# Managing Roles & Security in Safety Learn about managing application roles, atomic security, and Case Access Group Security. ## Manage Application Roles Safety controls user access to information and records at the organization level. Each time you add new user or organization to Safety, you must assign application roles by creating _User Role Setup_ records. Users must be assigned an application role in their organization to see _Case_-related data and participate in _Case_ processing workflows. A single user can have a different role in each organization they have access to. You can assign users to multiple organizations and multiple roles per organization. See Managing Permissions with User Roles for more information. ## Atomic Security You can optionally configure granular permissions at the field level using atomic security. See Configuring Atomic Security for Objects for more information. If you configure atomic (field-level) security, Vault adheres to those settings configured at the field level. _Edit_, _Read_, or _Hide_ permissions can be configured within each state for a field.

Note: Atomic security is not supported for Inbox Item child section fields (Products, Patient, Contacts, and Events).

There are two methods to view the _Inbox Item_ fields that are supported by atomic security in the **Admin** area: * In **Users & Groups > Permission Sets > Case Intake Actions**, select the **Object** tab and then select **Inbox Item**. * In **Configuration > Objects > Inbox Item**, navigate to the **Fields** tab. ## Case Access Group Security If your organization uses Case Access Group Security, which is an alternative to Dynamic Access Control (DAC) on _Inbox Items_ and _Cases_, see Case Access Group Security for details on adding users to _Case Access Groups_.