Managing Roles


Roles are central to controlling which users can access which information and functionality in your application. Roles are essentially a collection of permissions that can be assigned to users. Frontegg comes with two roles already setup with permissions for Admin and ReadOnly. Use those as they are, edit them, or create your own new roles. Read below to learn how.

List of Roles

To see a list of roles and to manage them, go to Authorization ➜ Roles.

By default, Frontegg has Admin and ReadOnly roles already defined and assigned with relevant permissions. You can utilize these roles or remove them and add your own.

Create Roles

To create a new role, click the Add New button. Enter in the form a Name, ID, and Level.


After creating a new role

Name and ID

The Name is public and is therefore what you will and others will see for the role. Conversely, the ID serves as an internal identifier. Later, you can change the role name without changing the internal role ID. This allows you to change your public role names without influencing internal role functionality.


Level allows you to group roles together and thus create organizational role hierarchies.

Grouping roles together in levels, you can create associations between roles that otherwise would not exist. Roles assigned to the same level in the application probably have some real-world connection, too.


An Example

In the example shown below, there are six corporate roles divided among three overall levels.

  • Role Level 0 for Agent, Admin
  • Role Level 1 for Operator, Editor
  • Role Level 2 for Viewer, Analyst

By default, all roles are assigned Role Level 0.


Assign Permissions

After creating a new role, you should assign permissions to that role. Permissions are a big part of defining what a role is and therefore distinguishing it from other roles.

Add Permissions

After creating a role, you need to define the permissions for that role. Read more about permissions. The permissions assigned to a role essentially control what users with that role can do in your application.

To manage the permissions assigned to each role, go to Authorization ➜ Permissions.

You can assign one or more permissions to the role. To assign a permission to a role, in the list of permissions find the permission that you want to assign to a role, and check the checkbox for the role.

Assign Users

Once you create a role, you need to assign the role to users.

Go to Manage ➜ Users.

On that page, you can see and manage the users. You can assign roles to a user when creating the user manually, like in the image below:

You also can edit an existing user's roles.

In the list of users, click on the user. You should see the user's overview page, which includes a list of tenants that the user belongs to. For each tenant is listed the user's roles.

To edit those roles, click on the menu for the tenant and select Edit Roles, like below:

Edit the roles and save.

Disable Role-Based Authorization

You can disable roles if your application does not require a user hierarchy. If you disable roles, every authenticated user will be allowed to send requests to Frontegg's built-in features without Frontegg roles enforcement.

If you enable roles, then Frontegg will enforce the roles pursuant to their scopes. By default, the roles feature is enabled and you have default roles for Admin and Read-Only.

Enforce Authorization

After configuring your roles and permissions in the Frontegg Portal, you can enforce them in your application. Specifically, you can:

Did this page help you?