Document lifecycle roles provide a mechanism for document-specific access control. Vault includes several standard roles to use in Sharing Settings and in workflows but also allows you to add custom roles. You can then assign users to the roles automatically or allow individual users to assign the roles for specific documents.

Accessing Role Management Options

You can view system-provided and custom roles for a specific lifecycle from Admin > Configuration > Document Lifecycles > [Lifecycle] > Roles. From this area, you can select allowed users for a role, configure user defaulting, add custom roles, and assign annotation note colors. You can also delete or deactivate custom roles.

For the Owner role, the Allowed Users configuration only applies when re-assigning a new owner to a classified document. The creator of a classified or unclassified document is the initial owner, and role settings do not affect the Create Document permission on a document type.

How to Create Custom Roles

To create a custom role:

  1. Click Create.
  2. Enter a Label for the role. The name will be visible to users when viewing or editing Sharing Settings.
  3. Change the Status to Inactive if the role should not be available for selection yet.
  4. Optional: Enter a Description. This value is not visible to users but appears on the Roles page to help you identify the role.
  5. Optional: In Add Default Users When, choose when Vault should automatically add default users to the role. You can define default users after saving.
  6. Optional: Select a Note color for the role (see details below).
  7. Click Save. The new role appears in the Roles page and is immediately available for workflow configuration and assignment via Sharing Settings.
  8. If you need to restrict the users allowed in the role or set default users, see Defining Allowed & Default Users.

Note Color

The Note color for a role affects the background color of notes for line, text, and image annotations, but not for link or anchor annotations. It only applies if a user creates an annotation while in a role with an open workflow task. If no color is selected for the role, users are free to select their own color.

Note color does not apply:

  • If a user has the role but no assigned tasks.
  • If a user has more than one assigned task in more than one role.
  • To notes that already exist, unless the user edits the note while in a role with an open workflow task.
  • To document and object workflows. Only legacy workflows are applicable.

Configuring Permissions for Roles

Once created, custom roles appear in Admin > Configuration > Document Lifecycles > [Lifecycle] > States > [State] > Security Settings and Atomic Security alongside standard roles. From here, you can modify permissions through the security matrix and Atomic Security.

The following permissions control access to document lifecycle role configuration:

Security Profile

Document Lifecycles > Edit
Grants ability to edit document lifecycle configuration, which includes creating and editing document lifecycle roles.