RahalCorporate
Roles & PermissionsConcepts

Custom Roles

Creating and managing custom roles for specific access needs

Custom Roles

Custom roles let you define exactly what users can access, beyond what the predefined roles offer.

When to Use Custom Roles

Create custom roles when:

  • Predefined roles don't match your organizational structure
  • You need a role with a specific subset of permissions
  • Different teams need different access levels
  • You want to implement least-privilege access

Example Use Cases

Custom RolePurposeKey Permissions
Travel CoordinatorBook travel for others, no approvalsTravelers, Passports, Delegations
Budget AnalystView spending, no configurationRead Budgets, Read Requests
Regional ManagerApprove requests for a regionProcess Requests, Read Users
Compliance OfficerAudit access, no changesRead-only across all features

Creating Custom Roles

Prerequisites

  • Admin role or Write Company Roles permission
  • Access to company dashboard

Steps

  1. Navigate to Roles in the dashboard
  2. Click Create Role
  3. Enter role details:
    • Name — Display name (e.g., "Travel Coordinator")
    • Description — Purpose of the role
    • Status — Active/Inactive
  4. Select permissions from the matrix
  5. Click Create

Permission Selection

The Permission Matrix

Permissions are displayed in a grid organized by category. The matrix shows:

  • Group checkboxes — Select/deselect all permissions in a category
  • Individual checkboxes — Toggle specific permissions
  • Permission count — Shows how many permissions are selected (e.g., "12 of 26 selected")

Selection Features

  • Group Checkbox — Select/deselect all permissions in a category
  • Indeterminate State — Shows when some permissions in a group are selected (partial fill)
  • Select All — Toggle all permissions at once
  • Permission Count — Shows selected vs total

At least one permission is required for every role.

Role Code Generation

When you create a custom role, a code is automatically generated from the name:

NameGenerated Code
Travel CoordinatorTRAVEL_COORDINATOR
Regional ManagerREGIONAL_MANAGER
Budget AnalystBUDGET_ANALYST

The code:

  • Is uppercase with underscores
  • Must be unique within the company
  • Cannot use reserved codes (MEMBER, MANAGER, ADMIN)
  • Is used internally for identification

Editing Custom Roles

You can modify any aspect of a custom role:

EditableYes
Name
Description
Permissions
Status

Editing Steps

  1. Find the role in the Roles list
  2. Click the Edit button
  3. Modify desired fields
  4. Click Save Changes

Permission changes take effect immediately. Users with the role will gain or lose access on their next request.

Deleting Custom Roles

Custom roles can be deleted if no users are assigned.

Prerequisites for Deletion

  • Role must be a custom role (not predefined)
  • No users currently assigned to the role

Deletion Steps

  1. Reassign any users to a different role
  2. Find the role in the Roles list
  3. Click the Delete button
  4. Confirm deletion

If Users Are Assigned

You'll see an error if users are assigned. The error message indicates how many users need to be reassigned first.

Reassign these users to a different role, then retry deletion.

Role Status

Roles can be active or inactive:

StatusEffect
ActiveRole can be assigned to users
InactiveRole cannot be assigned; existing users keep access

Deactivating a role does not revoke access from currently assigned users. It only prevents new assignments.

Best Practices

Least Privilege

Grant only the permissions needed:

❌ Avoid✅ Better
Give everyone Admin role "just in case"Create specific roles for each function

Meaningful Names

Use descriptive names that indicate purpose:

❌ Avoid✅ Better
"Custom Role 1""Travel Coordinator - EMEA"

Document Purpose

Use the description field to explain:

  • Who should have this role
  • What they can do
  • What they cannot do

Regular Audits

Periodically review:

  • Which roles exist and their permissions
  • Who has each role
  • Whether roles still match organizational needs

Migrating Between Roles

When changing a user's role:

  1. Find the user in the Users list
  2. Click Edit
  3. Select the new role from the dropdown
  4. Save changes

The user's permissions update immediately.

Predefined Roles

Understanding the three built-in roles in every company

Permissions

Understanding the permission system and how permissions work

On this page

Custom RolesWhen to Use Custom RolesExample Use CasesCreating Custom RolesPrerequisitesStepsPermission SelectionThe Permission MatrixSelection FeaturesRole Code GenerationEditing Custom RolesEditing StepsDeleting Custom RolesPrerequisites for DeletionDeletion StepsIf Users Are AssignedRole StatusBest PracticesLeast PrivilegeMeaningful NamesDocument PurposeRegular AuditsMigrating Between Roles