Skip to main content
CENEDRIL MANUAL
Open Cenedril
Team, Roles & Billing · Access Control

Use RBAC as an admin

Updated on 3 min Pro plan Open in Cenedril

Goal Enable granular access control, create custom roles with targeted permissions, assign them to users, and track every change in the history.

In Cenedril you set up granular access control by opening the Access Control tab under Team, activating the feature, creating custom roles with the permissions you want in the Roles section, and assigning them to individual people in the User assignments table. Access control is an additive layer on top of the Owner, Admin and User account roles. Every change is logged in the History.

Activate access control

Open the Access Control tab

In the sidebar open Team and select the Access Control tab at the top. This tab is available to companies on the Pro plan. Without Pro, the tab leads to the plan selection.

The Team page with the “Access Control” tab next to “Team Members” and “Portfolio”.

Activate the feature

While access control is not yet active, the page explains how it works. Read the notes and click Activate now. On first activation, every existing user automatically receives the Godmode role with full access, so no one is locked out.

Create custom roles

Create a new role

In the Roles section you see the built-in roles (marked Standard) and the Godmode role. Click New role at the top right to create your own.

Set name, description and permissions

In the dialog give the role a Name (for example “DPO” or “ISMS Auditor”) and an optional Description. In the Permissions section you set the level per feature, wizard, record or policy: No access, Read, Edit or Approve. The summary at the top always shows how many areas sit at which level.

The role editor with name, description and the permission tree including the level summary.

Save the role

Click Save. The new role then appears in the list, initially with zero assigned users. The Godmode role can only be viewed, since it holds all permissions and is immutable.

Assign roles

Open user assignments

The User assignments section shows one row per person. The Account role column shows the existing assignment (Owner, Admin or User), and the Additional roles column shows the granular roles.

Add or remove a role

In a person’s row, click Assign role and pick the role you want from the dropdown. It then appears as a chip in the Additional roles column. Use the on a chip to remove an assignment again. Multiple roles per person are allowed, and the permissions add up.

The “User assignments” table with the account role and the additional roles as chips.

Track changes

Review the history

At the bottom of the tab, expand the History section using Show. It lists every change chronologically: activation, roles created and updated, permissions added or removed, and roles granted or revoked, each with a timestamp and the person who made the change.

Result: access control is active, your custom role is created and assigned to at least one person, and the history documents every one of these steps in an audit-proof form.

Frequently asked questions

What happens to the existing account roles (Owner, Admin, User)?

The account roles remain untouched. Granular access control is a purely additive layer on top. No existing access is restricted until you actively assign custom roles.

What is the “Godmode” role?

Godmode has all permissions and is assigned to every user automatically on first activation, so no one is locked out. This role cannot be modified or deleted. Once you have assigned your own roles, you can remove the Godmode assignment again.

Can a person hold several roles at once?

Yes. Multiple additional roles per user are allowed, and the permissions add up. In the “User assignments” table each role appears as its own chip.

What happens when the Pro plan ends?

The feature is then activated but no longer enforced. All restrictions are lifted until you upgrade to Pro again. Your roles and assignments are preserved in the meantime.

Where can I see who granted or revoked which role?

In the “History” section at the bottom of the tab. It lists every change to roles and assignments chronologically, with the timestamp and the person who made it.

Team, Roles & Billing

Read and filter the activity log

How to see who changed what and when across your organisation in the activity log, narrow the view with filters, and export it as a CSV file.

Team, Roles & Billing

Set classification defaults

How to set the default protection classification for record types, policies and exports under Team in Cenedril, so new objects are classified automatically.