Global and resource role best practices
Updated
Recommendation
Start by understanding the permissions model:
Responsibilities are used to assign a resource role to one or more users and/or user groups. Based on their responsibilities, users can act on the permissions conveyed to them via the resource role.
Impact
Changes in permissions on global roles can affect users’ access to the designated product features as well as impacting your consumption of Standard licenses. Follow the best practices to:
Clarify your users' experience.
Reduce confusion and operating model complexity.
Recommendations
Global roles
Global roles grant permissions on product capabilities globally rather than just to specific resources. Therefore, global roles, as defined out-of-the-box (OOTB), should meet most needs and only be changed for special circumstances. Generally, you should use resource roles to develop particular use cases, these are described below.
Resource roles
When creating resource roles, it’s good practice to start with a list describing all of the roles you envision, outlining their responsibilities and permissions. These definitions should be public within your organization and shared with all users.
Specific resource role names are better than generic ones. For example, “Steward” doesn’t necessarily distinguish between data stewards, business stewards and privacy stewards. Each of these more detailed steward role definitions should then carry a differing set of responsibilities and permissions.
The names of roles should be self-explanatory and unique to avoid multiple roles with the same role name. However, do not create too many roles with minor distinctions between them as this can lead to confusion.
It is best to retain the OOTB resource role names as they are recognized by workflows that call upon them.
Responsibilities should be assigned to roles at the highest possible level, such as at the domain or community-level, rather than asset-level, to make it easier to maintain and assign them.
All domains, communities and assets should have some responsibility assigned to them, whether it is ownership, stewardship or SME. There should always be someone responsible for each asset. This is particularly important where workflows are involved, as they cannot complete if the called upon responsibilities have not been assigned.
A governance best practice is to maintain a hierarchy of assigned roles that describes your escalation process.
Validation criteria
Review Read-only vs Standard licenses in the User area of Settings to match against global roles.
You can also run the Operating Model Diagnostic Report to see the types of roles and the number of people assigned to them. This workflow is available from your Customer Success representative.
Additional information
For more information, go to the following resources: