Roles

A role is a defined grouping of access privileges that determines what actions a user can perform on different objects in DevRev. These objects can include stock objects like issues and tickets, custom objects, and their subtypes. Roles are a core part of the access control model, alongside groups.

Actor

An actor is an entity that performs an action in the app. Actors fall into three types: organization members, customers, and service accounts. Roles control what access an actor has across the app, portal, and Plug. For the full actor taxonomy, see Access control.

Privileges and conditional access

Assigning a role to a user grants them specific privileges on the objects covered by that role. The supported privilege types are create, read, update, and delete.

Access can also be granted conditionally based on the attributes of an object. For example, permissions can vary depending on object properties such as priority or owner, allowing for more dynamic and context-aware access control. Note that field-level access control—which governs visibility and editability of individual fields—is a separate layer from object-level conditional access. Both are configurable in Configure roles.

Internal and external roles

DevRev distinguishes between internal roles, which apply to organization members working inside the workspace, and external roles, which apply to customers accessing the Support Portal or Plug. This distinction determines which objects and actions a role can govern. See Configure roles for details on setting up each type.

Assigning Roles

When a role is assigned to a group, all members of that group inherit the associated access permissions. If a user belongs to multiple groups, the highest applicable privilege across all assigned roles takes effect.

To create and assign roles, see User roles and Customer roles .

Note: Roles cannot be assigned to the All Users, Customers and Admins group; although the already assigned roles can be edited.