Using Access Roles helps you keep your entire labeling system secure. You can choose exactly what the members of your Access Roles can do and see in Control Center and other NiceLabel modules within NiceLabel Cloud and Label Management System products.
Learn how to manage Access Roles and Permissions
Use the Users > Access Roles page in Control Center to set User Privileges for your labeling system according to your own specific security policies. Access Roles allow you to assign different sets of privileges to Control Center users.
Note
![]() |
Before you can set user permissions, you must first enable authentication in your Label Management SystemControl Center.
After you enable authentication, log in to Control Center as an administrator to access the Access Roles page.
Control Center includes default access roles with well-balanced permission sets:
Note
These default Access Roles have preset ranges of privileges. You can manually change the default permissions for each role except for the Administrator role.
![]() |
-
Administration: All permissions granted. Members in this role have full Control Center privileges. Administrators can edit default roles, customize roles, and assign roles to users or groups.
-
Approver: Allows role members to review, approve, or reject labels or solutions in Document Storage. Approvers send documents to production.
-
Approver (second level): Allows role members to review, approve, or reject documents on the second document approval step. Approvers send documents to production.
-
Author: Allows role members to create or edit label templates and solutions. Members in this role can edit labels and forms, and have control over label production.
-
Operator: Allows role members to print labels and run solutions without editing. Members in this role have read-only access to Document Storage and cannot change any label templates or application configurations.
-
Service Provider: Allows your service provider to access your account for support, setup, and administration. This role has no members by default.
![]() |
-
Roles off: This role is automatically assigned to all Control Center users after you set your Athentication method to Without authentication. By default, this role has all permissions granted.
![]() |
-
Cloud Integrator: Allows cloud integrators to access the Documents storage only. Cloud integrators use Cloud APIs, but for testing purposes, cloud integrators can also use Control Center UI.
Example 22. Example
John needs full access to Documents storage to upload printing solutions and make them available for production. Set John's Access Role to Author.
Annie needs access to the Reports page to prepare reports on printing consumables. You can assign Annie to any default Access Role.
Charlie is a printer operator. He only runs solution files in runtime mode and prints labels. Set Charlie's Access Role to Operator.
Martha is an account administrator. She needs access to all administrative features. Martha belongs to the Administrator Access Role.
To learn how to edit default Access Roles or add new Access Roles, read Setting up Access Roles.
If your users or user groups are members of multiple Access Roles, their overall security access sums up privileges of all access roles.
When your users are members of two Access Roles, Control Center grants them privileges from their highest Access Role and overrides privileges denied in other roles.
Example 23. Multiple Access Role membership
Charlie is a member of Operator and Author Access Roles. His Operator role grants him read-only access to files stored in Documents, but his Author role grants him full access to Documents. In this case, Charlie has full access to Documents.
You can set up Access Roles for users in Control Center in two ways. You can edit default Access Roles, or create your own custom Access Roles from scratch. You can also duplicate the existing Access Role and then edit the copy.
-
Customize default Access Roles to comply with specific policies or procedures.
-
You can keep default roles, use additional customized roles for special use cases, or add new Access Roles.
Note
You can delete your customized Access Roles, but you cannot delete the default Access Roles.
When you delete your customized Access Roles, role members lose their permissions accordingly.
-
To open Access Roles, go to Users > Access roles.
-
You have three options:
-
To edit a default Access Role, click the role you want to edit.
Warning
Some default or user-defined access roles have enabled the option Update files and folders. This might cause the printing of unpublished (draft) revisions of your labels. This functionality serves testing environments so we would suggest disabling the option Update files and folders in your production environment.
You can disable this option if you scroll to Permissions for this rule section and go to the DOCUMENTS tab > Default Document Permissions > Storage.
-
To set up a new Access Role, click Add.
-
To copy an existing Access Role, select the role, then click Duplicate.
-
-
Control Center opens Create New Access Role configuration page for editing.
-
In Settings, type the role name and description. Make these easy to differentiate from other roles. For default Access Roles, you can edit the role description already there.
-
Set the role Status. Toggle Active to make the role available immediately. Toggle Suspended to make the role unavailable.
Note
Default Access Roles are always active. You can only change the Status of new roles you create manually.
-
Set Permissions for this Role. Define which tasks the members of this Access Role can perform. To learn more about setting permissions, read Setting role permissions.
-
In Users in this Role click Add to add individual users or user groups to your access role. A new pop-up window opens.
-
All lists all users that belong to your company's Azure Active Directory and guest users.
-
Guest users lists all users that are invited or have already signed up to the cloud Control Center using an invitation link.
-
Application users lists all existing users who authenticate themselves using application authentication.
-
Application groups lists all existing groups of users who authenticate themselves using application authentication.
-
Windows users lists all users that are defined in your company's Active Directory.
-
Windows groups lists all groups that are defined in your company's Active Directory.
-
-
-
Click Save.
Your Access Role is configured and ready to use.
Note
You can also create an Excel table with a report of all Control Center users and their Access Roles In the Report of Users and Access Roles window click Create report.
Setting Permissions for your Access Roles helps you keep your entire labeling system secure. You can choose exactly what Access Role members can do and see in Control Center and other NiceLabel programs.
Note
NiceLabel recommends using default Access Roles due to their well-balanced Permission sets. Before you configure Permissions, consider your security policies and set Permissions for each Access Role carefully.
For security, your users in different Access Roles need different levels of access to files, folders, and actions when they use Control Center. NiceLabel groups common Permissions levels into default Access Roles. Administrators can customize or create new Access Roles. Use the Permissions for this role section in Access Roles to control which actions or settings are available to members of each Access Role.
To set Access Role Permissions, follow these steps:
-
Log in to Control Center as an Administrator.
-
Go to Users > Access Roles.
-
Add a new Access Role or click on an existing Access Role from the list.
Create New Access Role
-
Set your Permissions.
The Permissions for this role section includes multiple tabs with lists and detailed descriptions of available Permissions.
-
To grant specific Permissions for this role, select your checkboxes.
-
To disable specific Permissions for this role, clear your checkboxes.
Note
Disabling Permissions also makes them invisible to your Access Role members.
-
Use the General tab to set your global Role Permissions for your NiceLabel modules and decide what users in this role can do in your labeling system. For example:
-
Run NiceLabel programs:
-
Designer
-
Print
-
Automation
-
-
Edit documents
-
Print labels
-
Run forms
-
Edit global variables
-
Edit options
-
Upgrade and deactivate licenses
-
-
Use the remaining tabs to set Role Permissions that are specific for Control Center. These Permissions apply when your users log in to Control Center. The following Permissions tabs correspond to pages in Control Center:
-
Overview: Set access to the overview page in Control Center .
-
Documents: Set general, default, and custom Permissions for Documents storage: archiving/restoring, purging, setting workflows, etc.
Note
To learn more about file access control options, read File Access Control.
-
Applications: Set Permissions for Applications and Cloud Integrations management.
Note
You can also enable running NiceLabel Automation Manager.
-
Printers: Set Permissions for print queue viewing and management, printer group configuration, reservations, and cloud printers.
Warning
By default, all user rights in Printers are disabled. This can prevent all users in all groups printing to shared printers. To avoid such situation:
-
Make sure that NiceLabel Proxy Service 10 on client computers runs under an account with administrative privileges. Don't use Local System account.
Apply this step to all users that print to shared printers.
or
-
Enable the two options as seen in the screenshot below:
-
-
History and Analytics: Set Permissions for viewing errors, alerts, print job logs, label reprinting, viewing data, and system audit logs.
-
User Management: Enables your user to manage your authentication settings, Access Roles, Application users and groups, and Application user password settings.
-
Administration: Set multiple administrative permissions for Control Center Access Role users.
-
-
-
Click Save to apply your permissions.
Your custom Access Role Permissions are saved and applied in Control Center and other NiceLabel programs.
![]() |
The Users page allows you to assign Access Roles to your added users. This is how you define the level of privileges your newly added user has in Control Center. Read more about the Access Roles and the related User Privileges in the section Managing User Privileges.
To assign Access Roles to your application user:
-
Go to Users > Users
-
Click on the user from the list. The user configuration page opens.
-
Under Access Roles click Add.
-
The Add Roles dialog opens. The available Access Roles are listed. Assign your user the appropriate role(s).
-
Click OK.
-
Click Save.
Your user is now a member of the selected Access Role with all the corresponding User Privileges.
Staging helps you prepare new NiceLabel Cloud accounts for your customers before transferring account ownership.
Loftware partners use the Service Provider access role to create new customer accounts and for ongoing support and maintenance after you transfer account ownership to customers. Staging NiceLabel Cloud customer accounts as a Service Provider gives you the freedom to configure your customer accounts in Control Center without bothering customers, worrying about access rights, or explaining complex setup procedures. When your customers activate NiceLabel Cloud and open Control Center for the first time, they have users, label templates, configurations, and integrations already set up and ready to use.
Our NiceLabel Cloud staging process:
-
Provide your own email address (instead of your customer email address) when you order new NiceLabel Cloud accounts.
Note
Tell us you're staging the account for your customer when you order your new account.
-
Prepare your customer NiceLabel Cloud environment (before your customer gets access):
-
Design labels.
-
Build configurations.
-
Configure data integrations.
-
Add users and assign access roles.
Tip
Read Getting Started with NiceLabel Cloud for more information.
-
-
Transfer account ownership by changing access roles and inviting your customer to NiceLabel Cloud:
-
Go to Control CenterControl Center > Users and click Invite guest user.
-
Under Settings, type your customer information.
-
Under Access Roles, add your customer in the Administration access role.
-
Click Invite. Your customer receives an email to activate NiceLabel Cloud and open Control Center.
-
Go to Control Center > Users and click your user name. Change your access role from Administration to Service Provider.
-
-
Set up NiceLabel Cloud Notifications so your customer receives updates and other important NiceLabel Cloud notification emails.
-
Go to Control Center > Administration > Account Information > NiceLabel Cloud Notifications.
-
Click Edit notification recipients. The NiceLabel Cloud Notification Recipients window opens.
-
Type your customer email address(es). Add each additional email address on a new line.
Note
Remove your email address to stop receiving notifications for this account.
-
Click Save. Email addresses you add now receive NiceLabel Cloud notifications for this account.
-
Our NiceLabel Cloud staging procedure decreases confusion and frustration, saves you time, and improves customer experience.