Predefined roles and permissions

The permissions and predefined roles that are available depend on the services that are installed. When you add a user or group, you must specify the role that they have.

Jump to the appropriate section for more information:

What permissions do I have?

You can see what permissions you have from your profile. Your permissions are determined by the roles that are assigned to you.

To see what roles are assigned to you:

  1. Click your avatar in the toolbar.
  2. Click Profile and settings.
  3. Open the Roles tab.

The permissions that are associated with your role (or roles) are listed in the Enabled permissions column.

Predefined roles

A role defines the permissions that a user or group has.

You can edit the default roles or create new roles if the default set of permissions in a role does not align with your business needs. For more information, see Managing roles.

Definitions for each permission are provided in Permissions.

Table 1. Default roles
Role Permissions Services that contribute permissions Service that creates the role
Administrator - Administer platform
- Create service instances
Platform UI Platform UI
User - Access assigned services Platform UI Platform UI

When you install the following services, the following permissions are added to the platform. However, the permissions are not automatically added to a role. If you want to use these permissions, you must add them to a role.

Table 2. Default permissions
Service Permissions not associated with a role by default
Platform UI - Configure authentication
- Configure platform
- Manage and monitor platform
- Manage groups
- Manage users

The default user (admin) is automatically assigned the following roles when the roles are added to the platform:

Permissions

The following table describes the actions that are associated with each permission.

Table 3. Actions
Category Permission Description Service that contributes the permission
Administration Administer platform Users with this permission can:
- Manage access to the console
- Configure connection to an identity provider (LDAP server).

The following actions are not listed in the console, but are also included in the Administer platform permission:
- Add, edit, and remove roles
- Add, edit, and remove groups
- Add and remove users from groups
- Manage the roles that are associated with a group
- Customize the platform

Users with this permission have elevated privileges and can grant or revoke all permissions, including permissions in the Administration category.
Platform UI
Administration Configure authentication Users with this permission can:
- Add, edit, and remove new user roles
Platform UI
Administration Manage groups Users with this permission can:
- Add, edit, and remove groups
- Add and remove from groups
- Manage the roles that are associated with a group
Platform UI
Administration Manage users Users with this permission can:
- Add, edit, and remove new user profiles
Platform UI
Administration Create service instances Users with this permission can:
- Create an instance of a service
Platform UI
Knowledge work Access assigned services Users with this permission can:
- Use services that are available to all users
- Use services to which they have explicit access
Platform UI