Skip to content
Sign in
  • There are no suggestions because the search field is empty.

Role: Best Practices, Usage Tips, and Other Limitations

Limitations 

This section outlines the current limitations of the platform. 

Audit Log Export 

Audit logs cannot be exported directly from the user interface. A copy must be requested from Sprout via a Change Request Form (CRF)

Role Deletion 

This capability is a current limitation and any clean up of the roles must be requested to our Support team. This capability is being explored as a later enhancement for Role Center. 

Incomplete Assignment of Users: 

For user assignments of more than 50 users, there may be cases some are left unassigned. This is a known limitation and will be addressed in later versions of Role Center. For now, you may reselect the same users that were left unassigned and assign them again. 

“User” role assigned to guests retain permissions commonly reserved for employees 

Guest users will still only have the same limited experience as what they are currently allowed. 

The permissions checked but not editable in the details page of the User role is a known limitation in the initial version to ensure no disruption in experience is felt by users assigned with that role. This will be enhanced in later versions of Role Center after a key module has incorporated granular permission checks. 

Hybrid Permission Model 

The new Role-Based Access Control (RBAC) system with granular permissions currently applies only to the  User Management and App Management modules. 

Older Ecosystem Modules do not yet support these granular permissions. Access to their features remains tied directly to the original, pre-built roles (e.g., Admin, Super Admin, User). This means it is not possible to create a new, custom role that grants access to features within these older modules. Please see the Best Practices section for guidance on how to manage user access effectively.

------------------------------------------------------------------------------------------

Best Practices 

To ensure smooth operation, please adhere to the following best practices. 

Do Not Rename Pre-built Roles 

The pre-built roles— Super Admin, Admin, User, and Integration Manager—are directly linked to legacy Ecosystem modules. Renaming these roles will break user access to essential features. This is a critical temporary restriction until all modules are integrated with the new RBAC system. 

Use a Dual-Role Strategy 

If a user needs specific permissions (e.g., for User Management) but also requires access to legacy Ecosystem features, they must be assigned both a new custom role and the relevant pre-built role. 

Required Pre-built Roles for Legacy Features 

Below is a list of features that remain tied to specific pre-built roles. 

  1. For Admin & Super Admin Access: A user must be assigned the Admin or Super Admin role to access: Role Center, What’s Happening > My Posts All Dashboard Widgets, The "Create" button for announcements in the What’s Happening widget, All features available to the "User" role 
  2. For Standard User Access: A user must be assigned the  User role to access: All Dashboard Widgets, My Requests (for Sprout Flow clients), What’s Happening > My Inbox, The ability to view and launch their assigned apps 
  3. For Guest Integration Manager Access: Guest user must be assigned the Integration Manager role to: View and launch subscribed applications, Configure third-party app integrations 

Leveraging New RBAC for Custom Roles 

The new granular permissions for User and App Management allow for the creation of powerful, limited-access custom roles. 

Example: You can create a "Security Contractor" role for a guest user that only grants them the ability to manage user passwords, without providing any other administrative privileges. This user would be assigned only this new custom role. 

Want real-time responses? Explore Sprout Info, your 24/7 guide for product inquiries!