Skip to content

List of Permissions

This page explains which user permissions to enable for each menu entry of the Portal.

The permissions are cumulative. For example, to edit an item you need to:

  • have access to the service,
  • be able to read the data,
  • have the permission to edit the items.

Except if your have an administrator permission.

Super user

A super user is a user who can access any menu entry of his instance and who can perform any action. No other permissions are needed. You just need to have the permission *=*.

Administration

Feature Permission
Access to the service configuration admin=view
Read the users users=read('./*')
Edit the users (cannot delete users) users=edit
Do everything on the users users=*
Read the permission sets permsets=read('*')
Edit the permission sets permsets=edit
Do everything on the permission sets permsets=*

Permission sets:

  • read only the users: admin=view and users=read('./*')
  • edit the users: admin=view and users=read('./*') and users=edit
  • administrate the users: admin=view and users=read('./*') and users=*
  • read only the permissions: admin=view and permsets=read('*')
  • edit the permissions: admin=view and permsets=read('*') and permsets=edit
  • administrate the permissions: admin=view and permsets=*

Data Models

Note

The action edit includes: create, update, rename, duplicate, delete, export and import.

Feature Permission
Access to the service configuration datamodels=view
Read the data models datamodels=read
Edit the data models datamodels=edit
Do everything on the service datamodels=*

Permission sets:

  • read only: datamodels=view and datamodels=read
  • edit: datamodels=view and datamodels=read and datamodels=edit
  • administrate: datamodels=*

Home Pages

Note

The action edit includes: customize, create, update, rename, duplicate, delete, export and import.

Feature Permission
Access to the service configuration homepages=view
Read the home pages homepages=read
Edit the home pages homepages=edit
Customize the home pages homepages=customize-own
Access to counters when editing the home pages homepages=counters
Access to frames when editing the home pages homepages=frames
Access to reports when editing the home pages homepages=reports
Do everything on the service homepages=*

Permission sets:

  • read only: homepages=view and homepages=read
  • customize: homepages=view and homepages=read and homepages=customize-own
  • edit: homepages=view and homepages=read and homepages=edit
  • add new modules in your home page: homepages=counters and homepages=frames and homepages=reports
  • administrate: homepages=*

Reports

Note

The action edit includes: create, update, rename, duplicate, delete, export and import.

Feature Permission
Access to the service configuration reports=view
Read the reports reports=read
Edit the reports reports=edit
Do everything on the service reports=*

Permission sets:

  • read only: reports=view and reports=read
  • edit: reports=view and reports=read and reports=edit
  • administrate: reports=*

Routes

Note

The action edit includes: create, update, rename, duplicate, delete, export and import.

Feature Permission
Access to the service configuration routes=view
Read the routes routes=read
Edit and execute the routes routes=edit
Do everything on the service routes=*

Permission sets:

  • read only: routes=view and routes=read
  • edit and execute: routes=view and routes=read and routes=edit
  • administrate: routes=*

Routing Orders

Note

The action edit includes: update, delete and export.

Feature Permission
Access to the service configuration routingorders=view
Read the routing orders routingorders=read
Edit and reprocess the routing orders routingorders=edit
Do everything on the service routingorders=*

Permission sets:

  • read only: routingorders=view and routingorders=read
  • edit and reprocess: routingorders=view and routingorders=read and routingorders=edit
  • administrate: routingorders=*

Scripts

Note

The action edit includes: create, update, rename, duplicate, delete, export and import.

Feature Permission
Access to the service configuration scripts=view
Read the scripts scripts=read
Execute the scripts scripts=run
Edit the scripts scripts=edit
Do everything on the service scripts=*

Permission sets:

  • read only: scripts=view and scripts=read
  • execute: scripts=view and scripts=run
  • edit: scripts=view and scripts=read and scripts=edit
  • administrate: scripts=*

Stripe Payments

Feature Permission
Access to the service configuration stripe=view
Read the data stripe=read
Be assigned to a payment task workflow=role('Invoice Payers')
Pay an invoice stripe=pay
Do everything on the service stripe=*

Permission sets:

  • read only: stripe=view and stripe=read
  • edit: scripts=*
  • pay: workflow=role('Invoice Payers') and stripe=pay

Tables

Note

The action edit includes: create, update, rename, duplicate, export and import.

Feature Permission
Access to the service configuration tables=view
Read all the tables and their records tables=allow(*)
Read only the records of Table1 and Table 2 tables=allow('Table1'(*), 'Table2'(*))
Read the records in Table1 where column1 has the value1 tables=allow('Table1'('column1'='value1'))
Edit a table’s structure tables=edit-table
Delete a table’s structure tables=delete-table
Edit a table’s records tables=edit-data
Delete a table’s records tables=delete-data
Edit and delete a table’structure and records tables=*

Permission sets:

  • read only: tables=view and tables=allow(*)
  • edit structure: tables=view and tables=allow(*) and tables=edit-table
  • edit structure and data: tables=view and tables=allow(*) and tables=edit-table and tables=edit-data
  • delete structure and records: tables=view and tables=allow(*) and tables=delete-table and tables=delete-data
  • administrate: tables=allow(*) and tables=*

Transactions

Be a Transactions admin

You have to enable the permissions: transactions=* and transactions=allow(*).

View the Transactions

You have to enable the permissions: transactions=view and a variant of the allow permission:

Feature Permission
Allow you to see all type of transactions (messages, workflow tasks …) transactions=allow(*)
Allow you to see all the transactions in the view VIEW_NAME transactions=allow('VIEW_NAME'(*))
Allow you to see the transactions in the view VIEW_NAME that are assigned to your unit transactions=allow('VIEW_NAME'(UNIT)) and orgs=read
Allow you to see the transactions in the view VIEW_NAME that are assigned to you transactions=allow('VIEW_NAME'(USER)) and orgs=read
Allow you to see the transactions in the view VIEW_NAME that are assigned to your branch transactions=allow('VIEW_NAME'(BRANCH)) and orgs=read
Allow you to see the transactions in the view VIEW_NAME that are assigned to you email address transactions=allow('VIEW_NAME'('UserEmail'='%USER.EMAIL%'))
Allow you to see the transactions in the view VIEW_NAME that check a condition transactions=allow('VIEW_NAME'('SEARCHABLE_NAME'='VALUE'))

Other permissions sets

Permission scope Description
transactions=view The user can search transactions (within the filters specified in allow) and view the content of the transactions.
transactions=edit-form The user can edit and save a transaction, only if a form is provided (formjs for the moment) and only via the form display (no access to XML source).
transactions=edit-all The user can view, edit and save a transaction. Changing the values of the element that constitutes the keys of the transaction will currently create a new transaction (it is an upsert).
transactions=reprocess The user can trigger the reprocessing of a transaction.
transactions=delete The user can delete a transaction.
transactions=* The user can view, edit, reprocess and delete a transaction.

Create a new Transaction

Note

The messages submit library has not been migrated yet, thus the permission’s feature is still messages.

You have to enable a variant of the submit permission:

Feature Permission
Allow you to create a new transaction by uploading a single or a bulk of files messages=submit(*)
Allow you to create a new transaction by uploading a file messages=submit('single')
Allow you to create a new transaction by uploading a bulk of files messages=submit('bulk')

Views

Note

The action edit includes: create, update, rename, duplicate, export and import.

Feature Permission
Access to the service configuration views=view
Read the views views=read
Edit the views views=edit
Do everything on the service views=*

Permission sets:

  • read only: views=view and views=read
  • edit: views=view and views=read and views=edit
  • administrate: views=*

Workflow Steps

Note

The action edit includes: create, update, rename, duplicate, export and import.

Feature Permission
Access to the service configuration workflowsteps=view
Read the workflow steps workflowsteps=read
Edit the workflow steps workflowsteps=edit
Do everything on the service workflowsteps=*

Permission sets:

  • read only: workflowsteps=view and workflowsteps=read
  • edit: workflowsteps=view and workflowsteps=read and workflowsteps=edit
  • administrate: workflowsteps=*

Workflow Tasks

Be a Workflow Tasks admin

You have to enable the permissions: transactions=* and transactions=allow(*).

View the Workflow Tasks

You have to enable a variant of the allow permission:

Feature Permission
Allow you to see all type of transactions (messages, workflow tasks …) transactions=allow(*)
Allow you to see all the workflow tasks in the view WORKFLOW_VIEW_NAME transactions=allow('WORKFLOW_VIEW_NAME'(*))
Allow you to see the workflow tasks in the view WORKFLOW_VIEW_NAME that are assigned to your unit transactions=allow('WORKFLOW_VIEW_NAME'(UNIT)) and orgs=read
Allow you to see the workflow tasks in the view WORKFLOW_VIEW_NAME that are assigned to you transactions=allow('WORKFLOW_VIEW_NAME'(USER)) and orgs=read
Allow you to see the workflow tasks in the view WORKFLOW_VIEW_NAME that are assigned to your branch transactions=allow('WORKFLOW_VIEW_NAME'(BRANCH)) and orgs=read
Allow you to see the workflow tasks in the view WORKFLOW_VIEW_NAME that are assigned to you email address transactions=allow('WORKFLOW_VIEW_NAME'('Assignee'='%USER.EMAIL%'))
Allow you to see the workflow tasks in the view WORKFLOW_VIEW_NAME that check a condition transactions=allow('WORKFLOW_VIEW_NAME'('SEARCHABLE_NAME'='VALUE'))

Be assigned to a Workflow Task

You have to enable the permission: workflow=role('ROLE_NAME'), where ROLE_NAME is the role defined in the workflow step.