Application permissions not contained under the SOX heading

Some application permissions are not contained under the SOX permission heading, but still have an impact on OpenPages® with Watson™ application behavior. Application permissions determine what functional areas and administrative operations a user or group is able to perform. Typically, users do not require these application permissions.

Users are generally granted the applicable permissions by being assigned to role templates that include those permissions.

All permission

Grants users and members of user groups all permissions and access to every functional and administrative area within OpenPages with Watson (web and server).

Administration permissions

The Administration permissions grant users and members of user groups the ability to archive and restore document versions and to enable and disable System Admin Mode.

Table 1. Administration permissions
Permission Description
Archive Management

Allows group members to archive and restore document versions.
System Administration Mode

Allows group members to enable and disable System Admin Mode and perform certain administrative functions. For details see, Enabling and disabling System Admin Mode.

API permissions

This permission enables users to run tools and utilities that use the REST API.

Table 2. API permissions
Permission Description
Administration > Background Process > Get Process Info

Required to run ObjectManager operations.

To run load, validate, and batch operations with ObjectManager, users also need the SOX > Administration > ImportConfiguration permission.

To run dump operations with ObjectManager, users also need the SOX > Administration > ExportConfiguration permission.
Administration > Background Process > Terminate Process
Required to run the following API processes:
  • In the OpenPages API: ProcessService.terminateProcess
  • In the OpenPages GRC REST API: 
    grc/api/processes/{processid}?action=terminate

Files permissions

This application permission grants all administrative permissions under the Files grouping that are related to managing files and folders.

Table 3. Files permissions
Permission Description
Add Folders

Allows group members to create and add new folders.
Cancel Checkout
Allows group members to cancel the file check-out process for associated files that were checked out by others. When a file check-out is canceled, the file is checked back into the system without applying any changes and no new version of the file is created.
Restriction: This permission applies only to file attachments (of the SOXDocument object type).
Lock

Allows group members to lock objects, regardless of sign-off or ACL restrictions.
Reassign Primary Association

Allows members of the user group to reassign primary parent associations and view the Make this object Primary icon on the Parent tab of an object, where object is the object type.
Remove All Tree Locks

Allows members of the user group to unlock resources and/or resource subtrees.
Unlock

Allows group members to unlock objects.

Publishing permissions

The Add Pages permission grants administrative permissions to make Cognos® and jsp reports available from the OpenPages with Watson application user interface.

Table 4. Publishing permissions
Permission Description
Add Pages

Allows group members to add reports.