While you can provide detailed security for every person individually, it's often tedious and problematic. Security roles, on the other hand, are much more flexible and far less prone to error. TipWe highly recommend learning the Rock pattern for security before making changes or additions. It's always easier to swim downstream than upstream, but you must first know which way the river is flowing before you dive in. Having a well thought out strategy for security roles is critical. Too simple and individuals might have more rights than they need; too complex and security will be difficult to maintain. We've worked hard to lay a security foundation that makes sense for you to build on. We strongly recommend you closely review the security roles that ship with Rock before you start setting up your organization’s security. You can find those roles under Admin Tools > Settings > Security Roles. TipDo you have an existing group whose members also need access to a particular page or item? You can enable any group to also act as a security role. In the group viewer, simply check the group's Security Role property and it will show up in the security role lists. Elevated Security Levels Each security role has an Elevated Security Level setting. This setting is used by Rock to calculate a person's Account Protection Profile. There are three Elevated Security Level values to choose from. None: The role has no elevated security. This should be used sparingly, and only for roles that don't grant access to any areas that could expose any part of a person's information.High: The role has a low level of elevated security and doesn't grant access to sensitive areas.Extreme: We recommend using this level for any new roles you create that give access to anything inside Rock. This helps protect staff and volunteers from account hijack attempts and makes it more difficult to perform merges on their records.