**Source URL:** https://regulatory.veevavault.help/en/gr/46235/index.md # Managing User Role Setup Object Types (RIM) With Dynamic Access Control, Admins can control user role assignment by managing records in the _User Role Setup_ object. Records in this object correspond to auto-managed groups. _User Role Setup_ object records include a user, role, and several object reference field values that qualify a user's context for the role. To provide a more nuanced method of role assignment, you can configure object types on the standard _User Role Setup_ (`user_role_setup__v`) object. Using object types on _User Role Setup_ allows you to use different sets of six fields for matching rules, instead of a single set of six on the standard object. Unlike creating additional objects using the _User Role Setup_ object class, using object types maintains all of your _User Role Setup_ records within the single object.
## How to Enable Object Types for User Role Setup To enable this feature, you must enable object types on the _User Role Setup_ object. This feature is available only for the standard _User Role Setup_ object (`user_role_setup__v`), and not any objects you may have created using the _User Role Setup_ object class. To enable object types: 1. Navigate to **Admin > Configuration > Objects > User Role Setup**. 2. Click **Edit**. 3. Select the **Enable Object Types** checkbox. 4. Click **Save**. Object types are now available for your standard _User Role Setup_ object. ## Configuring _User Role Setup_ Object Types Once you enable object types for _User Role Setup_, you can configure object types for the standard _User Role Setup_ object. Configure object types to create the object types and assign fields to each type. You can create up to two object types for the standard _User Role Setup_ object. Once you create object types for _User Role Setup_, the base object type (`base__v`) is disabled. With object types for _User Role Setup_, you can use more than the six context field limit for documents by using a different selection of six fields per object type. Simply create the context fields you would like to use, and then assign them to the appropriate object type. ## Example: Roles Grouped by Application Gladys is a system administrator for her organization's RIM Vault. Her organization uses both RIM Submissions and RIM Registrations. Gladys has been managing users in her Vault with a single _User Role Setup_ object and only five context fields. Because these two RIM applications serve different purposes, she needs to control user access differently across each function. Gladys can create two object types for _User Role Setup_, one for each application: * _Submissions Role Setup_ * _Registrations Role Setup_ This way, she can use different sets of context fields for each application. Gladys might create _Submissions Role Setup_ for users working primarily in the Submissions application. For her Submissions users, Gladys wants to restrict access by _Submission Type_. She can do so by adding a _Submission Type_ context field to her _Submissions Role Setup_ object type. However, _Submission Type_ is not relevant to the Registrations application. Adding _Submission Type_ to the two other object types does not impact the _Registrations Role Setup_ object type's six context field limit. Gladys can use six entirely different context fields for that object type. ## Application Roles & User Role Setup Types You can choose to assign an _Application Role_ to a specific object type of _User Role Setup_, or to assign the _Application Role_ to no object types of _User Role Setup_. When you create a new _Application Role_ in your Vault, you can select a _Standard User Role Setup Type_ for your role. The options here correspond to the object types you configured on the _User Role Setup_ object. Your selection here creates the relationship between the _Application Role_ and the _User Role Setup_ object type. Based on this relationship, Vault only displays the appropriate matching fields when you configure a sharing rule for that role. ## Configuring Sharing Rules with User Role Setup Types When you are creating sharing rules and are using _User Role Setup_ object types, identify which _Application Roles_ correspond to which _User Role Setup_ object types. As you configure sharing roles in your Vault, which _Application Role_ you select during creation drives which matching fields Vault displays. Vault displays the matching fields for the _User Role Setup_ type related to the chosen _Application Role_. If an _Application Role_ has no _Standard User Role Setup Type_ selected, Vault does not display any matching fields. ## Related Permissions You can complete the steps described in this article with the standard _System Admin_ and _Vault Owner_ security profiles. If your Vault uses custom security profiles, your profile must include the following permissions:
Type Permission Controls
Security Profile Admin: Objects: Edit Ability to edit objects in Admin > Configuration > Objects.
Security Profile Objects: User Role Setup: Create, Edit Ability to create and edit object records for the User Role Setup object.
Security Profile Objects: Application Role: Create, Edit Ability to create and edit object records for the Application Role object.