In a law firm, data sovereignty is paramount. An intern should not see the firm's monthly financial recovery, and a real estate lawyer should not have access to criminal litigation files unless explicitly granted. LexOS utilizes a strict, granular Permissions Matrix to enforce access control across the entire platform.
Here is how to manage the default hierarchy and build custom roles for your firm.
Step 1: The Roles Directory
To manage your firm's access levels, navigate to the left-hand sidebar under the System Administration group and click on Roles.
This opens the master Roles list, displaying every active role in your firm. The table gives you a quick audit overview:
- Name: The official title of the role (e.g., Practice Manager, Senior Associate, Paralegal).
- Privileges: The exact number of system permissions granted to this role (e.g., 115 privileges for a Partner, 0 for an unconfigured Junior Lawyer).
- Assigned Staff: How many active users currently hold this role.
Security Note: You will notice that foundational roles like SAN / Principal Partner lack a "Delete" button. These core administrative roles are protected by LexOS to prevent you from accidentally locking yourself out of your own firm's system.
Step 2: Modifying or Creating a Role
Whether you are tweaking the permissions of an Associate or clicking the teal New role button to create a custom External Consultant role, you will be taken to the Edit Role screen.
This screen is divided into two sections:
- Role Identity: Here, you simply define the title of the role.
- Permissions Matrix: This is the vault combination. You must individually select exactly what capabilities this role grants to the staff member.
Step 3: Understanding the Permissions Matrix (Crucial)
Checking the wrong box can compromise case confidentiality. Here is a breakdown of the most critical permissions you must configure carefully:
1. Case Visibility (The Department Wall) LexOS offers three distinct levels of case visibility. Never check more than one of these for a single role:
- View All Cases: Bypasses all department walls. The user can see every case in the firm. (Recommended only for SANs, Partners, and Practice Managers).
- View Department Cases: The standard lawyer setting. The user can see all cases assigned to their specific department, but nothing outside of it.
- View Own Cases: Strict isolation. The user can only see cases where they are explicitly listed as an assigned lawyer.
2. Case & Document Actions
- Create Case / Edit Case / Update Case: Grants the ability to open new matters or modify existing War Room details.
- Delete Case: A highly destructive permission. A standard user should rarely have this; cases should generally be sent to the Iron Vault (Archived), not deleted.
- Upload Documents / Delete Documents: Controls who can manage evidence in the Iron Dome.
3. Financial Management
- View Financials: Allows the user to see the "Billing & Financials" tab inside cases, including Case Disbursements and totals.
- Create Invoice / Edit Invoice: Grants access to the firm's billing engine.
4. System Administration
- Create User / Edit User / Delete User: Grants HR capabilities to onboard or terminate staff accounts.
- Manage Settings: Allows configuration of firm-wide defaults.
- View Audit Logs: Grants access to the global Activity Logs to monitor who did what across the entire system. (Keep this strictly restricted to Partners and Practice Managers).
Once you have carefully selected the necessary checkboxes, save the role. Any staff member assigned to this role will immediately inherit these exact permissions upon their next page load.