# SOP: Creating New Roles
## Summary
This procedure should be used when a new classification of user within the SanteDB system (an access role) is desired. Access roles are used to control which system functions and data access is granted or denied to a user.
### Use Procedure When
* [ ] A new user classification is required
* [ ] An existing group does not (or can not) fulfill the same purpose
* [ ] When further, restrictive control is required for individual user accounts
## Procedure
### Before Beginning
* [ ] Approvals to create a new role gathered
* [ ] Role has been documented and initial members list established
* [ ] Familiarize yourself with the [Security Architecture](/santedb/security-architecture.md)
* [ ] Your user account has the **Create Roles** policy granted
* [ ] Necessary, context specific approvals and conventions
* [ ] Include things like signatures required
* [ ] Or whether the incident needs to be documented
* [ ] Your IT department should have common security practices in place
### Procedures / Tasks
1. Access the SanteDB Administrative Portal by[Logging In](/operations/cdr-administration/santedb-administration-panel/logging-in.md)
2. Access the [Security Administration](/operations/cdr-administration/santedb-administration-panel/security-administration.md) menu item
3. Access the [Managing Groups](/operations/cdr-administration/santedb-administration-panel/security-administration/managing-groups.md#group-list) by clicking groups clicking `Create`
4. Create the group as documented in [Managing Groups](/operations/cdr-administration/santedb-administration-panel/security-administration/managing-groups.md#creating-groups)
1. The name of the group should comply to conventions
2. The name should be unique within the organization/project
5. Assign the appropriate access policies to match documented group function (as documented in [Managing Groups](/operations/cdr-administration/santedb-administration-panel/security-administration/managing-groups.md#assigning-policies))
6. Assign the desired role membership (those for which appropriate documentation has been gathered) . (see: [Managing Groups](/operations/cdr-administration/santedb-administration-panel/security-administration/managing-groups.md#assigning-users))
### After Completion
* [ ] Notify the requestor and group members of their access
* [ ] Close work item in ticketing system (or related documentation for completion)
## Summary Information
**Current Status:** Sample\
**Reviewed By:** SanteSuite Team
### **Revision History**
| Author | Date | Changes |
|---|
| Justin Fyfe (SanteSuite) | 2022-03-15 | Initial Version |
| | |
| | |
### See Also
{% content-ref url="/spaces/-LZ0\_pjgTp\_kx4hqTZ3a/pages/fYV7V8FXz7ky9h03OZbj" %}
[Managing Groups](/operations/cdr-administration/santedb-administration-panel/security-administration/managing-groups.md)
{% endcontent-ref %}
{% content-ref url="/spaces/-LZ0\_pjgTp\_kx4hqTZ3a/pages/-MdS5wQo5l4um5Ia2v7s" %}
[Group / Role Administration](/operations/cdr-administration/santedb-icdr-admin-console/group-role-management.md)
{% endcontent-ref %}
---
# Agent Instructions: Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://help.santesuite.org/operations/standard-operating-procedures/role-management-sops/creating-new-roles.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.