Dev GuideAPI Reference
Dev GuideAPI ReferenceUser GuideGitHubNuGetDev CommunityDoc feedbackLog In
GitHubNuGetDev CommunityDoc feedback

Optimizely <<product-name>> allows you to create security roles for the Admin Console. This article provides the basic instructions for creating a role and then provides the steps to address the scenario of creating a role that does not have access to Customers within the Admin Console.

## Create a custom role

  1. Go to **Admin Console** \> **Administration** \> **Permissions** \> **Roles**.

  2. Click **Add Role** .

  3. In the **Role Name** field, enter in the name of the new Role.

    If the role is to have access to the Admin Console, it must begin with **ISC\_**. Any role that is not preceded by **ISC\_** will not appear in the permissions in the Application Dictionary.

  4. Click **Save** .

## Limit access to the admin console

Custom Roles can be used to limit certain users from accessing specific areas of the Admin Console. The steps below will address this scenario: We have a set of users that need to access the Admin Console to update Product information, but we do not want them to have access to Customer data.


The ability to impersonate users is assigned only to the ISC_Implementer, ISC_Admin and ISC_User roles and you cannot add the ability to impersonate to your custom role.

### Create the new role

  1. Follow the instructions above for creating a new custom Role. We will use the Role name of "ISC_ProductData".

### Remove access to the customer entity

  1. Go to **Administration** \> **System** \> **Application Dictionary** and search for **Customer.**

  2. Select **Edit** for customer.

  3. Select the **Permissions** finger tab.

  4. Select **Edit** for the **ISC_ProductData** Role.

  5. Change the radio buttons to limit access, by selecting **No**.


  6. Click **Save**.

  7. Assign the Role to desired Users.

    Roles with higher permission override Roles with lower permission. So, if a particular User has a Role that allows access to the Customer entity, that will supersede the Role that limits the access to the Customer entity.

### End result

Users who access the Admin Console with the ISC_ProductData role will not see the Customer entity.