Update – February 19, 2026: The User Groups to Security Roles migration has completed.
For most partners, everything transitioned successfully. However, if you're noticing users have lost visibility to content they previously had access to, or if your Type Mapping configurations don't appear to have carried over correctly, your portal may have been partially affected. Please reach out to support (support@cloudradial.com) and we'll get it corrected.
Until now, we've had two User systems that did overlapping things: User Groups for targeting content and messaging to users, and Security Roles (also just called Roles) for nuanced permissions.
If you ever wondered, "do I use a User Group or a Role for this?", you're not alone. We're eliminating that confusion by consolidating everything into Roles. One system, one place to manage who sees what and who can do what. Less to think about, faster to configure, and a lot easier to understand.
- Why We Made This Change
- What Happened to Your User Groups?
- Type Mappings and Role Migration
- Role Limits and Your Subscription
- What You Need to Do
- Where to Find Things in the New UI
- Frequently Asked Questions
Why We Made This Change
User Groups were originally designed as simple tags to control who sees what content. Everyone was used for baseline content, Admin for elevated materials like onboarding forms or reports. There were plenty of use cases between those two with custom User Groups.
When we introduced Security Roles, they provided some of that same content-targeting capability while adding powerful features: ticket scope controls, granular feature access (read/write/none), impersonation, and user management.
Maintaining both systems created unnecessary complexity. Roles can do everything User Groups do, and more.
What Happened to Your User Groups?
We ran an automatic migration to ensure zero interruption to your content delivery. Here's how it worked:
- IMPORTANT! Your end users won't notice a difference. Content delivery continues exactly as before. The change is in how you manage targeting going forward - through Roles instead of User Groups.
- Matching names were merged. If you had a User Group and a Role with the same name (for example, both called "Admin"), they were combined. The User Group's content assignments were absorbed into the existing Role. No duplicate was created.
-
Non-matching User Groups became [Content-Only] roles. Any User Group that didn't have a matching Role by name was converted into a new role with the [Content-Only] label. These roles exist purely for content targeting, as they don't carry any special permissions. For example, if you had a User Group called Test Group with David and Nick in it, you'll now see a Test Group [Content Only] role with those same two users assigned.
- Content packages were automatically reassigned. Every content package that was mapped to a User Group is now mapped to the corresponding Role. The targeting logic is preserved.
Type Mappings and Role Migration
Type Mappings allow you to automatically assign Security Roles to users based on their type in your PSA. With the migration from User Groups to Security Roles, Type Mappings now focus exclusively on Role Assignments.
Unfamiliar with Type Mappings? Read this: https://radials.io/TypeMapping
What Changed During Migration
If you had a Type Mapping configured before the migration:
- Role Assignments were preserved - Any Role you had assigned in the Type Mapping remains intact
- User Groups were converted to [Content-Only] Roles - User Groups listed in your Type Mapping were automatically added as [Content-Only] roles alongside your existing Role Assignment
Example:
- Before migration: Type Mapping had Role Assignment of "Company Reporting" and a User Group of "Admin".
- After migration: Type Mapping shows Role Assignments of "Company Reporting and Admin [Content-Only].
This ensures users maintain the same permissions they had before - their original role plus the converted User Group role.
Temporary Interface Note
You may still see the CloudRadial User Groups field in Type Mappings temporarily during the transition period. This field will be removed once the migration is fully stabilized. Your Type Mapping settings remain intact and functional during this time.
Verifying Successful Migration
To check if your Type Mappings migrated correctly, look at the Type Mapping configuration:
✓ Successful migration looks like the following image:
- Role Assignment(s) field shows your original role(s) plus any User Groups converted to [Content-Only] roles
- In our example: You see "Company Reporting, Admin [Content-Only]" in the Role Assignments area.
✗ Failed migration looks like the following image:
- Role Assignment(s) field only shows the original role
- User Groups appear in the CloudRadial User Groups section but do not have corresponding [Content-Only] entries in Role Assignments
- In our example: You see "HR" in User Groups section but Role Assignments only shows "Company Reporting". The HR [Content Only] role is missing.
Manual Fix for Migration Issues
If the migration didn't complete properly for a Type Mapping, users may lose visibility to content because they're no longer in the appropriate roles.
To fix this manually:
- Open the affected Type Mapping (under Partner > Settings > Type Mappings on the right-hand column)
- Look at the "CloudRadial User Groups" section - note which groups are listed
- In the Role Assignments dropdown, add the corresponding [Content-Only] role for each User Group
- Example: If "HR" appears in CloudRadial User Groups, add "HR [Content-Only]" to Role Assignments
- Save the Type Mapping
Applying the Fix:
Changes take effect during the next user sync. All companies sync automatically overnight with your PSA, or you can force an immediate sync:
- Navigate to Partner > Clients
- Click on the company
- Press the Sync button
Role Limits and Your Subscription
| UCP Tier | Role Limit |
| Enterprise | Unlimited |
| Professional | 10 Roles |
| Starter | No Custom Roles |
If you're on the Professional and Starter tiers, you may find yourself over your limit after migration if you have custom User Groups. Here's what you need to know:
- No penalty, no extra charge. We're not going to penalize you for exceeding your role limit due to the migration. This is on us.
- You can edit and delete your migrated roles. All migrated roles are fully manageable. Consolidate them, rename them, or delete the ones you don't need.
- UCP Professional Partners - You can't create new roles until you're back under your 10 limit. Once you clean up and get back to 10 or fewer roles, you'll be able to create new ones again.
Think of the extra roles as a buffer we've given you to ensure nothing breaks during the transition. Take your time cleaning up, as there's no deadline or charges for the overages on role allotments.
What You Need to Do
Nothing is required immediately. Your content is flowing, your users have access, and everything works. The migration handled the heavy lifting.
When you're ready, you can optionally clean up your [Content-Only] roles. You can merge them into existing roles, consolidate duplicates, or delete ones you no longer need. We've published a separate guide on cleanup best practices to help you simplify your role structure.
This article is coming soon - check back later.
Where to Find Things in the New UI
Your migrated Roles can be found under Partner > Security > Roles (tab). You'll see your system default Roles alongside any custom Roles you created, plus the newly migrated [Content-Only] ones.
-
TIP: Sort by Description, it'll make it easier to see which roles were migrated over.
Content management now uses Roles as well, these are Role Restrictions, so you'll see content packages using the Roles dropdown instead of User Groups. Moving forward, Content without a Role Restriction applied will be visible to Everyone.
Everywhere you previously selected User Groups - from content packages, broadcast messages, and type mappings - you'll now see a dropdown to limit visibility only for users with selected Roles.
Frequently Asked Questions
Should my end users notice any change?
- No. End users should continue to see exactly the same content they did before. The migration is entirely behind the scenes from their perspective.
Can I still create custom groupings for content distribution?
- Yes. Create custom Roles under Security > Roles and assign users to them. These Roles can be targeted when deploying content packages using Role Restrictions, just like User Groups were previously.
What if I had both a User Group and a Role with the same name?
- The migration merged them. Users from the User Group were added to the existing Role, and no duplicate was created.
I'm over my Role limit after migration. Am I being charged extra?
- No. Regardless of whether you're on UCP Professional or Starter, we're not charging extra for Roles created during the migration that exceed your limit. You can continue using them while you clean up. Once you're back at or under your tier's limit, you'll be able to create new Roles again (if you're on UCP Professional).
Do I have to clean up my Roles right away?
- No. Everything continues to function as expected. Cleanup is optional and can be done at your own pace. Some partners prefer to leave their migrated Roles as-is if they're still being used for content distribution.
What happened to the 'Everyone' and 'Admin' User Groups?
- They followed the same rules. If you already had Roles named "Everyone" or "Admin," the User Groups merged into them. If not, Admin becomes a Content-Only Role and content assigned to Everyone will show up with the Role Restriction filter empty. Follow our article on clean-up to learn how to best consolidate them.
What if I need help cleaning things up?
- We're here to help. If the roles transition created confusion, please reach out to our support at support@cloudradial.com so that we can help you through the migration and deprecation of User Groups.
Comments
0 comments
Article is closed for comments.