All users are, by default, given base level permissions and capabilities only when you add them to your system.
See: the Roles and User Permissions [chart] for more information about 'no role' users and other roles.
Roles can be assigned to users by those who have the role Owner, Site Admin or Administrator (legacy) via User Management in the left-hand menu.
The only way to assign a role to users is via groups. By adding the user to a group which contains the roles you want to add to the user, you will assign those roles to the user.
To crosscheck that the role changes you make through groups achieve the desired outcome for your user, impersonate their profile.
If a user is a member of multiple groups with varying levels of permissions and capabilities, it will always be the 'highest' level of permissions and capabilities which dictates their experience of a system. i.e. If a user already has a 'reporter' role assigned to them, and you then add them to a group which contains the 'Basic User' role, this will not override or restrict their 'reporter' role permissions and capabilities. This can only be achieved by deleting the 'reporter' role from their profile by removing them from the group which contains this role.
- Roles and their relationship to Groups
- Add or remove a user's role
- Review a user's roles
- Check which roles are contained within your Groups
- User profiles: the colour-coded chips explained
Article ID: xapiappsA_20200421_2