# Roles & Privileges

Roles are used to assign privileges to a system management group.

## Preconfigured system roles 

The system comes with some roles already preconfigured.  The following roles are preconfigured for setting up the system. 

Note that only highly privileged individuals should use these roles for the initial setup.

<table data-header-hidden><thead><tr><th width="160">Role Name</th><th>Privileges Description</th></tr></thead><tbody><tr><td><strong>System Administrator</strong> </td><td>This role grants access to all system configuration and management functions. It's intended for initial system setup. <br><strong>Carefully consider who receives this access.</strong></td></tr><tr><td><strong>Workflow Manager</strong></td><td>The role allows for system workflow configuration and management. It's intended for people who set up the system workflows.  It allows, e.g. to manage workflow drop-down lists, Access Groups list, configure email templates, etc.  </td></tr></tbody></table>

## System administrative privileges&#x20;

Privileges are assigned to RolesThey control what users can see and what actions they can take.

Privileges are set at the product level and cannot be changed.

<table data-header-hidden><thead><tr><th width="213.233154296875">Privilege Name </th><th>Description</th></tr></thead><tbody><tr><td>ListImportItems</td><td>Imports access groups from CC as list items in AccessNow. </td></tr><tr><td>ListSyncItems</td><td>Sync access group changes from CC (add/delete access groups and update existing access groups if there are any changes)</td></tr><tr><td>ManageEmailTemplates</td><td>Email template management. Template Reference Id is used in the workflows. </td></tr><tr><td>ManageGroup</td><td><p>User groups are used in the system to enable privilege and approver management.  </p><p>There are 2 main types of Groups: Approver Groups and System Management Groups. </p></td></tr><tr><td>ManageGroupRoles </td><td>This privilege is not working. </td></tr><tr><td>ManageGroupUsers</td><td>This privilege is not working. </td></tr><tr><td>ManageList</td><td>Lists management. Lists are used to manage lists like Access areas list and to assign approver groups to an access zone.</td></tr><tr><td>ManageRole</td><td>Roles management </td></tr><tr><td>ManageSettings</td><td>Lists are used to manage Access Groups and drop-down/search lists used in workflows. This privilege is also required to assign approver groups to an Access Group.</td></tr><tr><td>ManageUser</td><td>Create and Delete Users</td></tr><tr><td>ManageWorkflow</td><td>Workflows management and editing. Grants the user access to all Workflow Management and Workflow Builder features.</td></tr><tr><td>TestWorkflow</td><td>Allows users to test all workflows in testing mode.</td></tr><tr><td>ViewRequestLogs</td><td>View the user activity, their requests, approval history and groups. </td></tr></tbody></table>

## Creating New Roles&#x20;

To **create** new roles, go to the system Roles module, and use the **+Create Role** button.

To **edit** an existing role, click on the role record.&#x20;

To **delete** it use the **Bin** button.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://help.security.gallagher.com/command-centre/accessnow-user-guide/system-administration/system-administration-groups/roles-and-privileges.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.