Overview
Portal roles define the level of access and permissions for administrators in the Sanas Portal. Each role determines which sections are accessible, what actions the administrator can perform, and what scope they operate within.
Sanas provides two default roles for common use cases, plus the ability to create custom roles tailored to your organization's needs.
Default portal roles
Default portal roles are system-generated and come with every Sanas account. They cannot be modified or deleted.
Role | Access |
Account Admin | Full access to all Portal features and settings |
Group Admin | Full access except Account Settings |
Note: The first admin joining the Portal is automatically assigned the Account Admin role. This assignment cannot be changed to ensure every account always has at least one Account Admin.
Custom roles
Custom roles let you define specific permissions that fit your organization's needs. Unlike default roles, custom roles can be updated or deleted at any time.
There's no limit on custom roles, though we recommend avoiding duplicates with similar permission sets.
Available permissions
Set each permission to Full Access (read/write), View Only (read), or None while creating/updating custom roles:
Permission | Controls |
Application Users | Add, deactivate, reactivate, and move app users between groups |
Portal Users and Access | Invite Portal users and manage their roles |
Groups | Create and update groups |
Group Settings | Configure AI model access, feature preferences, and app experience at the group level |
Account Settings | Manage account details, subscriptions, Portal roles, and Portal users |
Scope
Permissions define what an admin can do. Scope defines at which group hierarchy they can perform:
Account-level assignment: Admin can access all groups and account-wide settings.
Group-level assignment: Admin can only access the assigned group and its subgroups.
Important: An admin with Account Settings permission can only use it if assigned at the Account level. If assigned to a group, they cannot access account setting, even though their role includes that permission.
Managing custom roles
Requirement: To create, update, or delete custom roles, you need Account Settings (Full Access) and must be assigned at the Account level.
Select your account in the group tree.
Navigate to Groups & Users > Role Management.
To create a new custom role:
Click Create New Role.
.png?sv=2022-11-02&spr=https&st=2026-05-06T16%3A53%3A57Z&se=2026-05-06T17%3A05%3A57Z&sr=c&sp=r&sig=%2FwvHTHknSVyKVZM4okY7YUl05hYKwqD4yFkMVTyMY%2BE%3D)
Enter a descriptive name and select desired permissions for the role.
Click Create.
To modify an existing custom role:
Click Manage Roles.
.png?sv=2022-11-02&spr=https&st=2026-05-06T16%3A53%3A57Z&se=2026-05-06T17%3A05%3A57Z&sr=c&sp=r&sig=%2FwvHTHknSVyKVZM4okY7YUl05hYKwqD4yFkMVTyMY%2BE%3D)
Select a role you want to modify under the Custom Roles category.
Modify the permissions as required, then click Update.
Note: A custom role cannot be deleted until all assigned administrators are reassigned to another role.
FAQ
Can I edit or delete default roles?
No. Default roles are system-generated and cannot be modified. Create a custom role if you need different permissions.
What happens if I delete a custom role?
The system prevents deleting the current assigned roles. You must first reassign all administrators on that role to another role. Once reassigned, you can delete it.
How many custom roles can I create?
There is no limit to the number of custom roles you can create. However, we recommend avoiding duplicate roles with similar permission sets.
Support
Need help? Get in touch with our Support Team for assistance.