(i) The text below is only about user permissions, but it also applies to application permissions.

You can grant permissions to a user in two ways: via roles and via user-specific permissions.

A role includes a set of permissions. The use of roles makes it easy to give multiple users predefined sets of permissions at once. You can assign one or more roles to a user. Assign roles to users either via the Roles tab per role or via the Users tab per user.

A combination of roles and user-specific permissions is also possible: the user then gets the permissions defined in the role(s) plus the user-specific permissions. Assigning permissions via roles is preferred. However, if you want to assign user-specific permissions, go to the Feature permissions tab for the user. 

Default roles

A default role contains a set of permissions predefined by Priva. It is not possible to change or delete a default role.

Currently, there are only two default user roles:

• Administrator
  This role includes all permissions available for your organization (depending on the subscription).
• Priva Installation Partner (only for Horticulture)
  This role includes the permissions required to install and maintain horticultural systems.

It may change which permissions are available to your organization. For instance, if your organization changes the subscription or if Priva adds or removes permissions for new/old software features. The added or removed permissions will automatically be added to or removed from the relevant default role(s). 

There are no default application roles yet.

Custom roles

You can create custom roles via the Roles tab. In a custom role, you include a set of permissions that fits your organization.

Note that assigning access to locations is not included in roles.