role ID.

    3. Optional: Clone permissions for the custom role from an existing role. This is a one-time snapshot, not a dynamic relation that is actively maintained. If you skip this option, the new custom role gets a set of default permissions, ensuring that the workspace functions as expected.

    4. Optional: Add translations for the technical name to provide a more user-friendly format for the role label. Translations appear in various areas of the application. Select languages, then enter a translation and description for each language.

    5. Click Add.

    6. Create more custom roles to match the role matrix in your IdP.

      Creating a Custom User Role

      Creating a Custom User Role

  3. In LeanIX, configure permissions for each custom role. For more information, see Managing Permissions.

After you’ve configured custom roles, you can assign these roles to users in your IdP. Users get access to LeanIX with the permissions that you configured.

With this configuration, you can’t assign custom roles to users in your LeanIX workspace. You can only do it in your IdP.

Editing Translations for User Roles

You can edit translations for standard and custom user roles. This is especially relevant for custom roles because the technical names may not be user-friendly. Translations are displayed in various areas of the application.

Follow these steps:

  1. On the User Roles page, select a role that you want to update.
  2. On the role configuration page, select languages, enter a translation and description for each language, then save the changes.