A role can represent an operational entity or a job title, such as Invoice Manager or Financial Department.
Users or groups can be assigned to one or more roles. Permissions can then be assigned to roles by library administrators (for example, the permission to administer a library, to create documents in a library, or to perform certain workflow actions).
Roles can be used to define:
- workflow validators, permissions and notifications
- document class permissions
- view permissions
Using a role to define who can perform a manual workflow action
Using a role to define document permissions for a workflow state
A library has:
|Predefined library roles|
|Predefined document roles|
|Custom roles (optional)|
Predefined library roles
A library has three predefined roles:
- Administrators are granted write, read, share, and delete permissions to all documents in the library of which they are administrators. Administrators can also configure library administration settings.
Tip: Administrators also receive and manage the sharing requests forwarded by the storage account. Administrators can delegate the management of sharing requests to a specific role. To implement this delegation, you can contact our support team.
- Contributors can be given the permission to create, edit, delete and share documents in the library. Being a member of the contributor role at the library level doesn't grant write permission on all documents, but rather makes it possible to be given this permission.
Note: You can't grant a user edit permission on a document if the user is a reader in the library — the user must be a contributor.
- Readers can be given the permission to read documents in the library. Being a member of the reader role at the library level doesn't grant read permission on all documents, but rather makes it possible to be given this permission.
- All contributors are automatically readers.
- You can't grant a user read permission on a document if the user isn't defined in the library.
You can define administrators, contributors and readers in the library security settings.
Predefined document roles
A predefined document role contains only one person and can't be updated manually.
Each document has three predefined roles:
- Document creator: the user who created the document
- Last update author: the user who performed the last update on a document. This role is dynamic.
- Version creator: the user who created the last version of the document. This role is dynamic.
Note: Users can create versions manually or by workflow actions. Users can create a new versions directly or through a check-in.
In addition to predefined roles, administrators can configure custom roles in the Roles section of the library administration interface.
Custom roles are specific to each library and are not shared between libraries.
Learn more: Configure roles
Tip: As best practice, if you are using Google Groups you are recommended to associate each AODocs custom role with a single dedicated Google Group to avoid unnecessary access control list (ACL) synchronization in your Google Drive each time you add or remove users from the role.