Document toolboxDocument toolbox

(no) User Permissions

Owned by Maciej Zabielski
Sept 06, 2022
3 min read

Translation needed

The content of this page was copied from another page tree and needs to be translated or updated.

When you finish translation, make sure to

  • Replace the label NEEDS-TRANSLATING with TRANSLATED

  • Remove this macro from the page



Since v4.4.0

Introduction

User permissions control what actions user can perform in the system. They are part of the access control system that also includes (no) FeltnivÄsikkerhet (FLS) and (no) Object Security.

Each operation or each service that provides or updates data requires one specific permission. 

Managing permissions

Permissions can be managed by users that have Manage System Permissions permission assigned.

To manage permission assignments, please go to system Administration → Users and Groups → User Permissions

Permissions are organized in Permission Sets. In this screenshot a Security Administrator set includes all Administrator permissions and several specific permissions like Anonymize User.

Assignments can be made on any level, so a specific user or group can be assigned to individual permission or to entire set. 

When a user is assigned to a set, then all permissions within the set will be granted. It's advised to use groups and organize them as needed in specific organization. 

Then assign these groups to as many permissions or sets as needed. Later on, manage permissions by adding or removing users from such groups. 

Evaluate user permissions

If Security Administrator is uncertain what permissions did the user get, they can be checked by using "check effective rights" button located on the user list. 

This list includes direct assignments but also all permissions granted via group membership or via permission sets inclusion (e.g. one sets includes another set). 

Permissions and functions

Permissions marked with  should be assigned with caution only to selected administartors.

Set

Permission

Description

Set

Permission

Description

Administrator

Access Basic Admin Operations

Access basic administrative operations and admin panel and manage:

  • events

  • search configuration

  • TOBIS (object identity) configuration

  • area calculation

  • attachments, icons, files

  • auto linking

  • field rules

  • dictionaries

  • dynamic labels

  • global layers

  • print and macro settings

  • access SLA reports

View Audit Trail

View object audit trail (object changes)

Advanced Archive Manager

Manage All Drafts

Ability to manage all drafts in the system

Publish Drafts to Master

Publish drafts to master archive

View All Drafts

View all drafts in the system (including the ones that are not shared with other users)

Revert Published Version

Ability to revert published version. This is a very powerful function that will remove history of changes and should be assigned with care.

View Versioning Audit

View versioning audit log

Set Version as Default

Ability to set selected version as default (version that is already in master archive / published)

Edit Master Archive Versions

Ability to edit versions published to master (e.g. change name)

Basic Archive Manager

Manage Own Drafts

Create and manage private drafts, including share / unshare

View Shared Drafts

Ability to view shared drafts

View Master Archive Versions

Ability to view Master archive (published) versions

Change Manager

Manage Change Requests

Ability to manage change requests (process)

Change Reporter

Report Change Requests

Ability to report (register new) change requests

Data Exchange Manager

View Data Exchange Audit

View "Data Exchange Activity" log

Data Exchange - Import

Ability to run data import functions

Data Exchange - Export

Ability to run data export functions

Security Administrator

View Object/System Diagnostics

Access to system diagnostic functions (bypass object security) (no) System Diagnostic Reports

Manage System Permissions

Manage system / user permissions

Manage Object and Field level Security

Manage object security (assign (no) Object Security) and (no) FeltnivÄsikkerhet (FLS) (assign security per field)

Anonymize User (GDPR)

Access to anonymize function for users.

Secure Erase Objects and Metadata

Access to "secure erase" function for objects and metadata.

Manage Security Settings

Manage general security settings like:

  • access tokens for integrations

This permission includes additionally:

  • view-realm

  • manage-authorization

  • manage-clients

  • manage-identity-providers

  • manage-realm

  • view-clients

  • view-identity-providers

View Object Audit

View object audit log (Object Activity Log).

Manage Users and Groups

Manage system users (basic user operations like add, edit, delete) and groups (add, edit, delete, edit members)

This permission includes additionally:

  • view-realm

  • manage-users

  • query-users

  • view-users

View User Activity Audit

View user activity audit log ("User activity & security" log)

System Administrator

Manage System Settings

Manage system settings like:

  •  

    • manage settings for plugins (e.g. area calculations, auto linking

    • Manage system object classes, perspectives and activate configurations

    • manage plugin events

    • manage file formats

    • manage layouts

    • manage system translations

    • manage map data sources

This permission includes additionally:

  • view-realm

  • manage-authorization

  • manage-clients

  • manage-identity-providers

  • manage-realm

  • view-clients

  • view-identity-providers

User

System User

Ability to log in and use the system basic operations (access objects, documents, search, print, etc)

Anonymous API

Access anonymous API

Manage Account