List of Permissions
This page explains which user permissions to enable for each menu entry of the Portal.
The permissions are cumulative. For example, to edit an item you need to:
- have access to the service,
- be able to read the data,
- have the permission to edit the items.
Except if your have an administrator permission.
Super user¶
A super user is a user who can access any menu entry of his instance and who can perform any action.
No other permissions are needed.
You just need to have the permission *=*
.
Administration¶
Feature | Permission |
---|---|
Access to the service configuration | admin=view |
Read the users | users=read('./*') |
Edit the users (cannot delete users) | users=edit |
Do everything on the users | users=* |
Read the permission sets | permsets=read('*') |
Edit the permission sets | permsets=edit |
Do everything on the permission sets | permsets=* |
Permission sets:
- read only the users:
admin=view
andusers=read('./*')
- edit the users:
admin=view
andusers=read('./*')
andusers=edit
- administrate the users:
admin=view
andusers=read('./*')
andusers=*
- read only the permissions:
admin=view
andpermsets=read('*')
- edit the permissions:
admin=view
andpermsets=read('*')
andpermsets=edit
- administrate the permissions:
admin=view
andpermsets=*
Data Models¶
Note
The action edit
includes: create, update, rename, duplicate, delete, export and import.
Feature | Permission |
---|---|
Access to the service configuration | datamodels=view |
Read the data models | datamodels=read |
Edit the data models | datamodels=edit |
Do everything on the service | datamodels=* |
Permission sets:
- read only:
datamodels=view
anddatamodels=read
- edit:
datamodels=view
anddatamodels=read
anddatamodels=edit
- administrate:
datamodels=*
Home Pages¶
Note
The action edit
includes: customize, create, update, rename, duplicate, delete, export and import.
Feature | Permission |
---|---|
Access to the service configuration | homepages=view |
Read the home pages | homepages=read |
Edit the home pages | homepages=edit |
Customize the home pages | homepages=customize-own |
Access to counters when editing the home pages | homepages=counters |
Access to frames when editing the home pages | homepages=frames |
Access to reports when editing the home pages | homepages=reports |
Do everything on the service | homepages=* |
Permission sets:
- read only:
homepages=view
andhomepages=read
- customize:
homepages=view
andhomepages=read
andhomepages=customize-own
- edit:
homepages=view
andhomepages=read
andhomepages=edit
- add new modules in your home page:
homepages=counters
andhomepages=frames
andhomepages=reports
- administrate:
homepages=*
Reports¶
Note
The action edit
includes: create, update, rename, duplicate, delete, export and import.
Feature | Permission |
---|---|
Access to the service configuration | reports=view |
Read the reports | reports=read |
Edit the reports | reports=edit |
Do everything on the service | reports=* |
Permission sets:
- read only:
reports=view
andreports=read
- edit:
reports=view
andreports=read
andreports=edit
- administrate:
reports=*
Routes¶
Note
The action edit
includes: create, update, rename, duplicate, delete, export and import.
Feature | Permission |
---|---|
Access to the service configuration | routes=view |
Read the routes | routes=read |
Edit and execute the routes | routes=edit |
Do everything on the service | routes=* |
Permission sets:
- read only:
routes=view
androutes=read
- edit and execute:
routes=view
androutes=read
androutes=edit
- administrate:
routes=*
Routing Orders¶
Note
The action edit
includes: update, delete and export.
Feature | Permission |
---|---|
Access to the service configuration | routingorders=view |
Read the routing orders | routingorders=read |
Edit and reprocess the routing orders | routingorders=edit |
Do everything on the service | routingorders=* |
Permission sets:
- read only:
routingorders=view
androutingorders=read
- edit and reprocess:
routingorders=view
androutingorders=read
androutingorders=edit
- administrate:
routingorders=*
Scripts¶
Note
The action edit
includes: create, update, rename, duplicate, delete, export and import.
Feature | Permission |
---|---|
Access to the service configuration | scripts=view |
Read the scripts | scripts=read |
Execute the scripts | scripts=run |
Edit the scripts | scripts=edit |
Do everything on the service | scripts=* |
Permission sets:
- read only:
scripts=view
andscripts=read
- execute:
scripts=view
andscripts=run
- edit:
scripts=view
andscripts=read
andscripts=edit
- administrate:
scripts=*
Stripe Payments¶
Feature | Permission |
---|---|
Access to the service configuration | stripe=view |
Read the data | stripe=read |
Be assigned to a payment task | workflow=role('Invoice Payers') |
Pay an invoice | stripe=pay |
Do everything on the service | stripe=* |
Permission sets:
- read only:
stripe=view
andstripe=read
- edit:
scripts=*
- pay:
workflow=role('Invoice Payers')
andstripe=pay
Tables¶
Note
The action edit
includes: create, update, rename, duplicate and import.
The action allow
include: export.
Feature | Permission |
---|---|
Access to the service configuration | tables=view |
Read all the tables and their records | tables=allow(*) |
Read only the records of Table1 and Table 2 | tables=allow('Table1'(*), 'Table2'(*)) |
Read the records in Table1 where column1 has the value1 | tables=allow('Table1'('column1'='value1')) |
Edit a table’s structure | tables=edit-table |
Delete a table’s structure | tables=delete-table |
Edit a table’s records | tables=edit-data |
Delete a table’s records | tables=delete-data |
Edit and delete a table’structure and records | tables=* |
Permission sets:
- read only:
tables=view
andtables=allow(*)
- edit structure:
tables=view
andtables=allow(*)
andtables=edit-table
- edit structure and data:
tables=view
andtables=allow(*)
andtables=edit-table
andtables=edit-data
- delete structure and records:
tables=view
andtables=allow(*)
andtables=delete-table
andtables=delete-data
- administrate:
tables=allow(*)
andtables=*
Transactions¶
Be a Transactions admin
You have to enable the permissions: transactions=*
and transactions=allow(*)
.
View the Transactions
You have to enable the permissions: transactions=view
and a variant of the allow permission:
Feature | Permission |
---|---|
Allow you to see all type of transactions (messages, workflow tasks …) | transactions=allow(*) |
Allow you to see all the transactions in the view VIEW_NAME |
transactions=allow('VIEW_NAME'(*)) |
Allow you to see the transactions in the view VIEW_NAME that are assigned to your unit |
transactions=allow('VIEW_NAME'(UNIT)) and orgs=read |
Allow you to see the transactions in the view VIEW_NAME that are assigned to you |
transactions=allow('VIEW_NAME'(USER)) and orgs=read |
Allow you to see the transactions in the view VIEW_NAME that are assigned to your branch |
transactions=allow('VIEW_NAME'(BRANCH)) and orgs=read |
Allow you to see the transactions in the view VIEW_NAME that are assigned to you email address |
transactions=allow('VIEW_NAME'('UserEmail'='%USER.EMAIL%')) |
Allow you to see the transactions in the view VIEW_NAME that check a condition |
transactions=allow('VIEW_NAME'('SEARCHABLE_NAME'='VALUE')) |
Other permissions sets
Permission scope | Description |
---|---|
transactions=view |
The user can search transactions (within the filters specified in allow) and view the content of the transactions. |
transactions=edit-form |
The user can edit and save a transaction, only if a form is provided (formjs for the moment) and only via the form display (no access to XML source). |
transactions=edit-all |
The user can view, edit and save a transaction. Changing the values of the element that constitutes the keys of the transaction will currently create a new transaction (it is an upsert). |
transactions=reprocess |
The user can trigger the reprocessing of a transaction. |
transactions=delete |
The user can delete a transaction. |
transactions=* |
The user can view, edit, reprocess and delete a transaction. |
Create a new Transaction
Note
The messages submit library has not been migrated yet, thus the permission’s feature is still messages
.
You have to enable a variant of the submit
permission:
Feature | Permission |
---|---|
Allow you to create a new transaction by uploading a single or a bulk of files | messages=submit(*) |
Allow you to create a new transaction by uploading a file | messages=submit('single') |
Allow you to create a new transaction by uploading a bulk of files | messages=submit('bulk') |
Views¶
Note
The action edit
includes: create, update, rename, duplicate, export and import.
Feature | Permission |
---|---|
Access to the service configuration | views=view |
Read the views | views=read |
Edit the views | views=edit |
Do everything on the service | views=* |
Permission sets:
- read only:
views=view
andviews=read
- edit:
views=view
andviews=read
andviews=edit
- administrate:
views=*
Workflow Steps¶
Note
The action edit
includes: create, update, rename, duplicate, export and import.
Feature | Permission |
---|---|
Access to the service configuration | workflowsteps=view |
Read the workflow steps | workflowsteps=read |
Edit the workflow steps | workflowsteps=edit |
Do everything on the service | workflowsteps=* |
Permission sets:
- read only:
workflowsteps=view
andworkflowsteps=read
- edit:
workflowsteps=view
andworkflowsteps=read
andworkflowsteps=edit
- administrate:
workflowsteps=*
Workflow Tasks¶
Be a Workflow Tasks admin
You have to enable the permissions: transactions=*
and transactions=allow(*)
.
View the Workflow Tasks
You have to enable a variant of the allow permission:
Feature | Permission |
---|---|
Allow you to see all type of transactions (messages, workflow tasks …) | transactions=allow(*) |
Allow you to see all the workflow tasks in the view WORKFLOW_VIEW_NAME |
transactions=allow('WORKFLOW_VIEW_NAME'(*)) |
Allow you to see the workflow tasks in the view WORKFLOW_VIEW_NAME that are assigned to your unit |
transactions=allow('WORKFLOW_VIEW_NAME'(UNIT)) and orgs=read |
Allow you to see the workflow tasks in the view WORKFLOW_VIEW_NAME that are assigned to you |
transactions=allow('WORKFLOW_VIEW_NAME'(USER)) and orgs=read |
Allow you to see the workflow tasks in the view WORKFLOW_VIEW_NAME that are assigned to your branch |
transactions=allow('WORKFLOW_VIEW_NAME'(BRANCH)) and orgs=read |
Allow you to see the workflow tasks in the view WORKFLOW_VIEW_NAME that are assigned to you email address |
transactions=allow('WORKFLOW_VIEW_NAME'('Assignee'='%USER.EMAIL%')) |
Allow you to see the workflow tasks in the view WORKFLOW_VIEW_NAME that check a condition |
transactions=allow('WORKFLOW_VIEW_NAME'('SEARCHABLE_NAME'='VALUE')) |
Be assigned to a Workflow Task
You have to enable the permission: workflow=role('ROLE_NAME')
, where ROLE_NAME
is the role defined in the workflow step.