Use custom admin roles

An admin role assignment consists of the following components:

  • Admin: The user or the user group that you need to grant admin permissions to.

  • Role: A set of permissions that you constrain an admin to. There are two types of roles, standard and custom. You can create a maximum of 100 roles for an org. Currently, permissions are limited to managing user, group, and app activity, as well as running profile source imports.

  • Resource set: A collection of resources. You can create a maximum of 10,000 resource sets and assign a maximum of 1,000 resources for each resource set.

  • Resource sets are only available for custom admin roles.

  • You can only have 1,000 admins who have the same role and resource set combination constrained to them.

You can create a custom admin role assignment by beginning with any of these components:

While creating a custom admin role assignment, you can also:

  • Create an admin, role, and/or resource set.
  • Edit an existing assignment.
  • Delete an existing assignment.

Related topics

Best practices for creating a custom role assignment

Role permissions