Basics

• Security Roles store permissions and restrictions and can be applied to users. A user’s permissions (or rights) are based on the cumulative effect of their Security Roles.
• Security Roles can be accessed by going to Administration > Security Roles.
• By default, the ability to delete a Security Role entirely from MinistryPlatform is hidden from all users. If you wish to remove one or more security roles from a user, please select that record on the User Security Roles page and delete those records (and not the Security Role itself).
• To find out what rights a Security Role allows on each page, open the role and review what the role grants. 
• The User Rights & Restrictions read-only page provides a comprehensive list of available access and/or restrictions for all users with at least one security role.
• Administrators can merge two Security Roles using the Combine Security Roles Tool.
• There are many Security Roles that are included in the deployment of MinistryPlatform.
• For Security Role best practices, see this webinar.

Philosophy

Think through how your organization will be interacting with your data and develop a plan for user Security Roles. It may be helpful to think of user rights as focused on pages. Thus, there are roles for specific pages/tools/reports, rather than roles for specific jobs/types of staff at your church.

Once the roles are developed, think of your roles as building blocks that are stacked together to create user rights for a specific job. For example, make a selection of roles such as staff basic rights, staff quick add, data entry, and stewardship oversight and then save that selection as a Stewardship employee.

Note: Any roles you create should be named for what the role does (gives read access to product and payment pages), rather than the type of staff member it is assigned to.