A role is a set of specific permissions over the library that can be assigned to users or Google Groups (for example, the permission to administer a library, to create documents in a library, or to perform a certain workflow action).
Each Library has four pre-defined roles:
- Administrators: Members of this role have write, read, share, delete access to all documents in the given library. Administrators can also configure library administration settings.
- Contributors: Members of this role can be given the permission to create, edit, delete and share documents in the library. Note that being a member of the Contributors role does not automatically give you the permission to edit all documents in the library, but it is not possible to grant a user the edit permission on a library document if the user is not a member of the Contributors role.
- Readers: Members of this role can be given the permission to read documents in the library. Note that being a member of the Readers role does not automatically give you the permission to read all documents in the library, but it is not possible to grant a user the read permission on a library document if the user is not a member of the Readers role. Note that all members of the Contributors role are also automatically members of the Readers role.
- Document creators: This role is automatically populated by the creator of each document. Note that this role has a different value for each document and always contains a single user.
The members of the administrators, contributors and readers roles can be configured in the library security settings.
On top of these 4 pre-defined roles, administrators can define custom roles, which can be used:
- In workflow configuration (1) to define workflow validators (2)
- In the configuration of the inherited permissions
Custom roles are specific to each library and are not shared between libraries.
Choosing who can change the state of a document in the workflow configuration page from the library administration interface
Using a role to define inherited permissions
As a best practice, if you are using Google Groups we recommend to associate each AODocs role with a single dedicated Google Group to avoid unnecessary ACL synchronization in your Google Drive whenever you add or remove users from the role.