Understanding Multiple Roles and Role Aggregation

In some cases, you may want a user to have different permissions for different accounts. This is done by assigning roles per account. Each role comes with its own set of permissions, and these permissions are tied specifically to the account they’re assigned to.


Example Setup

Let’s take Andrés as an example. He might have a:

  • Developer role on accounts X, Y, Z
  • Authoriser role on accounts A, B, C
  • User role on accounts D, F, G

Since roles are assigned per account, the permissions for each role only apply to that specific account.

Role Aggregation: How Roles Combine

Sometimes, a user may have more than one role on the same account. This is called Role Aggregation.


Permissions from all roles assigned to the same account are combined (aggregated). Permissions are additive - they do not replace each other, they stack up.


Example with Aggregated Roles:

Andrés is also given the Admin role on accounts X, D, P.

  • On Account X: Andrés already has the Developer role here. Adding Admin means he now has Developer + Admin permissions.
  • On Account B: Andrés already has Authoriser. Adding Admin means he now has Authoriser + Admin permissions.
  • On Account P: Andrés has no previous role, so he gets only Admin permissions.

How Permissions Stack

If the roles grant the following permissions:

  • Developer → Permission 1 [P1], P2, P3
  • Authoriser → P4, P5
  • Admin → P6, P7

Then Andrés will have:

  • Account X → P1, P2, P3 (Developer) + P6, P7 (Admin)
  • Account B → P4, P5 (Authoriser) + P6, P7 (Admin)
  • Account D → P6, P7 (Admin only)

Key Points to Remember

  • Roles are assigned per account.
  • Multiple roles on the same account will combine permissions.
  • Permissions are additive - the more roles, the more permissions.
Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.

Related Articles