Roles

In Vault Synapse, roles define the level of access that users or groups have to specific features, data, and actions within the system. This includes access to windows, tasks, reports, forms, processes, and other resources. Roles ensure that users can only view or modify the information and tools relevant to their responsibilities, supporting both operational efficiency and security.

Each client comes with predefined roles. Additional roles can be created to support specific workflows, restrict access to sensitive data, or grant permissions for specialized tasks. A single role can be assigned to multiple users, and a user can have multiple roles, providing flexible and layered access control.

Relative vs. non-relative roles

Relative roles 

Relative roles are tied to a specific entity—and apply only within that context. The authority of a relative role is limited to the area in which it is assigned and does not extend elsewhere. The Administrator defines the scope of these permissions. 

Example: If a user is a project member in a project, they will have access only to that project and related tasks without impacting other projects. 

Non-relative roles 

Non-relative roles operate at a higher level and can be configured to grant access across whole entities. These roles are not bound to a single context, making them ideal for full-entity, cross-entity or system-wide access.

To learn how to assign a non-relative role, refer to the User Module and Personal Module documentation. 

Security Roles

The Security Roles section in Vault Synapse allows administrators to define and apply complex permission settings across different entities in the system. Security roles determine what level of access a user or group has over specific data or functions — helping ensure that users can only view or modify the information relevant to their responsibilities.

By configuring security roles, organizations can maintain strict control over sensitive operations, apply role-based access across modules, and support secure collaboration throughout the platform. 

How to configure roles

To configure roles in Vault Synapse, click your profile icon in the main navigation bar and select Organization. In the organization settings, open the Configuration tab, then select Security. Under Security Roles, you can create new roles or edit existing ones.

The Security Roles window includes several fields and controls for setting up role parameters:

• Role: Enter a new role name or select an existing one from the dropdown.
• Description: Provide additional information about the purpose or scope of the role.
• Role Type: Leave this unset or choose from predefined types, depending on your organizational needs.
• Role Name (required): This is the display name for the role.
• Entity Type: Choose the relevant entity (e.g., projects, positions, agreements) that the role will apply to. If it stays empty, the role will be created as non-relative. If you select an entity, the role will be relative (for the selected entity).
• Color (required): Assign a color to visually distinguish the role.

Assign permissions using checkboxes for actions such as: Company Sharing, Owner, Delete, Confidential Write, Confidential Read, Create, Basic Write, Export, Change Committed, Change Owner, Archive, Share, Assign, Approval, Basic Read, and Look Up.

A single role can be assigned to multiple entities with different permissions for each.

How to delete roles

To delete roles in Vault Synapse, click your profile icon in the main navigation bar and select Organization. In the organization settings, open the Configuration tab, then select Security. Under Security Roles, you can delete existing ones. 

To delete a security role, enter the role name in the Role field or select it from the dropdown list. Then click the Delete Role button located in the bottom right corner of the screen.

A warning message will appear. If you're sure, press OK to confirm and permanently delete the selected role.