# Creating & Managing Document Lifecycle Roles

Document lifecycle roles provide a mechanism for document-specific access control. Vault includes several standard roles to use in **Sharing Settings** and in workflows but also allows you to add custom roles. You can then assign users to the roles automatically or allow individual users to assign the roles for specific documents.

## Accessing Role Management Options {#view}

You can view system-provided and custom roles for a specific lifecycle from **Admin > Configuration > Document Lifecycles > [Lifecycle] > Roles**. From this area, you can select allowed users for a role, configure user defaulting, add custom roles, and assign annotation note colors. You can also delete or deactivate custom roles.

For the _Owner_ role, the _Allowed Users_ configuration only applies when re-assigning a new owner to a classified document. The creator of a classified or unclassified document is the initial owner, and role settings do not affect the Create Document permission on a document type.

## How to Create Custom Roles {#create}

To create a custom role:

  1. Click **Create**.
  2. Enter a **Label** for the role. The name will be visible to users when viewing or editing **Sharing Settings**.
  3. Change the **Status** to **Inactive** if the role should not be available for selection yet.
  4. Optional: Enter a **Description**. This value is not visible to users but appears on the **Roles** page to help you identify the role.
  5. Optional: In **Add Default Users When**, choose when Vault should automatically add default users to the role. You can define default users after saving.
  6. Optional: Select a **Note color** for the role (see details below).
  7. Click **Save**. The new role appears in the **Roles** page and is immediately available for workflow configuration and assignment via **Sharing Settings**.
  8. If you need to restrict the users allowed in the role or set default users, see <a href="/en/gr/6572/">Defining Allowed & Default Users</a>.

## Note Color {#color}

The **Note color** for a role affects the background color of notes for line, text, and image annotations, but not for link or anchor annotations. It only applies if a user creates an annotation while in a role with an open workflow task. If no color is selected for the role, users are free to select their own color.

Note color does not apply:

  * If a user has the role but no assigned tasks.
  * If a user has more than one assigned task in more than one role.
  * To notes that already exist, unless the user edits the note while in a role with an open workflow task.
  * To document and object workflows. Only legacy workflows are applicable.

## Configuring Permissions for Roles

Once created, custom roles appear in **Admin > Configuration > Document Lifecycles > [Lifecycle] > States > [State] > Security Settings** and **Atomic Security** alongside standard roles. From here, you can modify permissions through the <a href="/en/gr/2572/">security matrix</a> and <a href="/en/gr/62043/">Atomic Security</a>.

## Related Permissions
The following permissions control access to document lifecycle role configuration:

### Security Profile

Document Lifecycles > Edit
: Grants ability to edit document lifecycle configuration, which includes creating and editing document lifecycle roles.