# Roles



--------------------------------------------------------------------------------
title: "Introduction"
description: "User Management allows you to directly add end-users to your application and assign them custom roles"
last_updated: "2026-03-18T07:41:08.535Z"
source: "https://docs.catalyst.zoho.com/en/cloud-scale/help/authentication/user-management/roles/introduction/"
service: "Cloud Scale"
--------------------------------------------------------------------------------


# Roles

### Introduction

Roles define a set of permissions and the level of access granted for a user to access your application or modify its data. You can define the scopes and access permissions for certain Catalyst components to each role, and assign a role to every user. This categorization enables the users of your application to only access functionalities that are relevant to them.

*Roles* currently apply to the {{%link href="/en/cloud-scale/help/data-store/introduction/" %}}Data Store{{%/link%}} and the {{%link href="/en/cloud-scale/help/file-store/introduction/" %}}File Store{{%/link%}}. You can define the {{%link href="/en/cloud-scale/help/data-store/scopes-and-permissions/" %}}scopes and permissions{{%/link%}} of each table for each user role in the Data Store. These scopes and permissions also apply to {{%link href="/en/cloud-scale/help/search-integration/introduction/" %}}Search{{%/link%}} and {{%link href="/en/cloud-scale/help/zcql/introduction/" %}}ZCQL{{%/link%}} by extension, since these components are tied closely to the Data Store. Similarly, you can {{%link href="/en/cloud-scale/help/file-store/implementation/#set-permissions-for-a-folder" %}}define Folder access permissions{{%/link%}} for each role in the File Store.

*Roles* is available as a section of the *User Management* feature in *Authentication*. 

Two system defined roles are present by default:

1. {{%badge%}}{{%bold%}}App Administrator{{%/bold%}}{{%/badge%}}: The users assigned to the {{%badge%}}App Administrator{{%/badge%}} role essentially have an admin access to the application by default. You can override this and define their access levels to the tables in the {{%link href="/en/cloud-scale/help/data-store/introduction/" %}}Data Store{{%/link%}} and to the folders in the {{%link href="/en/cloud-scale/help/file-store/introduction/" %}}File Store{{%/link%}}.

2. {{%badge%}}{{%bold%}}App User{{%/bold%}}{{%/badge%}}: The users assigned to the {{%badge%}}App User{{%/badge%}} role essentially have an end-user level access to the application by default. You can also override this and define their access levels in the {{%link href="/en/cloud-scale/help/data-store/introduction/" %}}Data Store{{%/link%}} and the {{%link href="/en/cloud-scale/help/file-store/introduction/" %}}File Store{{%/link%}}.

{{%note%}}{{%bold%}}Note:{{%/bold%}} 

* The {{%badge%}}App User{{%/badge%}} role is considered to be the default role. When you create a custom role and do not specify the scopes of the role it needs to follow, the scopes of the {{%badge%}}App User{{%/badge%}} role will apply to the custom role.{{%/note%}}

In addition to these roles, you can create your own custom roles and define their permissions. You can also make these custom roles as {{%badge%}}Default{{%/badge%}} roles. When a user role is set as the **default role**, the users who are added to your application are assigned to that role automatically, and the permissions that have been set for that role are made available to them.

<br />

--------------------------------------------------------------------------------
title: "Benefits"
description: "User Management allows you to directly add end-users to your application and assign them custom roles"
last_updated: "2026-03-18T07:41:08.535Z"
source: "https://docs.catalyst.zoho.com/en/cloud-scale/help/authentication/user-management/roles/benefits/"
service: "Cloud Scale"
--------------------------------------------------------------------------------


# Benefits

* Roles enable you to group your application users based on the access levels and permissions given to them. 

* Roles help you to prevent unauthorized access to view or modify application data, and boost the resource and data security in your application. 

* You can configure scopes and grant specific permissions to actions like viewing a table's data, deleting rows from a table, or uploading files in specific folders in the {{%link href="/en/cloud-scale/help/data-store/introduction/" %}}Data Store{{%/link%}} and the {{%link href="/en/cloud-scale/help/file-store/introduction/" %}}File Store{{%/link%}} for custom roles. 

* They also enable you to control the data flow and the design of your application as per your needs. You can build your application by keeping in mind the multi-level access you can grant to various user groups.

--------------------------------------------------------------------------------
title: "Implementation"
description: "User Management allows you to directly add end-users to your application and assign them custom roles"
last_updated: "2026-03-18T07:41:08.535Z"
source: "https://docs.catalyst.zoho.com/en/cloud-scale/help/authentication/user-management/roles/implementation/"
service: "Cloud Scale"
--------------------------------------------------------------------------------


# Implementation

### Create a New User Role 

When you create a new custom role in Catalyst, you must clone an existing role. This action will clone the set of permissions from the parent role to the new role. You can change the scopes and permissions of your custom role in the {{%link href="/en/getting-started/set-up-a-catalyst-project/profiles-and-permissions/" %}}Permissions{{%/link%}} section of {{%link href="/en/cloud-scale/help/data-store/introduction/" %}}Data Store{{%/link%}} and {{%link href="/en/cloud-scale/help/file-store/introduction/" %}}File Store{{%/link%}}.

{{%note%}}{{%bold%}}Note:{{%/bold%}} You will not be able to delete roles from Catalyst currently. The provision to delete roles will be rolled out soon.{{%/note%}}

To create a new user role for your Catalyst application:

1. Click the **Roles** tab of the *User Management* section of *Authentication*. Click the **Add Roles** button.
<br />

2. Enter the name and description for the *Role*.
<br /> 

3. Choose an existing role to clone the scopes and permissions for your custom role from the drop-down selection of **Clone Role**.
<br />

4. You can enable the **Make as Default** toggle option if you want to ensure that when an end-user is added to your application, they will be automatically added to this role by default. Catalyst will automatically apply the permissions defined for this role to the new user.
<br />

5. Click **Add**.
<br />

The role will now be displayed in the *Roles* section along with the unique *Role ID* generated by Catalyst, the description of the role, the details of the collaborator that created the role and the date and time the role was created on.

### Edit a Role

You can edit the name, description, and choose if you wish to make the role a default role or not using the **Make as Default** toggle.

To edit a role:

1. Click the **ellipsis icon** present at the corner of the role you wish to edit and select **Edit**.
<br />

2. Make the required changes and click **Update**.
<br />


### Delete a Role

The following points need to be taken note of before you opt to delete a role:

* While you can edit a system defined role—{{%badge%}}App Administrator{{%/badge%}} and {{%badge%}}App User{{%/badge%}}, you cannot delete them.

* You cannot delete a {{%badge%}}Default{{%/badge%}} role. To delete a role that is marked as {{%badge%}}Default{{%/badge%}}, you need to make another role as {{%badge%}}Default{{%/badge%}} before attempting to delete the intended role.

* Before deleting a role you need to transfer its users to a new or a different existing role. 


To delete a role: 

1. Click the **ellipsis icon** present at the corner of the role you wish to delete and select **Delete**.
<br />

2. Transfer the users of the role that you are going to delete to a different role. You can do so by choosing the role from the drop-down.
<br />

{{%note%}}{{%bold%}}Info:{{%/bold%}} If there are more roles in the {{%link href="/en/deployment-and-billing/environments/development-environment/" %}}development environment{{%/link%}} than in the {{%link href="/en/deployment-and-billing/environments/production-environment/" %}}production environment{{%/link%}}, and if you choose to migrate your project back to development from production, then:

* The additional roles present in the development environment will be automatically deleted.

* The users mapped to these roles will be mapped to the {{%badge%}}Default{{%/badge%}} role as listed in the production environment.{{%/note%}}

3. Click **Yes, Delete** to delete the role.
<br />

You will get a console notification notifying you that the required role has been deleted and its users have been successfully transfered to the Trasfer Role you selected.
<br />
<br />