Skip to main content
Version: 2.10.X

Detailed Permissions

The following tables describe the permissions available to apply to both roles and groups.

Authoring

PermissionRead/WriteControl
DeploymentsReadRead deployment-related statuses and data.
DeploymentsWriteWrite deployment-related data, including the ability to deploy and terminate deployments.
ModelsReadRead authoring data models (projects, event patterns, event types, etc.).
ModelsWriteWrite authoring data models (projects, event patterns, event types, etc.).
Schema DiscoveryReadUse Schema Discovery to search topics and view schemas.

Data Management

PermissionRead/WriteControl
ConnectorsReadUser is able to view connector configurations and status.
ConnectorsWriteUser is able to create, run, and stop connectors.
Upload FilesReadUser is able to see file upload status and records in the Activity Monitor page of the Data Importer.
Upload FilesWriteUser is able to upload files via Data Importer.

Workstation

PermissionRead/WriteControl
Collections ExportReadUser can export CSV data and reports from a collection.
Data DeleteWriteUser is able to perform administrative deletion of Workstation data.
Custom Field TemplatesWriteUser is able to view and edit Custom Field Templates in Workstation Designer.
Export BuilderWriteUser can access/update the export builder tool to create, manage, or delete limited custom mappings from a collection into CSV format.
IngestWriteUser can see and interact with the Admin screen and the “Ingestion settings” table on the Admin screen. Note: Write permission to "Ingest" is required for any user that wishes to set "Event Decorations" on Designer (which is handled via the "Templates Views" view permission).
Collections AttachmentsReadUser can view and download attachments to a collection.
Collections AttachmentsWriteUser can upload attachments to a collection.
Notification SettingsWriteUser can see and interact with the "Notification Settings" table on the Admin screen, but they are required to also be granted access to "Ingest", otherwise they will not see the Admin screen at all.
Report BuilderWriteUser can access/update the report builder tool.
TagsWriteUser can see the Designer tab and the "Tags" mode within it. User can created, edit, or delete tags.
Templates Event DetailsWriteUser can see the Designer tab and the "Event Detail Templates" mode within it. User can create, edit, or delete Event Detail Templates.
Templates ViewReadUser can view "View Templates".
Templates ViewWriteUser can create, update, or delete "View Templates". User can see the "Event Decorations" mode in the Designer tab if they also have "Write" access to "Ingest".
ViewsReadUser can click into views but cannot add or delete widgets.
ViewsWriteUser can create, edit, and delete view. Within a view, they can create, edit, or delete widgets.

Manual Actions

PermissionRead/WriteControl
Manual ActionsWriteIf an event has manual actions available, a user can access the manual event interface to perform a specific action on the event.

User Management

Permissions

PermissionRead/WriteControl
GroupsWriteUser can view, edit, and delete groups.
RolesWriteUser can view, edit, and delete roles.

Users

PermissionRead/WriteControl
InfoReadUser can see a list of users in the system and their names and emails.
InfoWriteUser can change the first and last name of the user.
RoleReadUser can see a list of users in the system and their roles.
RoleWriteUser can change or remove a role from a user, except their own.
GroupsReadUser can see a list of users in the system and the groups they belong to.
GroupsWriteUser can change or remove groups from another user account, except their own.
Account DeleteWriteUser is able to delete other user accounts, except the Super Admin and their own account.

Audit Viewer

PermissionRead/WriteControl
AuditReadUser can visit the Audit Viewer application, which allows viewing historical actions.