List of permissions
This page explains which user permissions to enable for each menu entry of the Portal.
The permissions are cumulative. For example, to edit an item you need to:
- have access to the service,
- be able to read the data,
- have the permission to edit the items.
Except if your have an administrator permission.
Super user¶
A super user is a user who can access any menu entry of his instance and who can perform any action.
No other permissions are needed.
You just need to have the permission *=*.
Administration¶
| Feature | Permission |
|---|---|
| Access to the service configuration | admin=view |
| Read the users | users=read('./*') |
| Edit the users (cannot delete users) | users=edit |
| Do everything on the users | users=* |
| Read the permission sets | permsets=read('*') |
| Edit the permission sets | permsets=edit |
| Do everything on the permission sets | permsets=* |
Permission sets:
- read only the users:
admin=viewandusers=read('./*') - edit the users:
admin=viewandusers=read('./*')andusers=edit - administrate the users:
admin=viewandusers=read('./*')andusers=* - read only the permissions:
admin=viewandpermsets=read('*') - edit the permissions:
admin=viewandpermsets=read('*')andpermsets=edit - administrate the permissions:
admin=viewandpermsets=*
Data Models¶
Note
The action edit includes: create, update, rename, duplicate, delete, export and import.
| Feature | Permission |
|---|---|
| Access to the service configuration | datamodels=view |
| Read the data models | datamodels=read |
| Edit the data models | datamodels=edit |
| Do everything on the service | datamodels=* |
Permission sets:
- read only:
datamodels=viewanddatamodels=read - edit:
datamodels=viewanddatamodels=readanddatamodels=edit - administrate:
datamodels=*
Home Pages¶
Note
The action edit includes: customize, create, update, rename, duplicate, delete, export and import.
| Feature | Permission |
|---|---|
| Access to the service configuration | homepages=view |
| Read the home pages | homepages=read |
| Edit the home pages | homepages=edit |
| Customize the home pages | homepages=customize-own |
| Access to counters when editing the home pages | homepages=counters |
| Access to frames when editing the home pages | homepages=frames |
| Access to reports when editing the home pages | homepages=reports |
| Do everything on the service | homepages=* |
Permission sets:
- read only:
homepages=viewandhomepages=read - customize:
homepages=viewandhomepages=readandhomepages=customize-own - edit:
homepages=viewandhomepages=readandhomepages=edit - add new modules in your home page:
homepages=countersandhomepages=framesandhomepages=reports - administrate:
homepages=*
Messages¶
Be a Messages admin
You have to enable the permissions: messages=* and messages=allow(*).
View the Messages
You have to enable the permissions: messages=view and a variant of the allow permission:
| Feature | Permission |
|---|---|
| Allow you to see all type of documents (messages, work items …) | messages=allow(*) |
Allow you to see all the messages in the view VIEW_NAME |
messages=allow('VIEW_NAME'(*)) |
Allow you to see the messages in the view VIEW_NAME that are assigned to your unit |
messages=allow('VIEW_NAME'(UNIT)) and orgs=read |
Allow you to see the messages in the view VIEW_NAME that are assigned to you |
messages=allow('VIEW_NAME'(USER)) and orgs=read |
Allow you to see the messages in the view VIEW_NAME that are assigned to your branch |
messages=allow('VIEW_NAME'(BRANCH)) and orgs=read |
Allow you to see the messages in the view VIEW_NAME that are assigned to you email address |
messages=allow('VIEW_NAME'('UserEmail'='%USER.EMAIL%')) |
Allow you to see the messages in the view VIEW_NAME that check a condition |
messages=allow('VIEW_NAME'('SEARCHABLE_NAME'='VALUE')) |
Reprocess a Message
You have to enable the permission: messages=reprocess.
Create a new Message
You have to enable a variant of the submit permission:
| Feature | Permission |
|---|---|
| Allow you to create a new message by uploading a single or a bulk of files | messages=submit(*) |
| Allow you to create a new message by uploading a file | messages=submit('single') |
| Allow you to create a new message by uploading a bulk of files | messages=submit('bulk') |
Reports¶
Note
The action edit includes: create, update, rename, duplicate, delete, export and import.
| Feature | Permission |
|---|---|
| Access to the service configuration | reports=view |
| Read the reports | reports=read |
| Edit the reports | reports=edit |
| Do everything on the service | reports=* |
Permission sets:
- read only:
reports=viewandreports=read - edit:
reports=viewandreports=readandreports=edit - administrate:
reports=*
Routes¶
Note
The action edit includes: create, update, rename, duplicate, delete, export and import.
| Feature | Permission |
|---|---|
| Access to the service configuration | routes=view |
| Read the routes | routes=read |
| Edit and execute the routes | routes=edit |
| Do everything on the service | routes=* |
Permission sets:
- read only:
routes=viewandroutes=read - edit and execute:
routes=viewandroutes=readandroutes=edit - administrate:
routes=*
Routing Orders¶
Note
The action edit includes: update, delete and export.
| Feature | Permission |
|---|---|
| Access to the service configuration | routingorders=view |
| Read the routing orders | routingorders=read |
| Edit and reprocess the routing orders | routingorders=edit |
| Do everything on the service | routingorders=* |
Permission sets:
- read only:
routingorders=viewandroutingorders=read - edit and reprocess:
routingorders=viewandroutingorders=readandroutingorders=edit - administrate:
routingorders=*
Scripts¶
Note
The action edit includes: create, update, rename, duplicate, delete, export and import.
| Feature | Permission |
|---|---|
| Access to the service configuration | scripts=view |
| Read the scripts | scripts=read |
| Execute the scripts | scripts=run |
| Edit the scripts | scripts=edit |
| Do everything on the service | scripts=* |
Permission sets:
- read only:
scripts=viewandscripts=read - execute:
scripts=viewandscripts=run - edit:
scripts=viewandscripts=readandscripts=edit - administrate:
scripts=*
Stripe Payments¶
| Feature | Permission |
|---|---|
| Access to the service configuration | stripe=view |
| Read the data | stripe=read |
| Be assigned to a payment task | workflow=role('Invoice Payers') |
| Pay an invoice | stripe=pay |
| Do everything on the service | stripe=* |
Permission sets:
- read only:
stripe=viewandstripe=read - edit:
scripts=* - pay:
workflow=role('Invoice Payers')andstripe=pay
Tables¶
Note
The action edit includes: create, update, rename, duplicate, export and import.
| Feature | Permission |
|---|---|
| Access to the service configuration | tables=view |
| Read all the tables and their records | tables=allow(*) |
| Read only the records of Table1 and Table 2 | tables=allow('Table1'(*), 'Table2'(*)) |
| Read the records in Table1 where column1 has the value1 | tables=allow('Table1'('column1'='value1')) |
| Edit a table’s structure | tables=edit-table |
| Delete a table’s structure | tables=delete-table |
| Edit a table’s records | tables=edit-data |
| Delete a table’s records | tables=delete-data |
| Edit and delete a table’structure and records | tables=* |
Permission sets:
- read only:
tables=viewandtables=allow(*) - edit structure:
tables=viewandtables=allow(*)andtables=edit-table - edit structure and data:
tables=viewandtables=allow(*)andtables=edit-tableandtables=edit-data - delete structure and records:
tables=viewandtables=allow(*)andtables=delete-tableandtables=delete-data - administrate:
tables=allow(*)andtables=*
Workflow Steps¶
Note
The action edit includes: create, update, rename, duplicate, export and import.
| Feature | Permission |
|---|---|
| Access to the service configuration | workflow=view |
| Read the workflow steps | workflow=read |
| Edit and reprocess the workflow steps | workflow=edit |
| Do everything on the service | workflow=* |
Permission sets:
- read only:
workflow=viewandworkflow=read - edit and reprocess:
workflow=viewandworkflow=readandworkflow=edit - administrate:
workflow=*
Work Items¶
Be a Work Items admin
You have to enable the permissions: messages=* and messages=allow(*).
View the Work Items
You have to enable the permissions: workflows=view and a variant of the allow permission:
| Feature | Permission |
|---|---|
| Allow you to see all type of documents (messages, work items …) | messages=allow(*) |
| Allow you to see all the messages in the Work Items views | messages=allow('WORK_ITEMS_VIEW_NAME'(*)) |
Allow you to see the Work Items in the view WORK_ITEMS_VIEW_NAME that are assigned to your unit |
messages=allow('WORK_ITEMS_VIEW_NAME'(UNIT)) and orgs=read |
Allow you to see the Work Items in the view WORK_ITEMS_VIEW_NAME that are assigned to you |
messages=allow('WORK_ITEMS_VIEW_NAME'(USER)) and orgs=read |
Allow you to see the Work Items in the view WORK_ITEMS_VIEW_NAME that are assigned to your branch |
messages=allow('WORK_ITEMS_VIEW_NAME'(BRANCH)) and orgs=read |
Allow you to see the Work Items in the view WORK_ITEMS_VIEW_NAME that are assigned to you email address |
messages=allow('WORK_ITEMS_VIEW_NAME'('Assignee'='%USER.EMAIL%')) |
Allow you to see the Work Items in the view WORK_ITEMS_VIEW_NAME that check a condition |
messages=allow('WORK_ITEMS_VIEW_NAME'('SEARCHABLE_NAME'='VALUE')) |
Be assigned to a Work Item
You have to enable the permission: workflows=role('ROLE_NAME'), where ROLE_NAME is the role defined in the workflow step.