Role Groups Role Groups
  1. iconik
  2. Entities
  3. Entities

Role Groups

Entities

See all 31 articles

*Please note! This article is specific to trial domains created after October 7th, 2025. If your domain was created prior to this date or if you're working directly with our sales team, please see our article on Groups

Within Iconik, Role Groups allow you to organize users into groups to easily manage permissions at scale within the platform. These allow you to further restrict the permissions applied by their set user type (Power, Standard, Browse-Only). 

When a user is added to Iconik as either a Power, Standard, or Browse-Only user, they immediately inherit all of the capabilities of those user types. When those users are added to a Role Group, the roles selected for that Role Group override the user type and limit the abilities of the user to the parameters of the Role Group only. 

Role Groups can be used to limit the roles of users based on their user type, not to apply more. For example, adding a Browse-Only user to a Role Group that provides edit access to storages will not give that user that ability, as their user type prohibits it. They'll need to be upgraded to a Power User first.

What Are Role Groups?

Role Groups are groups of users you can create to:

  • Manage specific permissions and abilities within the platform.
  • Limit the pre-set user types (Power, Standard, Browse-Only) further.

Each user can be a member of multiple role groups – there’s no limit to how many. However, roles applied by role group memberships are cumulative. This means that a user in multiple role groups will have all of the combined roles from those groups applied. 

How to Create Role Groups

  • You can create a Role Group at any time by navigating to the Role Groups page and selecting Create New Role Group. 

Example Scenario

Within your Iconik domain you have 10 Browse-Only users that can login, browse assets and collections, comment on assets, and view metadata related to those assets and collections. The Browse-Only user type as it is meets their needs and no adjustments need to be made.

However, you're adding new users to your domain that will need more limited capabilities. They still need to login and  view assets and collections, but they'll need to be prohibited from commenting on or viewing the metadata for the assets and collections they can view. 

In this scenario, you would:

  1. Create a Role Group called "Restricted Browse-Only"
  2. Select only the roles required for this cohort of users (view access to assets and collections, for example)
  3. Ensure you do not enable any commenting or metadata viewing roles
  4. Add the users to the domain as Browse-Only users
  5. Add those specific users to the Restricted Browse-Only Role Group

This will ensure that the users added will get the overarching permissions set by the Browse-Only user type, but will have those permissions limited by the applied Role Group. 

Why Use Role Groups?

  • Simplify permissions: No need to set access one user at a time.
  • Scale collaboration: As your organization grows, the number of teams can grow with it.
  • Secure assets: Ensure the right people have the right access.

Next Steps

Still have questions? Contact our Support Team.