Roles are created for various functions and permission defines the function. A role is assigned to a user who has the responsibility to perform those functions on the assigned protected object(s). There are two types of roles in the Teamwork Cloud (TWCloud) system: Pre-existing and custom roles.

A pre-existing role is a predefined, prepared, and ready-to-use role that an authorized user can assign to other users. A pre-existing (predefined) role is not editable and cannot be deleted. A custom role is a role that an authorized user can create, attach permissions to it, and assign to other users. 



The Role Management page lists all predefined and custom roles in TWAdmin.

Pre-existing roles

Pre-existing-type roles are default roles that have been created in the TWCloud system. They are ready-to-use roles that you can select and assign to one or more users. Each pre-existing role comes with its default permissions, which you can see on the Role detail page. Unlike a custom role that is editable, you cannot delete a pre-existing role, add, or delete its permission(s).

The following table provides the description of the pre-existing roles in the TWCloud system.

Role
Description
Resource ContributorThis resource-specific role can modify the contents of resources (projects or documents).
Resource Creator

This global role can add resources to the server, categorize them, create new categories or manage existing ones. 

Resource Locks AdministratorThis resource-specific role can release other users' locks in a selected resource.
Resource ManagerThis resource-specific role can manage resources and grant permissions to other users to access resources. 
Resource ReviewerThis resource-specific role can open and review resources (projects or documents). 
Security ManagerThis global role can grant permissions to other users and specify the scope, and assign any role in any scope to the other users.
Server AdministratorThis global role can configure server settings, LDAP integration, secure connection, and server licenses.
User ManagerThis global role can create, import, and manage users. 


Pre-existing (predefined) roles are created for various administer tasks. These roles are prepared for resource objects. There are 2 types of resources in TWCloud: project and document. Only Resource Manager and Resource Reviewer roles provide functions for the users to work on the document resources. The other roles can assign the document scope to the users, but the functions have not provided in this release yet.

The following are resource roles in TWCloud. You can assign them either the Global or Custom scope. 

  • Resource Contributor
  • Resource Locks Administrator
  • Resource Manager
  • Resource Reviewer  

Following are the predefined roles for users and server objects. You can assign only the Global scope to these roles.

  • Security Manager
  • Server Administrator
  • User Manager
  • Resource Creator

A user with the Security Manager role whose permission is Manage User Permissions can assign any role in any scope to other users. A user whose permission is Manage Owned Resource Access Right can assign resource roles to the authorized resources scope only.

Custom roles

You can create a new role and add it to the TWCloud system. This type of role is called custom role. You can edit or delete a custom-type role. You can assign permission to a custom role in the resource-specific scope only. The global scope permission such as Create Resource, Manage User Permissions, etc. are not allowed for custom roles.

Users whose permission is Manage Security Roles can create a custom role and assign permissions to the role through the Roles Management page of TWAdmin. You can add more permissions to a custom role or delete them. A custom role is a resource-specific role.

A role name is unique but it may have the same permissions as those of the other roles. When creating a custom role, you can assign it to one or more users at the same time and assign a project/document for the role to work on.