# Roles

A Spikemark role is a grouping of permissions that can be assigned to users in the system. Below are the key parts of a role:

![Screenshot of the roles dialog box in Spikemark](https://3040525219-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MhFI6SSKpm8M7EkrYqp%2Fuploads%2Fgit-blob-78bba3f9dd7101734cd9c31c6f96a4a9f29f7127%2FRoleManagmentSelectedRole.png?alt=media)

1. `Role Name` - the non-editable identifier for this role. This is set once on creation of the role, and cannot be changed after.
2. `Admin Role` - the non-editable field that indicates if this is an **Admin** role, which means it has universal permissions and access to user and role management. There can only be one admin role in the system — the default Admin role that comes with Spikemark
3. `Users in the Role` - the list of [users](https://docs.creativeconners.com/docs/spikemark-6/auth/auth-users) that have this role assigned to them. To remove users from this role, edit the users through the [User Management](https://docs.creativeconners.com/docs/spikemark-6/auth-users#user-management-admin-only) window.
4. `Permissions` - the list of individual permissions this role does or doesn’t have. Some permissions control a single field or action and are named after the field or button they control, like `Max Jogging Speed`. Other permissions are more widely encompassing, like `Goable Editor` or `Axis Editor`.

{% hint style="info" %}
**Permissions are applicable for&#x20;*****all*****&#x20;axes, cues, connections, etc. to which they refer.**

For example, it is not possible to give a user permission to edit the maximum jogging speed of **Motor** A but not that of **Motor B**. Similarly, it’s not possible to allow a user to only run certain playbacks or cues - a user can either have the permission to run **all** cues or have the permission to run cues entirely withheld.
{% endhint %}

See [Permissions](https://docs.creativeconners.com/docs/spikemark-6/auth/auth-permissions) for details of the capability granted by each permission.

## Default Roles

Spikemark’s authorization system is quite flexible, and allows for the creation of custom roles. However, there are 5 default roles that come with Spikemark to cover most needs.

1. **Admin** - Admin users have universal permissions for Spikemark, and also have the ability to manage users and roles. Use this role sparingly! This role cannot be deleted.
2. **Commissioner** - Commissioners are similar to Admins in that they have permissions for everything in Spikemark; however, they don’t have the ability to manage users and roles.
3. **Programmer** - Programmer users have the permissions for everything required to build and program a show. They can edit and run cues and movements, edit a few key properties for motors like jogging speeds and load cell configurations, and save, open, and create new show files.
4. **Operator** - Operator users have the permissions for everything required to run through a show file. They can edit a few key properties for motors like jogging speeds and load cell configuration, open show files, and run cues. However, they aren’t able to edit cues or movements, nor can they save or create new shows.
5. **Guest** - The lowest level of access for Spikemark. Guest users are ‘read-only’ users - they aren’t able to edit or run anything in a Spikemark Show. By default, they can’t even exit the Spikemark application. This role cannot be deleted.

These default roles can be edited with different permissions to suit your needs, or you can create your own custom roles. See [Editing a Role](#editing-a-role) and [Creating a Custom Role](#creating-a-custom-role) for further instructions.

### Admin User

{% hint style="warning" %}
Spikemark has a special ‘Admin’ role built-in. **The Admin role grants universal access to everything in Spikemark. Use the Admin role sparingly.**
{% endhint %}

Users with the Admin role are also able to manage all the roles and users on the Spikemark computer. This includes adding, deleting, and editing roles and users.

By default, the first account created in Spikemark will be an admin. After that, more admins can be added by creating a new user account and simply assigning them the admin role.

## Editing a Role

To edit the [permissions](https://docs.creativeconners.com/docs/spikemark-6/auth/auth-permissions) for a role, select `Administration → Role Management` from the menu. Select a role from the roles list to display in the role editor pane.

{% hint style="warning" %}
To edit roles, you must be logged into Spikemark as an Admin.
{% endhint %}

![Screenshot of the roles dialog box in Spikemark](https://3040525219-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MhFI6SSKpm8M7EkrYqp%2Fuploads%2Fgit-blob-78bba3f9dd7101734cd9c31c6f96a4a9f29f7127%2FRoleManagmentSelectedRole.png?alt=media)

Check or uncheck permissions from the scrollable permissions list to add or remove the permission from the role. You can edit the permissions list of both built-in roles and new roles you create.

{% hint style="warning" %}
The permissions assigned to the built-in **Admin** role are not editable.
{% endhint %}

If you have unsaved changes, you’ll see an `Unsaved changes` message on the bottom of the role editor pane.

## Deleting a Role

To delete a role, select it from the roles list and click `Delete` on the role editor pane. The role will be permanently deleted, and no additional saving is necessary.

{% hint style="warning" %}
To delete roles, you must be logged into Spikemark as an Admin.
{% endhint %}

{% hint style="info" %}
If the `Delete` button is grayed out, here's why:

* The built-in Admin role is not deletable.
* The built-in Guest Role is not deletable.
* The role has users assigned to it. In order to delete the role, go to the [User Management](https://docs.creativeconners.com/docs/spikemark-6/auth-users#user-management-admin-only) window and select a different role for all the users currently assigned to the role.
  {% endhint %}

{% hint style="warning" %}
Roles with users assigned to them can't be deleted. First, assign users to a different role, then delete the role.
{% endhint %}

{% hint style="success" %}
You can open the Role Management and User Management windows at the same time to cross-check the `Users in Role` list as you reassign users to roles.
{% endhint %}

## Creating a Custom Role

![Screenshot of the Role Management dialog in Spikemark](https://3040525219-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MhFI6SSKpm8M7EkrYqp%2Fuploads%2Fgit-blob-22e2851e75bc14b42ecdc8f2061bccb32ab037bd%2FRoleManagement.png?alt=media)

To create a new role, select `Administration → Role Management` from the menu. On the bottom of the role editor pane, select the `Create Role` button at the bottom of the dialog.

{% hint style="warning" %}
Only admins are able to add new roles to the Spikemark system.
{% endhint %}

![Screenshot of the Create Role dialog in Spikemark](https://3040525219-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MhFI6SSKpm8M7EkrYqp%2Fuploads%2Fgit-blob-9fedad1046e893e971c8adaa00b1e1c7fd2f637f%2FCreateRoleNotFilledIn.png?alt=media)

In the `Create New Role` dialog box, fill in the details of the new role. The only required fields are the `Role Name` and the `Permissions` list.

### Role Name

`Role Name` is the unique identifier for this role. This cannot be empty and cannot be the same as an existing role. The name cannot be changed after the role is created.

### Role Description (Optional)

`Role Description` is, shockingly, a short description for the role.

### Base role off existing role (Optional)

Use the `Base role off existing role` to copy permissions from an existing role to a new role. This is a quick way to derive a new role that is similar to an existing role, but needs a few permission tweaks.

The permissions are copied when the new role is created, but the two roles are not linked. You can edit the original role that was used as a template without impacting the new role.

In the example below, the **almost\_commissioner** role is derived from the **Commissioner** role. If you then remove the `RunCue` permission from the **Commissioner** role, **almost\_commissioner** is unchanged. The **almost\_commissioner** role will keep the `RunCue` permission.

![Screenshot of a new role being derived from an existing role](https://3040525219-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MhFI6SSKpm8M7EkrYqp%2Fuploads%2Fgit-blob-a0a8ebcfb69bb920c749098243a31a3ff3188f6e%2FCreateRoleFilledIn.png?alt=media)

### Permissions

[Permissions](https://docs.creativeconners.com/docs/spikemark-6/auth/auth-permissions) are the bread and butter of roles. This section contains the list of all permissions available to add to a role. Permissions that are checked off will be granted to the role and users in it, while unchecked permissions will not be included in the role. Which permissions are checked or unchecked can be edited at any time through the Role Management window ( `Administration → Role Management` )

![Screenshot of a new role being derived from an existing role](https://3040525219-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MhFI6SSKpm8M7EkrYqp%2Fuploads%2Fgit-blob-09a4871e4498360634d200ffe7b8519c77adae0a%2FRoleManagementWithNewRole.png?alt=media)

{% hint style="danger" %}
Permissions are applied to roles when Spikemark launches. If you add or remove permissions to a role, restart Spikemark for the changes to take affect. Changes made during a Spikemark session will not be registered until you relaunch Spikemark.
{% endhint %}

### Saving the role

Once you’ve filled out the role details, just click `Save` - you’ve created your own custom role! The role will immediately show in the Role Management window, as displayed above. You can now edit and assign users to the role.