An access role is a collection of application-level and page-level rights that an administrator can create and assign to any number of users and groups to control user privileges (create, read, update, and delete). For example, the access role of a General User can allow access only to applications, and the access role of an Administrative User can allow access only to Archer features. It is recommended that you assign permissions through group membership, and not assign permissions directly to user accounts.
Archer includes an access role called System Administrator that you cannot delete or modify. The System Administrator role grants users unrestricted access to all Archer features and to all records stored in applications, including records enrolled in content review. Only System Administrators can assign the System Administrator access role.
Archer solutions include predefined access roles for use with the solution.
For instructions on assigning permissions through group membership, see Assigning Access Roles to Users and Groups.
As the number of users, groups, and applications increases, keeping track of who has access to what becomes more complex. Keep the process simple. If you create granular access roles for each of your applications, for example, Policy Administrator, Policy Author, and Policy Reader, you can grant access to new or existing users and groups by selecting from a list of predefined access roles.
Importing access roles
Although access roles are supported objects in the packaging process, when you import access roles with groups during the packaging process, you must manually associate each access role to the respective group. After the package is installed, you must manually add users to each group in the target instance.