Adding roles

2025-10-01Last updated

Before you can configure your role-based automatic access control policies, you must define your roles.

What you should know

In Genetec ClearID™, a role is a group of people who are assigned the same access. A person can be assigned multiple roles. Roles are linked to cardholder groups in Synergis™. A role manager controls who is granted access to the group.
  • Only Account administrators can add roles.
  • Consider creating roles for each department, group, or job title in your organization. For example, you might create roles for HR, IT, marketing, developer teams, payroll, contractors, and so on.

Procedure

  1. From the homepage, click Organization > Roles .
  2. Click Add role.
  3. In the General section, complete the fields.
    1. Enter a name for the role.
    2. Enter a meaningful description.
    3. Add any internal notes.
      Note:
      The internal notes field is used to store special instructions or details only visible to the account administrator, role owner, and role manager. Other users of the system cannot view internal notes. For example:

      Only permanent employees based in Montreal should be in this role. Discuss with security before adding employees to this role.

  4. (Optional) In the Notifications section, select the email notifications sent to stakeholders when role membership is changed.
  5. In the Advanced settings section, select the workflow and visibility options for role membership requests:
    1. Choose the Request approval workflow:
      Automatic approval
      Role membership requests are automatically approved.
      Role managers and owners
      Role membership requests need to be approved by Role managers and Role owners.
      Supervisors
      Role membership requests need to be approved by the Supervisor of the identity for which role membership is needed.
      Supervisors, Role managers and owners
      Role membership requests need to be approved by the Supervisor of the identity for which role membership is needed, and by the Role managers or Role owners.
    2. Choose the role's visibility:
      Public
      The role is visible to everyone and role membership requests can be created. This is the default setting.
      Private
      The role is private and should be hidden, and role membership requests are not supported for the role.
  6. (Optional) In the Expiry enforcement settings set a maximum duration for role membership.
    1. Select Enforce a maximum duration for all role requests associated with an identity.
    2. Enter a maximum duration for membership to the role.
  7. Click Save.

Example

After you finish

Configure your role-based access control policies.