Creating a Custom Permission Group

Define a new permission group that inherits a base and safely grants only the additional access your role requires.

Gravatar
Juliana Menendez
  • 6 days ago
  • Published

Goal

Create a custom permission group and correctly scope cross-office and feature access so agents inherit the right capabilities without overexposure.

When You Need a Custom Group

  • A role sits between standard Agents and full Administrators.
  • You are delegating operational oversight (reports or select modules) without granting security configuration rights.
  • You want a staging group to pilot new feature permissions safely.

Pre‑Requisites

  • Clarity on which modules the group must access (list them beforehand).
  • Decision on whether the group requires cross‑office visibility (see Office Isolation article).
  • At least one test user you can assign to validate behavior.
Tip: If your goal is to remove peer record visibility from the default AGENTS role, start by cloning it as the base group and then set Agency: Access to data related to any agent to No. Combine with cross‑office restriction if you also need office isolation.

Steps to Create the Group

  1. Navigate to Administration > Security > Permission Groups.
  2. Click New Group and provide a clear name (e.g. Senior CSR).
  3. Select a Base Group if you want to inherit an existing baseline (e.g. Agents). This pre‑loads default rights.
    Dropdown showing selection of a base permission group named Agents
    Selecting a base group accelerates setup; you can still override individual rights below.
  4. Use the permissions search to filter and adjust only what differs from the base.
  5. If the group must remain isolated to an agent's own office, ensure the cross‑office access right stays No. Otherwise set it to Yes.
    Access right row controlling cross-office data visibility set to No
    Leave this right at No unless the role legitimately needs to see all offices.
  6. Review higher‑risk rights (security admin, bulk operations, destructive actions) and confirm they’re intentionally granted.
  7. Save the group.
  8. Assign the test user to the new group and log in (or impersonate) to validate expected access.

Validation Checklist

  • Correct modules visible; unneeded modules hidden.
  • Office scoping behaves as intended (try searching for another office’s customer).
  • Reports tab: only expected reports accessible.
  • No unintended security configuration rights exposed.

Best Practices

  • Name groups by function + level (e.g. Accounting Read, Sales Lead Full).
  • Document rationale for any elevated permission in an internal changelog.
  • Review custom groups quarterly for drift (permissions accretion).

Rollback / Removal

  1. Reassign users back to their prior group (e.g. Agents).
  2. Archive or delete the custom group after confirming no active members.
Was this article helpful?

0 out of 0 found this helpful

Related articles

Connect with Our Team

Our team is ready to assist with any agency-related questions. Reach out for help with setup, compliance, or optimizing workflows.

In-Platform Support

Access help directly through Taino Solutions in the «Help» section. Get quick support for policy management, billing, and more.

Email Us

Need custom support? Email us at [email protected]. We're here to help you.