Roles control the data a user can create, edit, delete, view, or manage on object types and are added to object types as components. Read more here: Add Roles to an Object Type.
Adding a role with explicit permissions to a standard form allows you to grant a user within that role permission to view specific objects, along with any other objects authorized through inferred permissions. Object type access is granted by adding the individual users, user groups, or specific user group members, to the role field on the form. Only users or user groups who have been added to the role may be selected in this field.
Users in the role can’t see the object until they’ve been specifically selected in the role’s field on the form, nor can they access the object until it’s in a state they’re authorized to view. What the user can do with the object, including any objects accessed through inferred permissions, is controlled by the object type’s workflow permissions for the selected role.
|As users with global permissions can automatically view all the objects that belong to the object type(s) added to their role (subject to any workflow permissions), you can only add roles with explicit permissions to an object type.|
|Recently, an incident occurred on-site that involved violence between two employees. The Incident object, SB/Violence 2016/11/23 was created by another employee, then submitted to Kevin Darden, who is in the Incident Reviewer role with global permissions on the Incident object type. Upon reviewing the object, Kevin decides that it needs to be escalated to the Director of Human Resources, Kathleen Leighton, who will decide if an investigation is required. Because Kathleen only needs to see incidents that have been escalated, her role, HR Director, has explicit permissions to view Incident objects. Therefore, to grant Kathleen access to see this object, Kevin adds her to the HR Director role on SB/Violence 2016/11/23, so she can see and edit the object and decide if the incident requires an investigation.|