Role Permissions

Role Permissions

• Role Permissions Description
  • AutomationProcess related
  • DataStore related
  • DocumentSet related
  • DocumentType related
  • Group related
  • HumanTaskType related
  • MlModel related
  • Dashboard related
  • Node related
  • Schedule related
  • User related
  • Administration related
  • SecretVault related
  • Channel related
  • Template related
• Permission Restrictions
  • Main menu items are not displayed
  • Action buttons are disabled

Role Permissions can be granted to the user while creating a new User Group or editing an existing one. See Group Management.

Role Permissions Description

All the Role Permissions are divided into groups according to relation to the modules in use.

There are the following Context types:

• AutomationProcess
• DataStore
• DocumentSet
• DocumentType
• Group
• HumanTaskType
• MlModel
• Node
• Schedule
• User
• Administration
• SecretVault
• Channel
• Template

There are five types of Role Permissions:

• READ
• CREATE
• UPDATE
• DELETE
• ACTION.
  

Each Context can be configured for a particular entity (i.e. Context Name) or for ALL scope. ALL scope applies to all entities (existing now or created in the future) of a given Context type. If Context type has READ permission configured for ALL scope and only UPDATE permission for a particular Context Name, overall permissions for this Context Name will be READ and UPDATE.

CREATE permission only applies in ALL scope.

One of the User Groups must be defined as Default group for a user (see User Management). Any entities created by the user will be automatically linked to the default User Group. It means that missing permissions in the default User Group are created for the entity. E.g. after a node "example" is created with role Node-ALL-CREATE, role Node-example-DELETE, UPDATE, READ, ACTION is added to the default User Group.

AutomationProcess related

The user should have at least READ permission of Channel and Template Context to create/update an automation process notification.

• CREATE
  – to create a new automation process.
  – to upload an automation process.
• READ
  – to view the list of automation processes.
  – to see the list of dedicated automation processes.
  – to view the Automation Process Details.
  – to save automation process as JSON file.
  – to view the list of automation process runs in the Automation Processes/Schedules/Node Management/Document Sets modules.
  – to view and manage an automation process run history.
  – to view and manage an automation process run event log.
  – to view the automation process configuration parameters.
  – to download automation process configuration parameters.
  – to view the automation process JSON input data.
  – to view the automation process notifications.
  – to navigate to Runs Management module and view the list of active runs.
  
• UPDATE
  – to update an existing automation process.
  – to delete an automation process run.
  – to add a new automation process configuration parameter.
  – to update an existing automation process configuration parameter.
  – to upload a new automation process configuration parameter.
  – to delete an existing automation process configuration parameter.
  – to update/upload input data.
  – to add a new automation process notification.
  – to update an existing automation process notification.
  – to delete an existing automation process notification.
• DELETE
  – to delete an existing automation process.
• ACTION
  – to start an automation process run.
  – to stop an automation process run.
  – to retry an automation process run.
  

DataStore related

• CREATE
  – to create/upload a new data store.
• READ
  – to view the list of data stores.
  – to download an existing data store.
  – to view the list of data store records (Data Stores → Data Store Details).
  – to download the list of data store records (Data Stores → Data Store Details).
• UPDATE
  – to update an existing data store.
  – to create a new data store record.
  – to update/delete an existing data store record.
• DELETE
  – to delete an existing data store.
• ACTION
  – backup permission for future usages.

DocumentSet related

The user should have at least READ permission of AutomationProcess, DocumentType and MlModel Context to create/update a Document Set.

• CREATE
  – to create a new Document Set.
• READ
  – to view the list of Document Sets.
  – to view the Document Set details.
  – to export a Document Set.
  – to view the list of documents for a Document Set.
  – to view the document details and open output.
  – to view the metrics for a model trained and tested using Document Set.
• UPDATE
  – to update an existing Document Set.
  – to upload documents.
  – to import a Document Set.
  – to edit an existing document.
  – to delete an existing document.
• DELETE
  – to delete an existing Document Set.
• ACTION
  – to run a process for documents using Process drop-down list.

DocumentType related

The user should have at least READ permission of HumanTaskType Context to view the list of document types in a Human Task Type, READ permission of Channel, Template Context to create/update a Document Type notification and READ permission of Administration Context to access the Document Types Module.

• CREATE
  – to create a Document Type (Human Task Types -> Human Task Type Details -> tab Document Types).
• READ
  – to view the list of document types (Human Task Types -> Human Task Type Details -> tab Document Types).
  – to view the Document Type details (Human Task Types -> Human Task Type Details -> tab Document Types).
  – to view the list of human tasks (Workspace module).
  – to start working with a human task (Workspace module).
  – to view the document type notifications (Human Task Types -> Human Task Type Details -> tab Document Types -> Document Type Notifications).
  
• UPDATE
  – to update a Document Type (Human Task Types -> Human Task Type Details -> tab Document Types).
  – to add a new Document Type notification (Human Task Types -> Human Task Type Details -> tab Document Types -> Document Type Notifications).
  – to update an existing Document Type notification (Human Task Types -> Human Task Type Details -> tab Document Types -> Document Type Notifications).
  – to delete an existing Document Type notification (Human Task Types -> Human Task Type Details -> tab Document Types -> Document Type Notifications).
• DELETE
  – to delete a Document Type (Human Task Types -> Human Task Type Details -> tab Document Types).
• ACTION
  – to accept a human task (Workspace module).

Group related

The user should have at least READ permission of User Context to add users in an existing user group and READ permission of Administration Context to access the Groups Module.

• CREATE
  – to create a user group.
  – to create a user group for the corresponding entity using Security Access.
  
• READ
  – to view the list of user groups.
  – to view the user group description.
  – to view the list of roles for an existing user group.
  – to view the list of users for an existing user group.
  – to view the list of groups (and roles) for the corresponding entity using Security Access.
  
• UPDATE
  – to update the user group description.
  – to add/update/delete roles in an existing user group.
  – to add/delete users in an existing user group.
  – to update an existing user group for the corresponding entity using Security Access.
  
• DELETE
  – to delete an existing user group.
• ACTION
  – backup permission for future usages.

HumanTaskType related

The user should have at least READ permission of Administration Context to access the Human Task Types Module.

• CREATE
  – to create a human task type.
• READ
  – to view the list of human task types.
  – to view the human task type details.
  – to download application.
• UPDATE
  – to update an existing human task type.
• DELETE
  – to delete an existing human task type.
• ACTION
  – backup permission for future usages.

MlModel related

• CREATE
  – to import a model.
  – to train a new model.
• READ
  – to view the list of models.
  – to export ML Model Package and Training Config of an existing model.
  – to view model log.
• UPDATE
  – backup permission for future usages.
• DELETE
  –  to delete an existing model.
• ACTION
  – backup permission for future usages.

Dashboard related

• CREATE
  – to create a dashboard.
• READ
  – to view the list of dashboards.
  – to view dashboard settings.
  – to view dashboard graphs.
• UPDATE
  – to update dashboard settings.
• DELETE
  –  to delete an existing dashboard.
• ACTION
  – backup permission for future usages.

Node related

The user should have at least READ permission of Channel and Template Context to create/update a node notification.

• CREATE
  – to create a new node.
• READ
  – to view the list of nodes.
  – to view the Node Details.
  – to view the node configuration parameters list.
  – to download the node configuration parameters list.
  – to view the node features list.
  – to view a node feature configuration.
  – to view a node logs and node feature logs.
  – to view the node notifications.
• UPDATE
  – to update an existing node.
  – to create a new node configuration parameter.
  – to update an existing node configuration parameter.
  – to upload a new node configuration parameter.
  – to delete an existing node configuration parameter.
  – to update a node feature configuration JSON.
  – to import CSV with configuration parameters.
  – to enable/disable a node feature.
  – to add a new node notification.
  – to update an existing node notification.
  – to delete an existing node notification.
• DELETE
  – to delete an existing node.
• ACTION
  – to restart/shut down node.
  – to download node agent package.
  – to ping all nodes.
  – to upgrade node version.
  – to restart a node feature.

Schedule related

The user should have at least READ permission of AutomationProcess Context to create a Schedule and at least READ permission of Channel and Template Context to create/update a schedule notification.

• CREATE
  – to create a new schedule.
• READ
  – to view the list of schedules.
  – to view the Schedule Details.
  – to view the schedule notifications.
• UPDATE
  – to update/enable/disable an existing schedule.
  – to add a new schedule notification.
  – to update an existing schedule notification.
  – to delete an existing schedule notification.
• DELETE
  – to delete an existing schedule.
• ACTION
  – backup permission for future usages.

User related

The user should have at least READ permission of Group Context to create/update a user and READ permission of Administration Context to access the User Management Module.

• CREATE
  – to create a new user.
• READ
  – to view the list of users.
  – to view user details.
• UPDATE
  – to update/restore an existing user.
• DELETE
  – to delete an existing user.
• ACTION
  – backup permission for future usages.

Administration related

• CREATE
  – to create/upload a new control server configuration parameter (the user should have READ permission of Administration Context).
  – to update an existing control server configuration parameter using upload with Override existing keys (the user should have READ permission of Administration Context).
• READ
  – to navigate to Control Server Configuration module (the user should have READ permission of Node).
  – to download control server configuration parameters.
  – to navigate to Activity Log module and view the activity log history (the user should have READ permission of an appropriate module to view current record state).
  – to view and manage Control Server Logs.
  – to view current info for an existing license.
  – to navigate to the Monitoring module and view Control Server monitoring metrics, ML and OCR containers metrics (the user should have READ permission of MlModel Context to access ML and OCR tabs in Monitoring module) .
• UPDATE
  – to update an existing control server configuration parameter using right-side panel (the user should have READ permission of Administration Context).
  – to upload a license.
  – to update an existing license.
• DELETE
  – to delete an existing control server configuration parameter (the user should have READ permission of Administration Context).
• ACTION
  – backup permission for future usages.

SecretVault related

• CREATE
  – to create/upload a new secret vault entry.
  – to update an existing secret vault entry using upload with Override existing keys.
• READ
  – to view the list of secret vault entries.
• UPDATE
  – to update an existing secret vault entry using right-side panel.
• DELETE
  – to delete an existing secret vault entry.
• ACTION
  – backup permission for future usages.

Channel related

The user should have at least READ permission of Administration Context to access the Notification Management Module.

• CREATE
  – to create a new channel.
• READ
  – to view the list of channels.
• UPDATE
  – to update an existing channel.
• DELETE
  – to delete an existing channel.
• ACTION
  – backup permission for future usages.

Template related

The user should have at least READ permission of Administration Context to access the Notification Management Module.

• CREATE
  – to create a new template.
  – to validate the template being created.
• READ
  – to view the list of templates.
  – to validate an existing template.
• UPDATE
  – to update an existing template.
• DELETE
  – to delete an existing template.
• ACTION
  – backup permission for future usages.

 

Permission Restrictions

When a user has a Role without appropriate Permissions, the following restrictions can be applied to the user interface:

Main menu items are not displayed

• Restricted Permissions:

• All Permissions:

Action buttons are disabled

• Restricted Permissions:

• All Permissions:

Table of contents

• Role Permissions Description
  • AutomationProcess related
  • DataStore related
  • DocumentSet related
  • DocumentType related
  • Group related
  • HumanTaskType related
  • MlModel related
  • Dashboard related
  • Node related
  • Schedule related
  • User related
  • Administration related
  • SecretVault related
  • Channel related
  • Template related
• Permission Restrictions
  • Main menu items are not displayed
  • Action buttons are disabled

×