When you create a new object lifecycle, you can add custom application roles to an object lifecycle as well as edit role permissions. Vault automatically associates the standard Editor, Consumer, and Owner roles with the object lifecycle. You don’t have to associate an object with a lifecycle to view or add roles.
You can view and manage roles for an object lifecycle from the Admin > Configuration > Object Lifecycles > [Lifecycle] > Roles. From this area, you can add, delete, or deactivate custom roles and edit permissions for roles or specific lifecycle states. You can also navigate to an object lifecycle by clicking on the lifecycle link from the associated object’s detail page.
How to Add Roles
To add a role:
- Click the Add button to open the Search: Application Role window.
- Click the plus (+) icon next to the role(s) you wish to add. You can select from existing application role records that have not already been added to the object lifecycle.
- Click OK.
How to Remove Roles
Removing roles only detaches them from the object lifecycle. There are no changes to the Application Role record.
To remove a role:
- In the Roles section, hover over the role you wish to remove.
- Click the X (remove) icon.
- Click Continue in the confirmation window to confirm the action.
How to Edit Role Permissions
When you initially add a role, Vault automatically assigns the Read permission to it. By default, the Owner role has the View, Edit, and Delete permissions.
To edit permissions:
- Navigate to Admin > Configuration > Object Lifecycles > [Lifecycle] > Roles.
- Click Edit.
- Use the checkboxes to assign or remove permissions for each role.
- Click Save. Permission changes take effect immediately.
How to Edit Role Permissions on Lifecycle States
When editing permissions on a custom role, you can also grant or remove the Read, Edit, Delete permissions for a specific lifecycle state. Updating a permission on a role applies the permission to every lifecycle state. For example, if you grant the Edit permission on a custom role, Vault applies that permission on all lifecycle states.
To edit permissions on lifecycle states:
- Navigate to Admin > Configuration > Object Lifecycles > [Lifecycle] > Roles.
- Click Edit.
- Click the arrow (expand) icon next to a role to reveal the lifecycle states.
- Use the checkboxes to assign or remove permissions for each state. The Edit permission also grants the Read permission while granting Delete also grants the Edit and Read permissions.
- Click Save. Permission changes take effect immediately.
Application Roles
When using Dynamic Access Control for documents, application roles (records in the Application Role object) map to document lifecycle roles. In DAC for objects, you can use application roles directly on the object. The role on the object will have the same label as the Application Role record.
You can create or edit application roles from Admin > Users & Groups > Application Roles.
System-Managed Objects
Vault does not allow you to assign lifecycles on system-managed objects (Performance Statistics, etc.). These objects cannot support custom roles and cannot use Matching Sharing Rules.
If an object is system-managed, its Details tab shows System-managed: Records managed by the System.