Who is this article for?

Administrators and Module Developers who are tasked with overseeing and managing various components.

Defined responsibilities and elevated access required.

Module Roles and Properties can be configured for each Subscriber Role, granting unique permissions from this list on a per module basis. As an example, you could configure one subscriber role to be able to delete records (a powerful permission) in one module, while not allowing that same role to be able to search for records of a different module, all within the same area.

General Editing & Workflow

• Create new items from the dashboard: Allows creation of new objects for this module, from the Create New menu in Miramar or the New button in the Classic UI.
• Create new items from another item's reference field: Allows creation of an object for this module from another module's reference field.
• Create and manage model (i.e. template) objects: Allows users to create model objects, which in turn are used to create template objects. Template objects have some of their data prepopulated. Template objects can be a convenient way to organize the create new menu for quickly creating certain classes of common objects. 
• Edit any item, including those assigned to others: Allows non-workflow to make changes to fields unless rules explicitly state the [Save] button is not visible and fields modifiable. For workflow-enabled modules, this just means the [Save] button is visible and fields modifiable (i.e. by clicking [Submit]/[Complete]). Users first must click [Act as assignee].
• Close and reopen tasks and review closed items: Allows users with this role to close and reopen tasks and reopen closed items. This is often accompanied with the "Edit any item" role property.
• Delete items: Lets users delete objects. This is not a role we recommend you give out lightly. Objects that are deleted will appear in the DeletedObjects system query in Query Builder.

Access

• Show this module in the list of searchable modules: Checked by default, unchecking this attribute hides this module from the list of modules that users see in the upper left corner of the Dashboard. Additionally, the attribute controls the list of modules shown for Search Multiplier. Note: This is not a security feature. It does not prevent users from finding data within this module through other means such as reference field searches, REST, queries, or All module searches.
• Allow sharing objects: Unchecked by default. When checked, this will allow users with this role to share anonymous objects with people outside your organization or without logins. Since those anonymous users may also be granted editing rights to the object and since any data is required to access the object once sharing has been granted on it, we do not recommend you enable this role property for sensitive data.
• Show this Role on the Users screen: Checked by default, whether this role appears in the list of roles that administrators are allowed to give to users.
• Allow User Administrators to set this role: Check this box to allow those with the User Administrator role to grant this role, for all objects. See Subscriber roles for more information. 

Security

• Access all objects: Checked by default, uncheck this attribute if you only want users to find objects that they are explicitly granted access to using the Security Module behavior. By default, this will mean they can access objects that they initiated or were granted access to. By default, the Security module behavior can be used to make a more restrictive whitelist. This enables record access control features. 

  Unchecking this attribute will also prevent users from opening items by other means (like REST/Connect or the Recent Items list) unless they are granted access.

• Allow alternates to access objects: Unchecked by default, check this box if you want a User's Alternates to have access to all the objects that the user can see.
• Ignore search filter controls: Unchecked by default, used in conjunction with the Search Filter Controls property for reference fields. This property lists the data for a field that is not displayed in search results unless the user has provided a value to query by. It also overrides field-level properties so that administrators may continue to view the data even if they did not provide specific criteria.
• View hidden data (REST/Connect): Unchecked by default, used in conjunction with the Hidden Data [REST/Connect] field property. Hidden Data will not be returned by default in REST/Connect, but a user with a role that has this attribute checked will be able to see the data.

Display

• Hide dependent items list: Checked by default, hides the dependent items list. This can have positive performance implications for objects that are referenced by many thousands of other objects, e.g., for public data modules. 
• Hide history button: Unchecked by default, hides the history button and screen. This is useful when your history tracks sensitive data that would otherwise be invisible to users.
• Hide tasks region: Checked by default, hides the task grid in workflow-enabled modules for this role. Applies to the Classic layout only. 
• Hide workflow region: Hides the workflow display in workflow-enabled modules.