Since v4.4.0

Introduction

User permissions determine the actions users can perform within the system. They are integral to the access control system, which also encompasses Field Level Security (FLS) and Object Security.

Every operation or service that provides or updates data requires a specific permission.

Managing Permissions

Permissions can be managed by users who have been assigned the Manage System Permissions permission.

To manage permission assignments, navigate to system Administration → Users and Groups → User Permissions.

Permissions are organized into Permission Sets. The screenshot below shows a Security Administrator set comprising all Administrator permissions and several specific permissions such as Anonymize User.

Assignments can be made at any level, allowing specific users or groups to be assigned to individual permissions or entire sets.

When a user is assigned to a set, all permissions within the set are granted. It is recommended to use groups and organize them according to the specific needs of the organization.

Then, these groups can be assigned to as many permissions or sets as necessary. Subsequently, manage permissions by adding or removing users from such groups.

Evaluate user permissions

If a Security Administrator is uncertain about the permissions granted to a user, they can be checked by using the "check effective rights" button located on the user list.

This list includes direct assignments as well as all permissions granted via group membership or through permission sets inclusion (e.g. one set includes another set).

Permissions and functions

Permissions marked with should be assigned with caution only to selected administrators.

Set	Permission	Description

Set	Permission	Description
Administrator	Access Basic Admin Operations remoived in 5.0	Access basic administrative operations and admin panel and manage: events search configuration TOBIS (object identity) configuration area calculation attachments, icons, files auto linking field rules dictionaries dynamic labels global layers print and macro settings access SLA reports
Administrator	View Audit Trail	View object audit trail (object changes)
	Share User Items	General ability to share various “user created items” like grid filters, saved searches, object sets etc.
	Change System GUID This operation updates Master GUID across versions, assign this permission with care.	This permission allows to modify object Master GUID (FM GUID) for objects.
	Since 5.0 Administer: Reports Dynamic Labels Grid Filters Quick Search Dictionaries Field Validators Icons Printing Map Data Sources Layouts Translations Presentations Global Layers Text Macros	A number of permissions giving access to specific basic administration tasks.
Advanced Archive Manager	Manage All Drafts	Ability to manage all drafts in the system
	Publish Drafts to Master	Publish drafts to master archive
	View All Drafts	View all drafts in the system (including the ones that are not shared with other users)
	Revert Published Version	Ability to revert published version. This is a very powerful function that will remove history of changes and should be assigned with care.
	View Versioning Audit	View versioning audit log
	Set Version as Default	Ability to set selected version as default (version that is already in master archive / published)
	Edit Master Archive Versions	Ability to edit versions published to master (e.g. change name)
Basic Archive Manager	Manage Own Drafts	Create and manage private drafts, including share / unshare
	View Shared Drafts	Ability to view shared drafts
	View Master Archive Versions	Ability to view Master archive (published) versions
Change Manager	Manage Change Requests	Ability to manage change requests (process)
Change Reporter	Report Change Requests	Ability to report (register new) change requests
Data Exchange Manager	View Data Exchange Audit	View "Data Exchange Activity" log
	Data Exchange - Import	Ability to run data import functions
	Data Exchange - Export	Ability to run data export functions
Security Administrator	View Object/System Diagnostics	Access to system diagnostic functions (bypass object security) System Diagnostic Reports
	Manage System Permissions	Manage system / user permissions
	Manage Object and Field level Security	Manage object security (assign Object Security) and Field Level Security (FLS) (assign security per field)
	Anonymize User (GDPR)	Access to anonymize function for users.
	Secure Erase Objects and Metadata	Access to "secure erase" function for objects and metadata.
	Manage Security Settings User with this permission is able to view all objects, regardless of their security mask when in Admin mode!	Manage general security settings like: access tokens for integrations This permission includes additionally: view-realm manage-authorization manage-clients manage-identity-providers manage-realm view-clients view-identity-providers
	View Object Audit	View object audit log (Object Activity Log).
	Manage Users and Groups	Manage system users (basic user operations like add, edit, delete) and groups (add, edit, delete, edit members) This permission includes additionally: view-realm manage-users query-users view-users
	View User Activity Audit	View user activity audit log ("User activity & security" log)
System Administrator	Manage System Settings	Manage system settings like: manage settings for plugins (e.g. area calculations, auto linking Manage system object classes, perspectives and activate configurations manage plugin events manage file formats manage layouts manage system translations manage map data sources This permission includes additionally: view-realm manage-authorization manage-clients manage-identity-providers manage-realm view-clients view-identity-providers
User	System User	Ability to log in and use the system basic operations (access objects, documents, search, print, etc)
	Anonymous API	Access anonymous API
	Manage Account