Skip to main content
  1. CloudM
  2. CloudM Automate
  3. CloudM Installation & Setup
  4. Settings
  5. Roles

Manage Custom Roles

Updated

In CloudM Automate, you can set up and configure your own roles and permissions using the Roles section in Settings.

There are two default roles — Normal User and Administrator. These are assigned automatically based on whether the user has admin rights in Google Workspace. Existing Google Workspace admins are automatically given the Administrator role in CloudM Automate. Neither role can be deleted, but you can edit their permissions.

Default role scope

When editing the two default roles, anything assigned to a Normal User has the scope of Own Profile — editing rights only apply to their own profile. An Administrator has Global scope and can perform actions across the entire domain.

Delegated support

Consider delegating access to common tasks to first line support or business contacts using Role Assignments and Role Configuration.

Create a new role

  1. Navigate to Settings > Roles.
  2. Select Create new Role.
  3. Enter a Name for the new role. Make the name meaningful so it is easy to identify — for example, "Email Sig Manager" is clearer than "ES Role".
  4. Set the Scope of the new role (see scope definitions below).
  5. (Optional) To use a predefined configuration, enable Create from template and select a template from the dropdown. You can add or remove permissions from the template after applying it. Refer to Role Templates for a full list.
  6. (Optional) Add a Description to help clarify what the role is intended for.
  7. Select Create New Role to save.
Screenshot 2026-04-21 152758.png

Role scope options

Scope Description
Global Applies to the whole organisation.
Specific OU When assigned, actions can only be performed against the selected OU.
OU & Child OUs When assigned, actions can be performed against the selected OU and any child OUs beneath it.
Parent OU When assigned, actions can be performed against the parent OU of the person to whom the role is assigned.
Own Profile Actions can only be applied to the logged-in user's own profile.

Assign and edit permissions

Screenshot 2026-04-21 153723.png

 

Select the role you want to edit from the Roles list, then navigate to the Permissions tab.

Permissions are grouped into sections based on their function. Select the dropdown arrow on each section to expand it, then use the checkboxes to add or remove individual permissions. You can also use the Select all button to add all permissions within a section at once.

Global-scope permissions

Permissions with a Globe icon can only be assigned to a role if it is set to Global scope. They will be unavailable if the role is set to any other scope. For a full list of permissions and their functions, refer to Complete list of permissions and their function in CloudM Automate.

Save your changes

Always select Save after making changes to ensure they are committed.

Group sync

Changes to permissions for groups will need to synchronise before taking effect. Permission and assignment changes propagate instantly unless a group needs to sync its user list first.

Assign the role to users or groups

Once the role is created and permissions are set, navigate to the Assigned Users tab to assign it.

  1. Select Add new assignment.
  2. Choose the type of holder you are assigning the role to — Org Unit, User Profile, Group, Service Account, External Profile, or External Group.
  3. Select the Name of the specific holder.
  4. Set Org Unit to the top-level OU or domain (unless assigning to an external profile or group).
  5. Select Add Assignment.

The assigned holder will appear in the table on the Assigned Users tab.

Applying new permissions

For new permissions to take effect, the assigned user must either refresh their current CloudM browser session or log out and back in.

Search for assigned roles

To find out what roles a particular holder has assigned, navigate to the informational panel for the holder and select Actions > Automate Roles. This is displayed in the Role Assignments list.

Remove an assignment

To remove a role from a specific holder, select Remove next to the holder on the Assigned Users tab. You will be prompted to confirm the removal.

Export data

You can export the entire list or current search results to a CSV file or Google Sheet by selecting Export.

Need help? Contact CloudM Support

Was this article helpful?
0 out of 0 found this helpful