Roles & permissions ​
The Roles & permissions screen is where you manage your organization's roles. A role bundles a set of permissions; by assigning a role to a user you decide what that person may see and do in Scrivio. Permissions are cumulative — a user with multiple roles gets the combined permissions of all of them. This screen is intended for the organization administrator.
This screen replaces the older English "Users and Roles" and "Permissions" sections of the admin guide.
Overview ​
| Route | /organization/roles (overview), /organization/roles/new (new), /organization/roles/:roleId (edit) |
| Audience | Organization administrator |
| Required permissions | roles.read (view); roles.create, roles.update and roles.delete for the matching actions |
The overview lists each role's name, an optional description and the number of linked permissions. System roles carry a System role label; these belong to Scrivio itself and cannot be deleted. Their permissions can be changed, but their name is fixed.
License. On a license without role customization (FORMS_ONLY) this screen is read-only: you see the roles and their permissions, but the buttons to create, edit or delete roles are hidden.
How it works ​
This screen is the central place where you decide what users may do throughout Scrivio. It is therefore important to understand the underlying model before you change roles.
From role to permission ​
A role is a bundle of permissions. You assign one or more roles to a user; the sum of the permissions in those roles determines what the user may do. Each permission (for example clients.create or billing.read) corresponds to a concrete action or screen elsewhere in Scrivio. If a user lacks the matching permission, Scrivio hides the relevant button, shows the screen read-only, or refuses the action. What you set here therefore ripples through to nearly every other screen.
Cumulation and categories ​
Permissions are cumulative: if a user has multiple roles, the permissions of all those roles apply together. No role "takes away" permissions — a single role granting a permission is enough. Removing a permission from one role therefore has no effect as long as another of that user's roles still grants the same permission.
In the permission picker permissions are grouped by category (for example clients, appointments, billing and organization management). Those categories exist only to keep the list manageable; they are not a separate access level. Access is always determined per individual permission, not per category.
System roles ​
System roles belong to Scrivio itself. Their name is fixed because Scrivio recognizes them internally by name as a standard role; their permissions are editable, so you can tailor them to your organization. Be careful with this: a system role is often assigned to many users. If you change its permissions, that changes at once for everyone with that role. Removing permissions from a widely-used system role can therefore lock people out unintentionally.
License gating ​
Which permissions you can grant — and whether you may edit this screen at all — depends on the organization's license (ADR-023). On a FORMS_ONLY license role management is unavailable and this screen is read-only. Permissions that aren't part of the license can't be added to a role: they are rejected on save.
Effect on already-assigned users ​
Changes take effect immediately. If you change a role's permissions, Scrivio instantly refreshes the permissions of all users who have that role — they don't need to sign in again to see the effect.
A role that is still assigned to users cannot be deleted: you get a message that the role is still in use. To clean up a role, first assign the affected users a different role. In practice you therefore only delete roles that no one uses anymore.
Create role ​
Click + New role at the top right to add a role. A form opens with the basic details and a permission picker.
| Field | Required | Description |
|---|---|---|
| Name | Yes | A recognizable name, e.g. Practitioner or Assistant. Maximum 100 characters and unique within the organization. |
| Description | No | A short note on the role and its responsibilities. |
| Permissions | Yes | Select at least one permission in the permission picker. |
Click Create to save the role. If a role with the same name already exists, an error appears and the role is not saved. This action requires the roles.create permission.
Edit role ​
Click the pencil icon next to a role (or open the role and adjust it) to change its name, description and permissions. For a system role you can only change the permissions, not the name. Save your changes with Save. Editing requires the roles.update permission.
Delete role ​
Click the trash icon next to a role to delete it. A confirmation dialog appears. Users with this role then lose the associated permissions; this action cannot be undone. System roles cannot be deleted. Deleting requires the roles.delete permission.
Sort ​
The overview is sorted alphabetically by role name by default, so you can find a role quickly. New and renamed roles automatically appear in the right place in the list.
View permissions ​
Click a role in the list (or the expand icon at the end of the row) to expand it. Below the row an overview appears of all permissions granted to that role, grouped by category. Click again to collapse the role. This lets you check at a glance exactly what a role allows without having to open it.
Add or modify permissions ​
In the role form, the permission picker is where you choose which permissions belong to the role. Permissions are grouped by category (for example clients, appointments, billing and organization management). Check or uncheck permissions to add or remove them.
- A role must have at least one permission; otherwise the message Select at least one permission appears.
- Permissions are cumulative: if a user has multiple roles, the permissions of all those roles apply together.
Changes only take effect after you save the role.
Edit name and description ​
The Basic details section of the form is where you change the role's name and description.
| Field | Required | Description |
|---|---|---|
| Name | Yes | Maximum 100 characters and unique within the organization. For a system role the name is fixed and this field cannot be changed. |
| Description | No | Free text to describe the role. |
An empty or overly long name is rejected; a duplicate name produces an error when saving.
Save ​
Click Save (or Create for a new role) to commit your changes. If you have unsaved changes and try to leave the page, Scrivio warns you with the Unsaved changes dialog so you don't lose anything by accident. After a successful save a confirmation appears. Saving requires the roles.create (new role) or roles.update (existing role) permission.