# SOP: Creating New Roles

## Summary

This procedure should be used when a new classification of user within the SanteDB system (an access role) is desired. Access roles are used to control which system functions and data access is granted or denied to a user.

### Use Procedure When

* [ ] A new user classification is required
* [ ] An existing group does not (or can not) fulfill the same purpose
* [ ] When further, restrictive control is required for individual user accounts

## Procedure

### Before Beginning

* [ ] Approvals to create a new role gathered
* [ ] Role has been documented and initial members list established
* [ ] Familiarize yourself with the [security-architecture](https://help.santesuite.org/santedb/security-architecture "mention")
* [ ] Your user account has the **Create Roles** policy granted
* [ ] Necessary, context specific approvals and conventions
  * [ ] Include things like signatures required
  * [ ] Or whether the incident needs to be documented
  * [ ] Your IT department should have common security practices in place

### Procedures / Tasks

1. Access the SanteDB Administrative Portal by[logging-in](https://help.santesuite.org/operations/cdr-administration/santedb-administration-panel/logging-in "mention")
2. Access the [security-administration](https://help.santesuite.org/operations/cdr-administration/santedb-administration-panel/security-administration "mention") menu item
3. Access the [#group-list](https://help.santesuite.org/cdr-administration/santedb-administration-panel/security-administration/managing-groups#group-list "mention") by clicking groups clicking `Create`
4. Create the group as documented in [#creating-groups](https://help.santesuite.org/cdr-administration/santedb-administration-panel/security-administration/managing-groups#creating-groups "mention")
   1. The name of the group should comply to conventions
   2. The name should be unique within the organization/project
5. Assign the appropriate access policies to match documented group function (as documented in [#assigning-policies](https://help.santesuite.org/cdr-administration/santedb-administration-panel/security-administration/managing-groups#assigning-policies "mention"))
6. Assign the desired role membership (those for which appropriate documentation has been gathered) . (see: [#assigning-users](https://help.santesuite.org/cdr-administration/santedb-administration-panel/security-administration/managing-groups#assigning-users "mention"))

### After Completion

* [ ] Notify the requestor and group members of their access&#x20;
* [ ] Close work item in ticketing system (or related documentation for completion)

## Summary Information

**Current Status:** Sample\
**Reviewed By:** SanteSuite Team

### **Revision History**

<table><thead><tr><th width="150">Author</th><th>Date</th><th>Changes</th></tr></thead><tbody><tr><td>Justin Fyfe (SanteSuite)</td><td>2022-03-15</td><td>Initial Version</td></tr><tr><td></td><td></td><td></td></tr><tr><td></td><td></td><td></td></tr></tbody></table>

### See Also

{% content-ref url="../../cdr-administration/santedb-administration-panel/security-administration/managing-groups" %}
[managing-groups](https://help.santesuite.org/operations/cdr-administration/santedb-administration-panel/security-administration/managing-groups)
{% endcontent-ref %}

{% content-ref url="../../cdr-administration/santedb-icdr-admin-console/group-role-management" %}
[group-role-management](https://help.santesuite.org/operations/cdr-administration/santedb-icdr-admin-console/group-role-management)
{% endcontent-ref %}