Manage User Roles

Security Requirements and Controls

Manage user-specific roles and permissions within an organization's security settings, including creating new roles and assigning or unassigning them to individual users. Users with the "Manage users" permission can access these controls through the Organization Settings menu, where they can view existing permissions, edit role assignments, and create custom roles with specific permission sets for granular access control.

You can create a user specific role in order to grant a single user additional permissions. You can also unassign a role from a user.

User roles are roles added directly to users, in contrast to group roles, where the user is given permissions via group membership.

Edit a User Role

To review or edit a user's roles, do the following:

  1. Start by clicking on the profile menu icon and select Organization SettingsUsers.

  2. Next, click the name of the user to view or edit from the list.

  3. Click the Permissions tab to view a list of all the repositories on which the user has permissions. Select the name of the Repository or View for a detailed list of the user's permissions and roles on that specific repository or view.

  4. Then click in Role Source to change the roles assigned or to create a new role to assign to the user. You may need to switch between the user's roles to be able to edit or create a new role.

    Screenshot of the LogScale user permissions interface showing the Role Source section with an edit pencil icon. This screen displays a selected user's currently assigned roles and provides the entry point for modifying role assignments. The interface appears after navigating to a specific user's permissions tab in Organization Settings and allows administrators to change existing role assignments or create new custom roles for the user, providing granular control over their system permissions.

    Figure 63. Edit User Role


  5. To apply a new role for the user, select a role and click Apply role.

    Screenshot of the LogScale role selection dialog showing a list of available roles that can be assigned to a user and an 'Apply role' button at the bottom. This interface appears after clicking the edit icon in the Role Source section and allows administrators to change which role is assigned to the selected user. The dialog provides options to either select from existing roles or navigate to creating a new custom role, forming a key step in the user permission management workflow.

    Figure 64. Change User Role


To edit a role with the GraphQL API, use the updateRole() mutation. To get a list of roles with GraphQL, use the roles() query. To unassign a user from a role for a search domain, use the unassignUserRoleForSearchDomain() mutation.

Add a New User Role

At the end of the section above, there are only a couple more steps to create a new user role while viewing an exising user role. However, to start from the beginning, follow the steps below:

  1. Click on the profile menu icon and select Organization SettingsUsers. Now select a user for which you want to create a new user role.

  2. Under the Permissions tab, select any role. Then click the + button next to the role you're viewing and a dialog box will appear with the user's existing roles.

  3. Next, click the + Create new button, located at the bottom left. See the screenshot below:

    Interface showing the 'Create new role' dialog with fields for entering a role name and a checklist of permissions that can be assigned to this custom user role. The dialog includes 'Create role' and 'Cancel' buttons at the bottom.

    Figure 65. New Role for User


  4. Specify a name for the new role and select the permissions to grant. When you're done, click Create role.

  5. Now select the new role and click Apply role to assign it to the user.

To create a role with the GraphQL API, use the createRole() mutation. To get a list of roles with GraphQL, use the roles() query.