Roles & Permissions

Last modified: February 11, 2025

Introduction

On the Roles & Permissions page in Control Center, you can view and manage centralized company-level project roles and permissions.

Centralized Project Roles

All companies use centralized project roles. This means:

Mendix Admins will be the only ones who can create or modify project roles.
Scrum Masters and team members will only be able to view the project roles established by Mendix Admins and select the appropriate one. They will not have the ability to modify the permissions of project roles. If a custom permission set is needed, they must reach out to a Mendix Admin for assistance in creating it.
Some roles will appear with the tag Inherited from project on the Roles & Permissions page in Control Center. A Mendix Admin can review these custom project roles, keep the useful ones, and merge any duplicates.

When members of your company invite someone to an project, they cannot select any role with the tag Inherited from project shown here, as these roles will not be shown to them.

Project Roles Overview

On the Roles & Permissions page, you have an overview of all centralized project roles. You will see a brief summary for each role of the permissions that the role has as well as in how many projects and by how many team members they are used.

Clicking the number of projects that use the role opens up a pop-up window with a list of projects where the role is used.

From the overview page you can Create, Edit, or Delete a role.

Creating a Role

To create a role, do the following:

At the upper-right corner of the page, click Create Project Role. A wizard opens to guide you through the steps to set up the new role.
In the wizard, configure the settings on the Project Role Details tab.
1. Enter a role name. Every role name in your company must be unique.
2. Optionally, add a description for the role for further reference.
Click Next and configure the settings on Project Permissions tab.

These permissions determine what the team member is allowed to do within the context of project management.
Click Next and configure the settings on the Non-production Environments tab.

Set the environment permissions for non-productive environments, such as the test or acceptance environments, as described below. These permissions are applied to the assigned team members on the Permissions page in the Cloud Portal.
1. Set the correct access rights.
2. For Permission Management, you can select Fixed or Custom.
  - If you select Fixed, continue to set the permissions for this role at the bottom. The permissions you set here will be fixed for this role. They cannot be altered later on the Permissions page.
  - If you select Custom, you allow anyone with Manage Permissions rights, for example, the Technical Contact, to set the permissions per environment.
Click Next and configure the settings on the Production Environments tab.

Set the environment permissions for production environments as described below. The permissions you set here will be fixed for this role. They cannot be altered later on the Permissions page in the Cloud Portal.
1. Set the correct access rights.
2. For Permission Management, you can select Fixed or Custom.
  - If you select Fixed, continue to set the permissions for this role at the bottom. The permissions you set here will be fixed for this role. They cannot be altered later on the Permissions page.
  - If you select Custom, you allow anyone with Manage Permissions rights, for example, the Technical Contact, to set the permissions per environment.
Editing and saving the production environment permissions can only be done after a multi-factor authentication has taken place.

Showing Details

To show the details of a role, click Show Details. The Project Role Details pop-up window opens with detailed information about the role.

In the Project Role Details pop-up window, you can find the role ID that can be used in the Mendix Projects API.

Editing a Role

To edit a role, do the following:

Click Edit Role for the role you want to edit.
Make the changes.
Click Save Changes.

Changes made to the permissions of a role are immediately applied to the team members that are assigned to the role.

To prevent concurrent changes overwriting each other, only one role can be edited at any one time.

You cannot edit the Scrum Master role. This ensures that there is always someone in the project’s team that can manage the project.

Deleting a Role

To delete a role, do the following:

Click Edit Role for the role you want to delete.
Review the role.
Click Delete Project Role. A dialog box opens to ask for confirmation.
Click Delete Project Role to permanently delete the role.

If the role is used by a project, a replacement role must be selected. This role will be applied to all team members who are currently assigned to the role to be deleted. If the replacement role has different permissions, then these will be applied immediately.

You cannot delete the Scrum Master role. This ensures that there is always someone in the project’s team that can manage the project.