Predefined roles and permissions
The permissions and predefined roles that are available depend on the services that are installed. When you add a user or group, you must specify the role that they have.
Jump to the appropriate section for more information:
What permissions do I have?
You can see what permissions you have from your profile. Your permissions are determined by the roles that are assigned to you.
To see what roles are assigned to you:
- Click your avatar in the toolbar.
- Click Profile and settings.
- Open the Roles tab.
The permissions that are associated with your role (or roles) are listed in the Enabled permissions column.
Predefined roles
A role defines the permissions that a user or group has.
You can edit the default roles or create new roles if the default set of permissions in a role does not align with your business needs. For more information, see Managing roles.
Definitions for each permission are provided in Permissions.
Role | Permissions | Services that contribute permissions | Service that creates the role |
---|---|---|---|
Administrator | - Administer platform - Create service instances |
Platform UI | Platform UI |
User | - Access assigned services | Platform UI | Platform UI |
When you install the following services, the following permissions are added to the platform. However, the permissions are not automatically added to a role. If you want to use these permissions, you must add them to a role.
Service | Permissions not associated with a role by default |
---|---|
Platform UI | - Configure authentication - Configure platform - Manage and monitor platform - Manage groups - Manage users |
The default user (admin
) is automatically assigned the following roles when the roles are added to the platform:
- Administrator
Permissions
The following table describes the actions that are associated with each permission.
Category | Permission | Description | Service that contributes the permission |
---|---|---|---|
Administration | Administer platform | Users with this permission can: - Manage access to the console - Configure connection to an identity provider (LDAP server). The following actions are not listed in the console, but are also included in the Administer platform permission: - Add, edit, and remove roles - Add, edit, and remove groups - Add and remove users from groups - Manage the roles that are associated with a group - Customize the platform Users with this permission have elevated privileges and can grant or revoke all permissions, including permissions in the Administration category. |
Platform UI |
Administration | Configure authentication | Users with this permission can: - Add, edit, and remove new user roles |
Platform UI |
Administration | Manage groups | Users with this permission can: - Add, edit, and remove groups - Add and remove from groups - Manage the roles that are associated with a group |
Platform UI |
Administration | Manage users | Users with this permission can: - Add, edit, and remove new user profiles |
Platform UI |
Administration | Create service instances | Users with this permission can: - Create an instance of a service |
Platform UI |
Knowledge work | Access assigned services | Users with this permission can: - Use services that are available to all users - Use services to which they have explicit access |
Platform UI |