# Manage Role

A **Role** represents a job function or responsibility within ONEWEB and is a core element of the **Role‑Based Access Control (RBAC)** model.\
Managing roles allows administrators to group permissions and assign them consistently to multiple users, ensuring secure and scalable access control.

***

### Prerequisites

Before managing roles, ensure that:

* You are logged in as an **Admin user**
* IAM module is enabled and accessible
* Required **permissions and objects** already exist (if roles will reference them)

***

### Create a New Role

#### Step 1: Open Role Management

1. Log in to ONEWEB with an **Admin account**
2. Go to **Settings → IAM**
3. Open the **Admin** menu
4. Select **Role**

<figure><img src="https://2015371994-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FMpDjHWFRUtZ5nJcSfVXd%2Fuploads%2FbC59My0LcMwvXqqGCVKk%2Fimage.png?alt=media&#x26;token=34092850-0d3b-4b6c-8a89-2802ef3c716b" alt=""><figcaption></figcaption></figure>

***

#### Step 2: Create Role

1. Click **Create New Role**

<figure><img src="https://2015371994-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FMpDjHWFRUtZ5nJcSfVXd%2Fuploads%2FGgSNOu31X4u88PGHrSMt%2Fimage.png?alt=media&#x26;token=506e8570-9492-468a-bffa-59f12273c062" alt=""><figcaption></figcaption></figure>

***

#### Step 3: Define Role Details

Fill in the following information:

* **System** – Select the system/application the role belongs to
* **Parent Role** *(optional)* – Choose a parent role if creating a role hierarchy
* **Role Name** – Meaningful role identifier (e.g. `Order_Approver`)
* **Role Description** – Description of responsibilities

Then click **Save Role**.

***

#### Step 4: Verify Role Creation

* The new role will appear under the selected **System**
* If a parent role was selected, it will appear under that hierarchy

This role is now available for:

* Assigning users
* Assigning permissions and objects

***

### Add Users to a Role

Assigning users to roles grants them all permissions associated with the role.

***

#### Step 1: Select Role

1. Go to **Admin → Role**
2. Click the role you want to manage

***

#### Step 2: Open User Assignment

On the **right‑hand panel**, the system displays current users assigned to the role.\
Click **Add Users**.

<figure><img src="https://2015371994-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FMpDjHWFRUtZ5nJcSfVXd%2Fuploads%2FccYqqMvDTGc6dSscXKv0%2Fimage.png?alt=media&#x26;token=20cc1d9e-e1b1-49eb-9284-9a813458825c" alt=""><figcaption></figcaption></figure>

***

#### Step 3: Select Users

1. In the **Add Users To Role** popup, search for users
2. Select one or more users
3. Click **Confirm Users To Roles**

<figure><img src="https://docs.oneweb.tech/oneweb/~gitbook/image?url=https%3A%2F%2F2015371994-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FMpDjHWFRUtZ5nJcSfVXd%252Fuploads%252F5QyjKWhZMLGcePlJl20y%252Fimage%2520%282%29.png%3Falt%3Dmedia%26token%3D696ed0f4-b916-46c1-9db8-1f1affe1ef73&#x26;width=768&#x26;dpr=3&#x26;quality=100&#x26;sign=5b4965a9&#x26;sv=2" alt=""><figcaption></figcaption></figure>

Users are immediately assigned to the role.

***

### Add Permissions / Objects to a Role

Roles gain capabilities by associating permissions and protected objects.

***

#### Step 1: Select Role

1. Open **Admin → Role**
2. Select the role to configure

***

#### Step 2: Open Permission Tab

1. On the **right‑hand panel**, open the **Permission** tab
2. Click **Add Permissions / Objects**

<figure><img src="https://2015371994-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FMpDjHWFRUtZ5nJcSfVXd%2Fuploads%2FnDaZfHa3jJm9MPBXNO8y%2Fimage.png?alt=media&#x26;token=45b8728e-4780-4205-b3e2-0d5995b46083" alt=""><figcaption></figcaption></figure>

***

#### Step 3: Select Permission or Object

1. Search or browse for the required **Permission** or **Object**
2. Select the items to add
3. Click **Confirm Add Object/Permission**

<figure><img src="https://2015371994-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FMpDjHWFRUtZ5nJcSfVXd%2Fuploads%2F4ElTXn6yqDT0FWX3Hurr%2Fimage.png?alt=media&#x26;token=fcccd9db-dd7b-4b25-9274-a306bf4028c5" alt=""><figcaption></figcaption></figure>

The permissions/objects are now associated with the role.

***

### Best Practices for Role Management

* Design roles based on **business responsibilities**, not individual users
* Keep role hierarchy simple and meaningful
* Assign permissions to roles—not directly to users
* Review role membership periodically
* Use least‑privilege principle when defining permissions

***

### Summary

Managing roles in IAM is central to enforcing **Role‑Based Access Control (RBAC)** in ONEWEB.

Key points:

* Roles represent authority levels and job functions
* Users inherit access through roles
* Permissions and objects define what the role can access
* Centralized role management improves security and compliance

A well‑designed role model ensures **secure, scalable, and auditable access control** across ONEWEB applications.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.onewebstack.com/oneweb-platform-th/building-apps/security-and-compliance/authorization-and-access-control/managing-access-control-with-iam/manage-role.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.