Roles & Permissions

Last modified: June 2, 2025

Introduction

On the Roles & Permissions page in Control Center, you can view and manage your company’s centralized project roles and their permissions.

Centralized Project Roles

Centralized project roles allow Mendix Admins to control access across all Mendix projects within their company.

Within the centralized role framework, Scrum Masters and team members can only view and choose from the project roles established by Mendix Admins, with no ability to change role permissions. If a custom permission set is needed, Scrum Masters and team members must reach out to a Mendix Admin for assistance.

Project Roles Overview

The Roles & Permissions page provides an overview of all centralized project roles, with the following information for each role:

A brief summary of the permissions included in the role.
The number of projects where the role is used. Clicking the number opens a pop-up window which lists these projects.
The number of members who are assigned the role.

Some roles on this page are tagged as Inherited from project. A Mendix Admin can review these custom project roles, keep the useful ones, and merge any duplicates.
When members of your company invite someone to a project, they cannot select any role with the tag Inherited from project, as these roles will not be visible to them.

From the overview page, you can show role details, and create, edit, or delete a role.

Creating a Role

Follow these steps to create a role:

In the upper-right corner of the page, click Create Project Role.
A wizard opens to guide you through the necessary steps.
Add the following details on the Project Role Details tab:
1. A Role name. Every role name in your company must be unique.
2. Optionally, a Role Description for further reference.
Click Next.
Select the desired permissions for the role on the Project Permissions tab. These permissions determine what the team member is allowed to do in terms of project management, and are described on the tab.
Click Next.
Select the access rights for Non-production Environments. These permissions dictate access to environments such as test or acceptance, and are applied to the assigned team members on the Permissions page in the Cloud Portal.

You can choose between No Access and Access.
If you choose Access, you can refine your settings in the following sections:
- Permission Management - You can select Fixed or Custom.
  - If you select Fixed, continue to set the permissions for this role in the Set Permissions section.
  - If you select Custom, you allow anyone with Manage Permissions rights, such as the Technical Contact, to set permissions per environment.
- Set Permissions - Choose the specific privileges you want to include in this role for non-production environments. The permissions you set here are fixed for this role. They cannot be changed later on the Permissions page.
Click Next.
Select the access rights for Production Environments.

You need to complete multi-factor authentication before you can edit and save production environment permissions.

You can choose between No Access and Access.
If you choose Access, you can refine your settings in the following sections:
- Permission Management - You can select Fixed or Custom.
  - If you select Fixed, continue to set the permissions for this role in the Set Permissions section.
  - If you select Custom, you allow anyone with Manage Permissions rights, such as the Technical Contact, to set permissions per environment.
- Set Permissions - Choose the specific privileges you want to include in this role for non-production environments. The permissions you set here are fixed for this role. They cannot be changed later on the Permissions page.

Showing Role Details

To view the details of a role, click Show Details. This opens the Project Role Details pop-up window, which contains the role name, ID, and permissions.

The Role ID can be used in the Mendix Projects API.

Editing a Role

Follow these steps to make changes to a role:

Click Edit Role for the role you want to edit.
Make the necessary changes.
Click Save Changes.

Changes made to the permissions of a role are immediately applied to the team members that are assigned that role.

To prevent concurrent changes overwriting each other, only one role can be edited at any one time.

You cannot edit the Scrum Master role. This ensures that there is always someone in the project team that can manage the project.

Deleting a Role

Follow these steps to delete a role:

Click Edit Role for the role you want to delete.
Review the role by clicking through each tab.
Click Delete Project Role. A dialog box is displayed, asking for confirmation.
Click Delete Project Role to permanently delete the role.

If the role is used by a project, a replacement role must be selected. The replacement is applied to all team members who are currently assigned the role you are deleting. If the replacement role has different permissions, then these are applied immediately.

You cannot delete the Scrum Master role. This ensures that there is always someone in the project’s team that can manage the project.