A role can represent an operational entity or a job title, such as Invoice Manager or Financial Department.
Users or groups can be assigned to one or more roles. Permissions can then be assigned to roles by library administrators (for example, the permission to administer a library, to create documents in a library, or to perform certain workflow actions).
Roles can be used to define:
- workflow validators, permissions and notifications
- document class permissions
- view permissions
Using a role to define who can perform a manual workflow action
Using a role to define document permissions for a workflow state
A library has:
Library system roles |
Document system roles |
Custom roles (optional) |
Library system roles
A library has three system roles defined at the library level:
- Administrators are granted write, read, share, and delete permissions to all documents in the library of which they are administrators. Administrators can also configure library administration settings.
Tip: Administrators also receive and manage the sharing requests forwarded by the storage account. Administrators can delegate the management of sharing requests to a specific role. To implement this delegation, you can contact our support team. - Contributors can be given the permission to create, edit, delete and share documents in the library. Being a contributor doesn't mean you can edit all documents in the library.
Note: You can't grant a user edit permission on a document if the user is a reader in the library — the user must be a contributor. - Readers can be given the permission to read documents in the library. Being a reader doesn't mean you can read all documents in the library.
Notes:
- All contributors are automatically readers.
- You can't grant a user read permission on a document if the user isn't defined in the library.
You can define administrators, contributors and readers in the library security settings.
Document system roles
For each document, document system roles are automatically generated. A document system role contains only one person and can't be updated manually.
Each document has three system roles:
- Document creator: the users who create a document
- Last update author: the user who performed the last update on a document. This role is dynamic.
- Version Creators: these are automatically defined as users who creates the last version of the document. This role is dynamic.
Note: Users can create versions manually or by workflow actions. Users can create a new versions directly or through a check-in.
Custom roles
In addition to system roles, administrators can configure custom roles in the Roles section of the library administration interface.
Custom roles are specific to each library and are not shared between libraries.
Learn more: Configure roles
Tip: As best practice, if you are using Google Groups you are recommended to associate each AODocs custom role with a single dedicated Google Group to avoid unnecessary access control list (ACL) synchronization in your Google Drive each time you add or remove users from the role.