Skip to main content

Creating User Permission Groups

Set up user groups to give your staff access to the right features at the right time.

Written by Andrew Flowers
Updated this week

Overview

This guide walks you through creating user permission groups in CX so you can assign access by role instead of managing permissions user by user. By setting up structured, role-based groups, you streamline onboarding, reduce permission errors, and maintain least-privilege access across your organization. Completing this workflow ensures users inherit the correct Read, Write, or Admin access based on their job function. The result is a scalable, audit-friendly permission structure that supports efficient retirement plan operations.

Common Uses

  • When you are setting up CX for a new firm or restructuring access controls.

  • During onboarding of multiple team members who share similar responsibilities, such as Operations or Relationship Managers.

  • When preparing for an internal audit and standardizing access by role.

  • When cleaning up inconsistent or outdated user-level permission overrides.

How To

Identify Role-Based Access Needs

  1. Review your firm’s job functions, such as Operations, Relationship Managers, Compliance, and Administrators.

  2. Determine what level of access each role requires in key modules (Read, Write, or Admin).

  3. Document the intended access structure before creating groups.

  4. Important: Design groups around job function, not individual users, to avoid duplication and permission drift.

Navigate to Users and Groups

  1. Log into CX with Admin access.

  2. Open the Users and Groups section from the main navigation.

  3. Select the Groups tab to view existing permission groups.

  4. Confirm you are in the correct workspace before making changes.

Create a New Group

  1. Click Create Group.

  2. Enter a clear, role-based group name (for example, “Operations – Write Access” or “Relationship Managers – Read Only”).

  3. Add a brief description outlining the intended job function and access scope.

  4. Use consistent naming conventions so access reviews are easier to manage later.

  5. Save the group to proceed to permission configuration.

Configure Group-Level Permissions

  1. Open the newly created group.

  2. Assign the appropriate permission level for each module:
    a. Select R (Read) for view-only access.
    b. Select W (Write) for create and edit access.
    c. Select Admin only if full access across current and future permission areas is required.

  3. Review each module carefully to ensure access aligns with the role’s responsibilities.

  4. Avoid granting Admin for convenience. Use the lowest level of access that allows the role to perform required tasks.

  5. Save your changes.

  6. Reopen the group to verify that all permission settings were applied correctly.

Assign Users to the Group

  1. Navigate to the Users tab.

  2. Open an existing user profile or invite a new user.

  3. Assign the user to the appropriate group.

  4. Save changes.

  5. Confirm the user now appears as a member of the selected group.

  6. Expected result: The user inherits all permissions assigned to the group.

Validate Effective Access

  1. Ask the user to log in, or test access using your internal validation process.

  2. Confirm the user can access only the modules and actions appropriate for their role.

  3. Verify both visibility (Read) and editing capabilities (Write) where applicable.

  4. If access is not correct, review group-level permissions before making any user-level overrides.

Related Articles
Inviting New Users
User Permissions
Email Sending Setup
Connecting Outlook Email in CX
Users and Groups Overview
Did this answer your question?