Sharing and Access Control1 min readReviewed 2026-05-14

Roles Overview

Roles list

A role is a named access profile that can be assigned to users. DeskDox uses roles to grant administrative capabilities, workflow administration, lifecycle management, document-related capabilities, and other permissions where the permission is implemented.

DeskDox includes built-in/protected role identities in system service/app/services/role_identity.py for system_admin, edms_admin, edms_auditor, edms_user, task_admin, workflow_admin, manager, approver, and department_head. The same source also defines demo_admin as a demo administrator role and admin as a legacy compatibility role. Built-in, protected, and system roles are locked for metadata and permission assignment changes in the current custom-role lifecycle.

Custom roles can be created from /app/admin/roles by users with mutation permission. Custom role names must be lowercase machine names that start with a letter and use lowercase letters, numbers, and underscores.

Roles affect access in two ways: they can make menus and buttons visible in the UI, and they can be checked by system service authorization. A role alone may not grant folder or document access; document and folder permissions, ownership, department membership, workflow assignment, and lifecycle configuration can still limit access.

Was this article helpful?

Related articles

Continue with closely related sharing and access control guidance.