Custom User Roles provide enterprise-grade access control for organizations, allowing administrators to create role-based permission groups with granular control over Gumloop features, integrations, and workflow capabilities. This feature ensures that users have appropriate access levels based on their responsibilities while maintaining security and compliance standards.

Overview

The Custom User Roles system is built around a flexible group-based architecture with automatic default role assignment. Every organization member is assigned to a role that determines their permissions across the platform, from basic feature access to specific integration scopes and AI model usage.
Custom User Roles Overview

Default Role System

Automatic Role Creation and Assignment

When an organization is created, Gumloop automatically:
  1. Creates a Default Role: Named “Default Group” with baseline permissions for all organization members
  2. Auto-assigns New Members: All users joining the organization are automatically added to the default role
  3. Provides Fallback Protection: Users removed from other roles automatically return to the default role

Key Properties of Default Permission Group

  • Cannot be deleted: Default roles are protected to ensure all users always have baseline permissions
  • Can be renamed: Organizations can customize the default role name to match their naming conventions
  • Serves as fallback: Provides consistent baseline access when users are moved between roles

Managing User Roles

Accessing Role Management

Navigate to your organization’s role settings at: gumloop.com/settings/organization/roles-permissions
Roles and Permissions Main Page

Creating Custom Groups

  1. Click “Create Group” from the main permissions page
  2. Provide a descriptive group name and description
  3. Configure permissions across four main categories:
    • Members
    • Features
    • App Scopes
    • Node Denylist
Create New Role Dialog

Group Management Actions

For each group, administrators can:
  • Rename: Update group names and descriptions
  • Set as Default: Designate which group new members receive automatically
  • Delete: Remove group (default roles cannot be deleted)
  • View Member Count: See how many users are assigned to each group

Permission Categories

1. Members Management

Control which users belong to each role with advanced member management capabilities.
Role Members Management
Features:
  • Search Functionality: Find users by email with real-time search
  • Add/Remove Members: Move users between roles with single-click actions
Important Rules:
  • Users can only belong to one group at a time
  • Moving a user to a new group automatically removes them from their previous group
  • Users cannot be removed from the default group without being assigned to another group

2. Features Restrictions

Control access to core Gumloop platform features with granular toggle controls.
Role Features Restrictions

Available Feature Restrictions:

FeatureDescriptionImpact
Workspace CreationPrevents users from creating new workspacesUsers can only join existing workspaces they’re invited to
Workspace Credential AddingBlocks adding new credentials to workspacesUsers can only use personal credentials or existing workspace credentials
MCP Node CreationRestricts creation of custom MCP nodesUsers cannot build custom MCP nodes
Public SharingPrevents sharing flows and interfaces publiclyUsers can only share within the organization
Configuration:
  • Simple toggle switches for each restriction
  • Real-time updates with immediate effect
  • Clear descriptions help administrators understand the impact

3. App Scopes (OAuth Permission Control)

Manage which OAuth scopes users can access for third-party integrations with category-based control.
Role App Scopes Management
How App Scopes Work:
  • Control permissions for each integration category (Google, Slack, Notion, etc.)
  • Restrict specific OAuth scopes while allowing others
  • Granular control over what data users can access in connected services
Role App Scopes Management
Example Use Cases:
  • Allow Google Sheets reading but block Google Drive writing
  • Permit Slack message reading but restrict channel management
  • Enable Salesforce data viewing while preventing record updates
Configuration:
  1. Select the integration category (e.g., “Google Apps”)
  2. Choose which scopes to allow or restrict
  3. Users see only permitted scopes during OAuth flows

4. Node Denylist

Block access to specific workflow nodes and integrations to prevent unauthorized actions.
Role Node Denylist
Functionality:
  • Category-based Restrictions: Block entire categories of nodes (e.g., all Salesforce nodes)
  • Individual Node Control: Restrict specific nodes while allowing others in the same category
  • Runtime Enforcement: Restrictions are enforced during workflow execution
Role Node Denylist
Common Restriction Scenarios:
  • Block all data writing nodes while allowing reads
  • Restrict access to sensitive integrations
  • Prevent certain teams from using certain integrations
Implementation:
  • Restricted nodes are hidden from the node library for affected users
  • Existing workflows with restricted nodes will fail execution with clear error messages
  • Restrictions apply to both manual workflow building and API-based automation

Business Rules and Enforcement

Single Group Membership

  • Rule: Users can only belong to one group at a time
  • Enforcement: Adding a user to a new group automatically removes them from their previous group
  • Benefit: Prevents permission conflicts and simplifies access control

Runtime Permission Checks

  • When Applied: All permissions are checked in real-time during platform usage
  • Scope: Applies to UI interactions, workflow execution, and API calls
  • Response: Blocked actions show clear error messages explaining the restriction

Admin-Only Management

  • Access Control: Only organization administrators can manage user roles

User Experience Impact

For End Users

Restricted Features:
  • Hidden or disabled UI elements for blocked features
  • Clear messaging when attempting restricted actions

Real-World Use Cases

Organizations use Custom User Roles to implement security and governance policies across different teams: Sales Team Access Control:
  • Grant sales teams access to Salesforce integrations for lead management
  • Restrict other departments from accessing sensitive sales data
  • Allow CRM data reading but prevent record deletion
IT and Operations Segregation:
  • Enable IT teams to create workspaces and manage credentials
  • Restrict regular users from adding new workspace credentials
  • Allow operations teams to use advanced integrations while limiting marketing to basic tools
Compliance and Security:
  • Prevent certain teams from sharing workflows publicly
  • Restrict access to financial integrations for non-finance users

Getting Started

  1. Access Role Management: Navigate to gumloop.com/settings/organization/roles-permissions
  2. Review Default Group: Examine the default role permissions and adjust as needed
  3. Create Specialized Groups: Build roles for different user groups in your organization
  4. Assign Users: Move users from the default role to appropriate specialized groups
For additional support with Custom User Roles, contact your Gumloop support team at support@gumloop.com or reach out in your dedicated Slack channel.

See Also