Using Access Roles helps you keep your entire labeling system secure. You can choose exactly what the members of your Access Roles can do and see in Control Center and other NiceLabel modules within Label Management System products.

Learn how to manage Access Roles and Permissions

Use the Users > Access Roles page in Control Center to set User Privileges for your labeling system according to your own specific security policies. Access Roles allow you to assign different sets of privileges to Control Center users.


Before you can set user permissions, you must first enable authentication in your Label Management SystemControl Center.

After you enable authentication, log in to Control Center as an administrator to access the Access Roles page.

Control Center includes default access roles with well-balanced permission sets:


These default Access Roles have preset ranges of privileges. You can manually change the default permissions for each role except for the Administrator role.

  • Administration: All permissions granted. Members in this role have full Control Center privileges. Administrators can edit default roles, customize roles, and assign roles to users or groups.

  • Approver: Allows role members to review, approve, or reject labels or solutions in Document Storage. Approvers send documents to production.

  • Approver (second level): Allows role members to review, approve, or reject documents on the second document approval step. Approvers send documents to production.

  • Author: Allows role members to create or edit label templates and solutions. Members in this role can edit labels and forms, and have control over label production.

  • Operator: Allows role members to print labels and run solutions without editing. Members in this role have read-only access to Document Storage and cannot change any label templates or application configurations.

  • Service Provider: Allows your service provider to access your account for support, setup, and administration. This role has no members by default.

    Example 21. Example

    John needs full access to Documents storage to upload printing solutions and make them available for production. Set John's Access Role to Author.

    Annie needs access to the Reports page to prepare reports on printing consumables. You can assign Annie to any default Access Role.

    Charlie is a printer operator. He only runs solution files in runtime mode and prints labels. Set Charlie's Access Role to Operator.

    Martha is an account administrator. She needs access to all administrative features. Martha belongs to the Administrator Access Role.

    To learn how to edit default Access Roles or add new Access Roles, read Setting up Access Roles.

    Multiple Access Role membership

    If your users or user groups are members of multiple Access Roles, their overall security access sums up privileges of all access roles.

    When your users are members of two Access Roles, Control Center grants them privileges from their highest Access Role and overrides privileges denied in other roles.

    Example 22. Multiple Access Role membership

    Charlie is a member of Operator and Author Access Roles. His Operator role grants him read-only access to files stored in Documents, but his Author role grants him full access to Documents. In this case, Charlie has full access to Documents.

    Creating Access Roles

    You can set up Access Roles for users in Control Center in two ways. You can edit default Access Roles, or create your own custom Access Roles from scratch. You can also duplicate the existing Access Role and then edit the copy.

    • Customize default Access Roles to comply with specific policies or procedures.

    • You can keep default roles, use additional customized roles for special use cases, or add new Access Roles.


    You can delete your customized Access Roles, but you cannot delete the default Access Roles.

    When you delete your customized Access Roles, role members lose their permissions accordingly.

    1. To open Access Roles, go to Users > Access roles.

    2. You have three options:

      • To edit a default Access Role, click the role you want to edit.


        Some default or user-defined access roles have enabled the option Update files and folders. This might cause the printing of unpublished (draft) revisions of your labels. This functionality serves testing environments so we would suggest disabling the option Update files and folders in your production environment.

        You can disable this option if you scroll to Permissions for this rule section and go to the DOCUMENTS tab > Default Document Permissions > Storage.

      • To set up a new Access Role, click Add.

      • To copy an existing Access Role, select the role, then click Duplicate.

    3. Control Center opens Create New Access Role configuration page for editing.

      1. In Settings, type the role name and description. Make these easy to differentiate from other roles. For default Access Roles, you can edit the role description already there.

      2. Set the role Status. Toggle Active to make the role available immediately. Toggle Suspended to make the role unavailable.


        Default Access Roles are always active. You can only change the Status of new roles you create manually.

      3. Set Permissions for this Role. Define which tasks the members of this Access Role can perform. To learn more about setting permissions, read Setting role permissions.

      4. In Users in this Role click Add to add individual users or user groups to your access role. A new pop-up window opens.

          • Application users lists all existing users who authenticate themselves using application authentication.

          • Application groups lists all existing groups of users who authenticate themselves using application authentication.

          • Windows users lists all users that are defined in your company's Active Directory.

          • Windows groups lists all groups that are defined in your company's Active Directory.

      5. Click Save.

      Your Access Role is configured and ready to use.


      You can also create an Excel table with a report of all Control Center users and their Access Roles In the Report of Users and Access Roles window click Create report.

      Access Role Permissions

      Setting Permissions for your Access Roles helps you keep your entire labeling system secure. You can choose exactly what Access Role members can do and see in Control Center and other NiceLabel programs.


      NiceLabel recommends using default Access Roles due to their well-balanced Permission sets. Before you configure Permissions, consider your security policies and set Permissions for each Access Role carefully.

      For security, your users in different Access Roles need different levels of access to files, folders, and actions when they use Control Center. NiceLabel groups common Permissions levels into default Access Roles. Administrators can customize or create new Access Roles. Use the Permissions for this role section in Access Roles to control which actions or settings are available to members of each Access Role.

      To set Access Role Permissions, follow these steps:

      1. Log in to Control Center as an Administrator.

      2. Go to Users > Access Roles.

      3. Add a new Access Role or click on an existing Access Role from the list.

        Create New Access Role

      4. Set your Permissions.

        The Permissions for this role section includes multiple tabs with lists and detailed descriptions of available Permissions.

        • To grant specific Permissions for this role, select your checkboxes.

        • To disable specific Permissions for this role, clear your checkboxes.


          Disabling Permissions also makes them invisible to your Access Role members.

        • Use the General tab to set your global Role Permissions for your NiceLabel modules and decide what users in this role can do in your labeling system. For example:

          • Run NiceLabel programs:

            • Desktop Designer

            • Print

            • Automation

          • Edit documents

          • Print labels

          • Run forms

          • Edit global variables

          • Edit options

          • Upgrade and deactivate licenses

        • Use the remaining tabs to set Role Permissions that are specific for Control Center. These Permissions apply when your users log in to Control Center. The following Permissions tabs correspond to pages in Control Center:

          • Overview: Set access to the overview page in Control Center .

          • Documents: Set general, default, and custom Permissions for Documents storage: archiving/restoring, purging, setting workflows, etc.


            To learn more about file access control options, read File Access Control.

          • Applications: Set Permissions for Applications and Cloud Integrations management.


            You can also enable running NiceLabel Automation Manager.

          • Printers: Set Permissions for print queue viewing and management, printer group configuration, reservations, and cloud printers.


            By default, all user rights in Printers are disabled. This can prevent all users in all groups printing to shared printers. To avoid such situation:

            • Make sure that NiceLabel Proxy Service 10 on client computers runs under an account with administrative privileges. Don't use Local System account.

              Apply this step to all users that print to shared printers.



            • Enable the two options as seen in the screenshot below:

          • History and Analytics: Set Permissions for viewing errors, alerts, print job logs, label reprinting, viewing data, and system audit logs.

          • User Management: Enables your user to manage your authentication settings, Access Roles, Application users and groups, and Application user password settings.

          • Administration: Set multiple administrative permissions for Control Center Access Role users.

      5. Click Save to apply your permissions.

      Your custom Access Role Permissions are saved and applied in Control Center and other NiceLabel programs.

      Access Roles

      The Users page allows you to assign Access Roles to your added users. This is how you define the level of privileges your newly added user has in Control Center. Read more about the Access Roles and the related User Privileges in the section Managing User Privileges.

      To assign Access Roles to your application user:

      1. Go to Users > Users

      2. Click on the user from the list. The user configuration page opens.

      3. Under Access Roles click Add.

      4. The Add Roles dialog opens. The available Access Roles are listed. Assign your user the appropriate role(s).

      5. Click OK.

      6. Click Save.

      Your user is now a member of the selected Access Role with all the corresponding User Privileges.