Roles & Permissions
Create custom security roles and manage read and write access across your organization.
Quickstart
Navigate to Settings > Roles to define access control policies and assign them to your team members.
In-Depth
Roles define what users can see and do within Servantium. By creating custom roles, you can ensure team members only have access to the records and collections necessary for their jobs.
Creating a Role
- Navigate to Settings > Roles.
- Click the Add Role button (plus icon) in the top right. A new role is created instantly.
- Enter a Name for the role.
- Configure the Bypass ABAC toggle or use the drag-and-drop permissions interface.
Role Permissions
Permissions are assigned by collection (e.g., Accounts, Quotes, Engagements). You manage these using the drag-and-drop interface on the role’s detail screen.
- Can Write: Users can view, create, edit, and delete records in these collections.
- Can Read: Users can view records in these collections, but cannot make changes.
- No Access: Users cannot see or interact with these collections at all.
Drag collections between these three lists to assign the appropriate level of access.
If you need to create a slightly modified version of an existing role, use the Duplicate Role button (copy icon) in the Roles table.
Tag-Based Access Rules (ABAC)
Attribute-Based Access Control (ABAC) allows you to restrict access to specific records based on the tags assigned to both the record and the user. You can enable this at the organization level.
- Navigate to the gear icon in the sidebar and select the Info tab.
- Check the box for Enable RBAC (Role-Based Access Control) globally.
- The Tag Category Restrictions mapping field appears.
- Use the first input to select a valid Collection from the autocomplete dropdown (e.g.,
engagements). - Use the second input to search and select one or more Tag Categories (comma-separated).
- Click the add icon to save the mapping as a new tag chip.
A single collection can be mapped to a maximum of 10 tag categories for access control. When you save these rules, the system automatically ensures these categories are synchronized with your organization’s master tag taxonomy. If you disable RBAC globally, the system automatically clears any configured tag-based access rules.
When enabled, users can only access a record in a mapped collection if their assigned security tags overlap with the record’s tags.
Bypass ABAC
The Bypass ABAC toggle grants a role full, unrestricted access to all resources in the organization, ignoring any tag-based access rules. Use this setting sparingly, typically only for system administrators or managing partners.
Record Ownership
If a user is designated as the owner of a specific record, they automatically have full read and write access to that document. This ownership access bypasses all other RBAC and ABAC restrictions, ensuring the creator or designated owner can always manage their own records.
Managing Users & Assigning Roles
Once roles are created, you can assign them to individual team members.
- Navigate to Settings > Users.
- Click on a user in the table to open their profile.
- Use the Role dropdown to assign a specific role. You can select “None” to clear an assigned role.
- Optionally, add Security Tags to categorize the user for ABAC enforcement.
When you update a user’s role or security tags, Servantium immediately synchronizes these changes to their underlying authentication claims. This ensures consistent and secure access control enforcement across the platform.
From this same screen, you can also remove a user from your organization entirely by clicking the Remove User (trash can) icon in the top right.
Related
Need more help?
Our support team is available to assist you.
Contact Support