Roles and permissions in eCourtDate let you control what each staff member can access and do within your agency, ensuring security and aligning platform access with job responsibilities.

### Overview

- **What it is:** A role-based access control system that determines which features and actions are available to each user in your agency
- **Why it matters:** Proper role configuration protects sensitive data, prevents accidental changes, and ensures staff only see the tools they need
- **Who uses it:** Agency administrators and Super Admin users who manage staff access
- **Expected outcomes:** Each user has clearly defined permissions that match their duties, with the ability to simulate and verify role configurations before assigning them

### Prerequisites

- You must have the **Super Admin** role or a role with permissions to manage roles
- Access to the eCourtDate platform at your agency
- A clear understanding of which staff members need access to which features

### How-To Steps

#### Step 1: Navigate to Roles

1. Go to **Admin** > **Settings**
2. Click the **Roles** tab, or navigate directly to [https://app.ecourtdate.com/roles](https://app.ecourtdate.com/roles)
3. Review the list of existing roles in your agency

#### Step 2: Create or Edit a Role

1. Click an existing role to edit it, or fill in the **Create Role** form to create a new one
2. Enter a **Name** for the role (for example, "Officer" or "Clerk")
3. Select the desired permissions for each permission category (see tables below)
4. Click **Save** to apply your changes

#### Step 3: Assign a Role to a User

1. Go to **Admin** > **Users**
2. Click the user you want to update
3. Select the appropriate role(s) from the **Roles** section
4. Click **Save** to apply the role assignment

#### Step 4: Configure Hidden Navigations (Optional)

1. While editing a role, scroll to the **Hidden Navigations** section
2. Select the navigation links you want to hide from users with this role
3. Click **Save** to apply

This feature hides in-app links to restricted features. For example, Officer users who do not need to change Flows may have the **Flows** link hidden.

![hidden navigations](https://s3.amazonaws.com/ecdassets/images/articles/hidden-navigations.png)

#### Step 5: Simulate Permissions

1. While editing a role, click the **Simulate Permissions** button
2. Navigate the app to verify the role has the correct access
3. An alert will appear in the footer showing the simulated permissions
4. Click **Exit Simulate Mode** to return to your original permissions

![simulate permissions](https://s3.amazonaws.com/ecdassets/images/articles/simulate-permissions.png)

![exit simulate mode](https://s3.amazonaws.com/ecdassets/images/articles/exit-simulate-mode.png)

### Built-in Roles

#### Super Admin

**Super Admin** is a built-in user role. Any user with Super Admin has all permissions regardless of any additional assigned roles. Only IT, help desk, and admin-level staff should be assigned Super Admin.

![super admin](https://s3.amazonaws.com/ecdassets/images/articles/super-admin-user.png)

#### Console Admin

**Console Admin** is a built-in user role similar to Super Admin but only for the Console Application. This role is ideal for IT staff who are only responsible for automation and need minimal access to each sub-agency. Console Admin is only available for users with their own identity provider such as Azure Active Directory.

### Permission Types

| Permission | Description |
|------------|-------------|
| **Create** | Create new records |
| **View** | View existing records |
| **Update** | Update existing records |
| **Trash** | Trash existing records |
| **Restore** | Restore an archived or trashed record |
| **Archive** | Archive an existing record |

### Permission Categories

| Category | Description |
|----------|-------------|
| **Clients** | Message recipients such as defendants, probationers, jurors, and witnesses |
| **Events** | In-person or virtual events such as court dates or office appointments |
| **Contacts** | Phone numbers and email addresses that belong to clients. Each client may have unlimited contacts |
| **Cases** | Court cases that belong to clients, based on a unique case number with links to charges and other details |
| **Payments** | Payment obligations owed by clients. Payments can be one-off, recurring, or based on a payment plan |
| **Messages** | Single outbound or inbound messages to or from a contact, via email, text, or phone |
| **Locations** | Physical sites such as courthouses or probation offices. Each event may be linked to a single location |
| **Flows** | Configuration settings that determine the message templates and schedules used for a given event or payment |
| **Auto Messages** | Configuration settings that trigger a single message based on a given client, contact, case, event, or payment |
| **General Settings** | Agency-level settings such as Agency Name and Send Mode |
| **Bulk Actions** | Mass one-off messages and other actions such as reassigning clients to a different user |
| **Attorneys** | Individual attorneys or firms assigned to a case. Attorneys may receive notifications and can use an Attorneys Portal |
| **Uploads** | Data files from your Case Management System. Uploads can be manual or automated |
| **Reports** | Automated datasets and data points of messages with filters and date ranges |

#### Step 6: Configure Identity Provider Group Matching

If your agency uses a custom Identity Provider (IDP) such as Azure Active Directory, you can automatically assign roles based on IDP group membership.

1. Go to **Admin** > **Settings** and locate the **Identity Provider** configuration.
2. Map each IDP group to an eCourtDate role. For example, map the "Court Clerks" AD group to your "Clerk" role.
3. Click **Save** to apply the group mappings.

When a user signs in through your IDP, the system checks their group membership and automatically assigns the corresponding eCourtDate roles. If the user's group membership changes in the IDP, their eCourtDate roles update on the next sign-in.

This feature eliminates manual role assignment for agencies that manage staff access through a centralized identity provider.

### What to Expect

After configuring roles and assigning them to users, those users will only see and interact with the features their permissions allow. Changes take effect the next time the user loads a page. Use the **Simulate Permissions** feature to verify a role behaves as intended before assigning it to staff.

### Best Practices

- Assign **Super Admin** only to IT, help desk, and admin-level staff who need full access
- Create specific roles for distinct job functions (for example, "Officer," "Clerk," "Supervisor") rather than sharing a single generic role
- Use **Hidden Navigations** to simplify the interface for staff who do not need certain features
- Review role assignments regularly, especially when staff responsibilities change
- Always use **Simulate Permissions** to test a new or modified role before rolling it out

### Frequently Asked Questions

**Q: Can a user have multiple roles?**
A: Yes. A user can be assigned multiple roles, and their effective permissions are the combination of all assigned roles. If any role grants a permission, the user has that permission.

**Q: Are roles shared across agencies?**
A: No. Each user's roles and permissions may be distinct per agency. If a user belongs to multiple agencies, their role in each agency is configured independently.

**Q: What happens if I remove all roles from a user?**
A: The user will have no permissions and will not be able to view or interact with any features in the agency. Assign at least one role to ensure the user can access the platform.

**Q: Can I edit the built-in Super Admin or Console Admin roles?**
A: No. Super Admin and Console Admin are built-in roles with fixed permissions. You can create custom roles to define specific permission sets for your agency.

**Q: How do Hidden Navigations differ from permissions?**
A: Permissions control whether a user can perform an action (create, view, update, trash). Hidden Navigations only hide the menu link in the interface. A user without the permission cannot perform the action even if the link is visible.

### Troubleshooting

**Issue:** A user cannot access a feature they should have permission for
**Symptoms:** The user sees an "Access Denied" or "Unauthorized" message, or the feature does not appear in their navigation.
**Solution:**

1. Go to **Admin** > **Users** and click the user's profile
2. Verify the correct role(s) are assigned
3. Edit the role and confirm the required permission category and type are enabled
4. Check **Hidden Navigations** to ensure the feature link is not hidden
5. Ask the user to refresh their browser or log out and log back in

**Issue:** Simulate Permissions does not reflect expected behavior
**Symptoms:** The simulated view shows more or fewer permissions than expected.
**Solution:**

1. Verify you are simulating the correct role
2. Check that all permission types (Create, View, Update, Trash, Restore, Archive) are set correctly for each category
3. If the issue persists, contact support by clicking the ticket button in the bottom right corner of the screen

### Related Articles

- [How to Manage Users](/how-to-manage-users)
- [How to Manage Roles Assigned to a User](/how-to-manage-roles-assigned-to-a-user)
- [How to Switch Agencies](/how-to-switch-agencies)
- [How to Edit Your User Profile](/how-to-edit-your-user-profile)
- [How to Set Up a New Agency](/how-to-set-up-a-new-agency)