Skip to content
English
More support Customer Ticketing Portal
Go to www.sharetru.com
  • There are no suggestions because the search field is empty.

What you need to know about Role Groups

Understanding Administrative Roles and Permissions

The Sharetru platform uses role-based access control (RBAC) to manage what users can see and do inside the system. Administrative capabilities are assigned through Role Groups—built-in system roles that define levels of access across the platform. These roles focus on administrative privileges and are separate from Access Groups, which control file and folder access.

Role Groups cannot be renamed or deleted and apply globally across the entire site.

Available Role Groups

Site Administrators

Members have complete administrative control across the entire platform.

They can:

  • Access all modules (Dashboard, Files, Users, Groups, Reports, Settings)
  • Manage all users and groups
  • Configure site-wide settings
  • Manage all shares, file operations, and notifications
  • View all reports and logs
  • Manage API access when the API is enabled
Restrictions:
  • Cannot delete their own account
  • Cannot approve users they create (when dual-authorization is enabled)


User Administrators

Members manage all aspects of user accounts.

They can:

  • Create, modify, and delete user accounts
  • Assign authentication options and MFA settings
  • Manage group membership
  • Apply network restrictions
  • View user-related reports (passwords, status, clickwrap acceptance, etc.)

Restrictions:

  • Cannot delete their own account
  • Cannot approve users they create (when dual-authorization is enabled)
  • Certain features (e.g., OTP or password expiration settings) may be disabled by site configuration

File Administrators

Members manage all file-related content across the site.

They can:

  • Access and manage all files and folders
  • Create, modify, and delete shares
  • Manage notifications for any folder and any user
  • Adjust retention settings for folders (if enabled)
  • View full file-related reports
  • Change the access settings of any folder

Restriction:

  • Folder retention rules may be disabled depending on site configuration

API Users

Visible only when the API feature is enabled.

Members in this group can use API endpoints.

However, API access still requires that the user has the appropriate privileges for the actions they attempt. For example, accessing a user-management API endpoint requires user-management privileges.

 

New User Authorizer

Visible only when dual-authorization for user creation is enabled.

Members can:

  • Approve or reject new user registrations created by administrators

Restriction:

  • Cannot approve users they personally created
  • Must also have permission to create users

MSP Administrators

For managed service providers or support personnel.

Members can:

  • Manage users, groups, and most administrative settings
  • View the folder structure

They cannot:

  • View file contents
  • View file or folder names inside shares

This role provides strong administrative capabilities without exposure to confidential files.

 

Auditors

Members receive read-only visibility into most areas of the system.

They can:

  • View users, groups, reports, and system settings
  • View the overall folder structure (but not file names or contents)
  • Access most reports for compliance purposes

They cannot modify anything.

Ideal for compliance teams, security auditors, and oversight personnel.

 

How Role Groups Work

Assignment

Users may belong to one or more Role Groups.
When multiple roles are assigned, the user receives the highest level of privilege from all combined roles.

Identification

  • Role Groups are visually separated under Role Groups in the Groups module
  • They are created by the system and cannot be renamed or removed

Privilege Model

  • Access to features is controlled at the module level (Dashboard, Files, Users, etc.)
  • Access to specific data inside those modules depends on the user’s permissions (e.g., a report may be visible, but its data may be filtered based on allowed content)

Folder Permission Changes

To update folder permissions for a user or group, one of the following must apply:

  • The user belongs to a Role Group with the required privilege (e.g., Site Administrator, File Administrator, MSP Administrator)
  • The user is a Group Manager with folder-access rights for the specific Access Group associated with that folder

Folder-permission authority depends both on role and scope.

Best Practices

Use the Least Privilege Necessary

Assign users only the role(s) they require to do their work.

Separate Duties

Use specialized roles instead of granting full Site Administrator access when possible:

  • Use User Administrators for account management
  • Use File Administrators for file operations
  • Use MSP Administrators for administrative access without content exposure

Use the Auditor Role for Read-Only Access

This is ideal for compliance personnel who must view settings, reports, and configurations without making changes.

Use Group Managers for Scoped Delegation

Access Groups with manager rights allow control within a specific set of folders or users, without granting system-wide power.

Team Managers (Deprecated)

If your site still uses Team Managers, plan to migrate these structures to the Groups system.