List of permissions

This page explains which user permissions to enable for each menu entry of the Portal.

The permissions are cumulative. For example, to edit an item you need to:

  • have access to the service,
  • be able to read the data,
  • have the permission to edit the items.

Except if your have an administrator permission.

Super user

A super user is a user who can access any menu entry of his instance and who can perform any action. No other permissions are needed. You just need to have the permission *=*.

Administration

Feature Permission
Access to the service configuration admin=view
Read the users users=read('./*')
Edit the users (cannot delete users) users=edit
Do everything on the users users=*
Read the permission sets permsets=read('*')
Edit the permission sets permsets=edit
Do everything on the permission sets permsets=*

Permission sets:

  • read only the users: admin=view and users=read('./*')
  • edit the users: admin=view and users=read('./*') and users=edit
  • administrate the users: admin=view and users=read('./*') and users=*
  • read only the permissions: admin=view and permsets=read('*')
  • edit the permissions: admin=view and permsets=read('*') and permsets=edit
  • administrate the permissions: admin=view and permsets=*

Data Models

Note

The action edit includes: create, update, rename, duplicate, delete, export and import.

Feature Permission
Access to the service configuration datamodels=view
Read the data models datamodels=read
Edit the data models datamodels=edit
Do everything on the service datamodels=*

Permission sets:

  • read only: datamodels=view and datamodels=read
  • edit: datamodels=view and datamodels=read and datamodels=edit
  • administrate: datamodels=*

Home Pages

Note

The action edit includes: customize, create, update, rename, duplicate, delete, export and import.

Feature Permission
Access to the service configuration homepages=view
Read the home pages homepages=read
Edit the home pages homepages=edit
Customize the home pages homepages=customize-own
Access to counters when editing the home pages homepages=counters
Access to frames when editing the home pages homepages=frames
Access to reports when editing the home pages homepages=reports
Do everything on the service homepages=*

Permission sets:

  • read only: homepages=view and homepages=read
  • customize: homepages=view and homepages=read and homepages=customize-own
  • edit: homepages=view and homepages=read and homepages=edit
  • add new modules in your home page: homepages=counters and homepages=frames and homepages=reports
  • administrate: homepages=*

Messages

Be a Messages admin

You have to enable the permissions: messages=* and messages=allow(*).

View the Messages

You have to enable the permissions: messages=view and a variant of the allow permission:

Feature Permission
Allow you to see all type of documents (messages, work items …) messages=allow(*)
Allow you to see all the messages in the view VIEW_NAME messages=allow('VIEW_NAME'(*))
Allow you to see the messages in the view VIEW_NAME that are assigned to your unit messages=allow('VIEW_NAME'(UNIT)) and orgs=read
Allow you to see the messages in the view VIEW_NAME that are assigned to you messages=allow('VIEW_NAME'(USER)) and orgs=read
Allow you to see the messages in the view VIEW_NAME that are assigned to your branch messages=allow('VIEW_NAME'(BRANCH)) and orgs=read
Allow you to see the messages in the view VIEW_NAME that are assigned to you email address messages=allow('VIEW_NAME'('UserEmail'='%USER.EMAIL%'))
Allow you to see the messages in the view VIEW_NAME that check a condition messages=allow('VIEW_NAME'('SEARCHABLE_NAME'='VALUE'))

Reprocess a Message

You have to enable the permission: messages=reprocess.

Create a new Message

You have to enable a variant of the submit permission:

Feature Permission
Allow you to create a new message by uploading a single or a bulk of files messages=submit(*)
Allow you to create a new message by uploading a file messages=submit('single')
Allow you to create a new message by uploading a bulk of files messages=submit('bulk')

Reports

Note

The action edit includes: create, update, rename, duplicate, delete, export and import.

Feature Permission
Access to the service configuration reports=view
Read the reports reports=read
Edit the reports reports=edit
Do everything on the service reports=*

Permission sets:

  • read only: reports=view and reports=read
  • edit: reports=view and reports=read and reports=edit
  • administrate: reports=*

Routes

Note

The action edit includes: create, update, rename, duplicate, delete, export and import.

Feature Permission
Access to the service configuration routes=view
Read the routes routes=read
Edit and execute the routes routes=edit
Do everything on the service routes=*

Permission sets:

  • read only: routes=view and routes=read
  • edit and execute: routes=view and routes=read and routes=edit
  • administrate: routes=*

Routing Orders

Note

The action edit includes: update, delete and export.

Feature Permission
Access to the service configuration routingorders=view
Read the routing orders routingorders=read
Edit and reprocess the routing orders routingorders=edit
Do everything on the service routingorders=*

Permission sets:

  • read only: routingorders=view and routingorders=read
  • edit and reprocess: routingorders=view and routingorders=read and routingorders=edit
  • administrate: routingorders=*

Scripts

Note

The action edit includes: create, update, rename, duplicate, delete, export and import.

Feature Permission
Access to the service configuration scripts=view
Read the scripts scripts=read
Execute the scripts scripts=run
Edit the scripts scripts=edit
Do everything on the service scripts=*

Permission sets:

  • read only: scripts=view and scripts=read
  • execute: scripts=view and scripts=run
  • edit: scripts=view and scripts=read and scripts=edit
  • administrate: scripts=*

Stripe Payments

Feature Permission
Access to the service configuration stripe=view
Read the data stripe=read
Be assigned to a payment task workflow=role('Invoice Payers')
Pay an invoice stripe=pay
Do everything on the service stripe=*

Permission sets:

  • read only: stripe=view and stripe=read
  • edit: scripts=*
  • pay: workflow=role('Invoice Payers') and stripe=pay

Tables

Note

The action edit includes: create, update, rename, duplicate, export and import.

Feature Permission
Access to the service configuration tables=view
Read all the tables and their records tables=allow(*)
Read only the records of Table1 and Table 2 tables=allow('Table1'(*), 'Table2'(*))
Read the records in Table1 where column1 has the value1 tables=allow('Table1'('column1'='value1'))
Edit a table’s structure tables=edit-table
Delete a table’s structure tables=delete-table
Edit a table’s records tables=edit-data
Delete a table’s records tables=delete-data
Edit and delete a table’structure and records tables=*

Permission sets:

  • read only: tables=view and tables=allow(*)
  • edit structure: tables=view and tables=allow(*) and tables=edit-table
  • edit structure and data: tables=view and tables=allow(*) and tables=edit-table and tables=edit-data
  • delete structure and records: tables=view and tables=allow(*) and tables=delete-table and tables=delete-data
  • administrate: tables=allow(*) and tables=*

Workflow Steps

Note

The action edit includes: create, update, rename, duplicate, export and import.

Feature Permission
Access to the service configuration workflow=view
Read the workflow steps workflow=read
Edit and reprocess the workflow steps workflow=edit
Do everything on the service workflow=*

Permission sets:

  • read only: workflow=view and workflow=read
  • edit and reprocess: workflow=view and workflow=read and workflow=edit
  • administrate: workflow=*

Work Items

Be a Work Items admin

You have to enable the permissions: messages=* and messages=allow(*).

View the Work Items

You have to enable the permissions: workflows=view and a variant of the allow permission:

Feature Permission
Allow you to see all type of documents (messages, work items …) messages=allow(*)
Allow you to see all the messages in the Work Items views messages=allow('WORK_ITEMS_VIEW_NAME'(*))
Allow you to see the Work Items in the view WORK_ITEMS_VIEW_NAME that are assigned to your unit messages=allow('WORK_ITEMS_VIEW_NAME'(UNIT)) and orgs=read
Allow you to see the Work Items in the view WORK_ITEMS_VIEW_NAME that are assigned to you messages=allow('WORK_ITEMS_VIEW_NAME'(USER)) and orgs=read
Allow you to see the Work Items in the view WORK_ITEMS_VIEW_NAME that are assigned to your branch messages=allow('WORK_ITEMS_VIEW_NAME'(BRANCH)) and orgs=read
Allow you to see the Work Items in the view WORK_ITEMS_VIEW_NAME that are assigned to you email address messages=allow('WORK_ITEMS_VIEW_NAME'('Assignee'='%USER.EMAIL%'))
Allow you to see the Work Items in the view WORK_ITEMS_VIEW_NAME that check a condition messages=allow('WORK_ITEMS_VIEW_NAME'('SEARCHABLE_NAME'='VALUE'))

Be assigned to a Work Item

You have to enable the permission: workflows=role('ROLE_NAME'), where ROLE_NAME is the role defined in the workflow step.