Define custom roles with specific permissions, and assign them to the right user groups to effectively control access to features
🧑🏻💻 For admins (requires 'User Management' permission) | ✅ Standard feature
Important: It's essential to link at least one role to the 'User Management' permission. This ensures that there is at least one individual with the authority to manage roles and permissions for all users effectively.
Understanding roles and permissions
Users are organized into Groups. Each Group is connected to a Role (or multiple Roles), and that Role contains a specific set of permissions.
This means that when a user is added to a Group, they automatically get the permissions defined in the Role linked to that Group.
In this example, Claire is an ahead ID user and belongs to an ahead ID group that is linked to both the Admin and Editor roles, so she receives the permissions from both roles.
Tom, on the other hand, is an Entra ID users and he is in an Entra ID group linked only to the Editor role, so he receives only the Editor permissions.
👉 Learn what each permission allows in the User permissions overview article
Roles & permissions tab
When you enter the User Management area and select Roles & Permissions from the side menu, you’ll see two main sections: Default Permissions and List of Roles.
Default permissions
All ahead users automatically have access to essential intranet features, such as viewing homepage content, using the search tool, and browsing the people directory. These core features are built-in and cannot be changed.
In addition to these, users are granted a customizable set of default permissions. You can edit this list at any time: add more permissions, remove existing ones, or leave it empty if no extra access is required.
These default permissions are automatically included in every new role you create.
Suggestion: Add the Create Story permission to allow all users to create stories freely. This can help boost user engagement and content creation.
List of roles
This section displays all existing roles, along with the permissions assigned to each. You’ll also see the source of the user groups linked to each role, such as Entra ID, ahead ID, or other identity providers.
From this table, you can:
-
Create new roles and connect user groups to roles
-
Edit and delete existing roles
If your organization is new to ahead, both the Default Permissions and List of Roles sections will be empty at first. During onboarding, our Success team will work with you to define the roles and permissions that best fit your organization’s needs.
In ahead, there are three standard roles commonly used: User, Editor, and Admin. Many organizations stick with these roles for their simplicity, while others choose to create additional roles for more granular control.
This article outlines the typical permissions associated with the User, Editor, and Admin roles.
Creating a Role
A role is a collection of permissions that determine what users can do in ahead. When a role is assigned to a user (through a group), it enables them to carry out specific tasks and responsibilities. You can create as many roles as needed to match your organization's structure.
1. Click 'Add role'
Start by clicking the Add role button in the Roles & Permissions section.
2. Enter a 'Display name'
In the modal window, provide a display name for the role. This name is only visible in the User Management area and does not appear publicly.
3. Add permissions to the role
Select the relevant permissions from the list.
Some permissions are only available when premium features are enabled (e.g., Messages permission).
Every role also includes the Default Permissions automatically.
4. Connect user groups to the role
Choose the user groups that should receive the permissions of this role. You can assign both ahead ID and Entra ID groups.
5. Save the Role
Once saved, the role is active immediately.
Editing a role
Roles can be edited at any time to adjust their permissions or associated groups.
-
In the List of Roles, click the role you want to update.
-
In the side panel, click Edit.
-
Make your changes and click Save.
⚠️ Changes to a role can impact what users can access across ahead. If you're unsure, contact your CSM for support.
Deleting a role
-
In the List of Roles, click the role you want to delete.
-
In the side panel, click Edit.
-
Click Delete, then confirm.
Giving a permission to a specific user
To assign a permission to an individual, follow these steps:
1. Identify a role with the desired permission
Check the Roles & Permissions section for an existing role that includes the needed permission.
If none exists or the available roles include unrelated permissions, consider creating a new custom role.
2. Check group associations
Open the role to view the groups it’s connected to. Determine if the user should be added to one of these groups.
ahead ID users can only be added to ahead groups. Entra ID users can only be added to Entra ID groups.
⚠️ A group may be connected to multiple roles. Adding a user to a group could grant them more permissions than intended. Review the group’s connected roles in the Groups tab before proceeding.
3. Add the user to the group
For ahead ID users, you can add the user to the group in one of two ways:
-
From the Groups tab: Edit the group and add the user.
-
From the user’s profile: Click Add to group.
For Entra ID users, add the user to the appropriate group via your Microsoft Entra admin center.
4. All set!
Once added, the user will instantly receive all permissions granted to that group through its connected roles.
🔎 Can't find the right answer to your issue?
Just open a ticket through our customer portal and we will be happy to assist you.