Create Custom Roles in Rocket Chat

In addition to the default roles provided in Rocket.Chat, workspace administrators can create custom roles and assign specific permissions to them. Custom roles are useful when you need a permission set that doesn't fit any of the default roles, for example, a "Room Auditor" role with a narrower scope than the built-in auditor.

Create a new role

Go to Manage > Workspace > Permissions.
Click New role at the top of the page. The New role panel opens.
Fill in the following fields, then click Save.

Field	Description
Role	The internal identifier for the role (for example, `room-auditor`). This value cannot be changed from the workspace UI after the role is created. To rename a role later, use the update role endpoint.
Description	The label shown to users (for example, `Room Auditor`). Leave this field blank if you do not want the role to be displayed.
Scope	Determines where the role applies. Select Global for workspace-wide roles or Rooms for roles that apply within individual rooms. See Scope of Rocket.Chat roles for details.
Users must use Two Factor Authentication	When enabled, users assigned this role must provide a 2FA code for certain workspace actions. Make sure 2FA is configured in your workspace, and see the 2FA user guide for how users enable 2FA on their accounts.

Once saved, the new role appears as a column in the Permissions table alongside the default roles.

Assign permissions to a custom role

To grant a permission to your new role, locate the permission row in the Permissions table and select the checkbox in the role's column. Clear the checkbox to revoke the permission.

Assign the custom role to a user

Go to Manage > Workspace > Users.
Click the user you want to update. The User Info panel opens.
Click Edit.
In the Roles field, select the custom role from the dropdown.
Click Save user.

For more details on the user editing workflow, see Edit user information.

Edit or delete a custom role

You can edit the description, scope, and 2FA setting of a custom role, or delete it entirely, from the Role Editing panel. See Edit roles for the procedure.

For an overview of all built-in roles, see Roles in Rocket.Chat.
For the full list of permissions, see Permissions.
Roles and permissions can also be managed via the REST API. See the Roles API and Permissions API for details.