Privileges
Privileges are the highest level of security rules and allow authorized user groups to view and modify system settings, the domain model, and the security model.
We recommend that only users with elevated roles (who are members of user groups such as M.Builtin.SM.Administrators, M.Builtin.Project.Administrators, M.Builtin.DRM.AdministratorsOnly, and so on) work with privileges.
For further advice about assigning privileges for common roles, refer to the Security best practices.
The following table describes available privileges.
|
Privilege |
Description |
|---|---|
|
ClearCaches |
Clear the caches. |
|
CreateDatasources |
Create option lists. |
|
CreateEntityDefinitions |
Create entity definitions. |
|
CreateRootBlocks |
Create project block entities. |
|
CreateTaxonomyDefinitions |
Create taxonomy definitions. |
|
DeleteAgents |
Delete processing agents. |
|
DeleteDatasources |
Delete option lists. |
|
DeleteEntityDefinitions |
Delete non system-owned entity definitions. |
|
EnableStateMachine |
Enable a state machine. |
|
ExportExcel |
Export metadata from any content entities when the action is configured on a search component. |
|
GenerateOAuthToken |
Refresh the OAuth token of an identity provider. |
|
Impersonate |
Impersonate other users. |
|
ManageAuthenticationTokens |
Manage the API authentication tokens of all users. |
|
ManageRoles |
Allocate roles to users on programs and projects. |
|
ModifyDatasources |
Modify option lists. |
|
ModifyEntityDefinitions |
Modify non system-owned entity definitions, member groups and members. |
|
ModifyPolicies |
Modify user group policies and privileges. |
|
ModifySettings |
Modify non system-owned settings. |
|
ModifyTaxonomyDefinitions |
Extend taxonomy definitions with additional properties and relations. |
|
MonitorAgents |
Monitor processing agents activities. |
|
MonitorSystemStatus |
Monitor system status. |
|
PublishCollection |
Publish collections (make collections public and share them with external users). |
|
ReadAudit |
Read and download business and user audit logs on the user management page. ReadAudit is required for ViewFileHistory and ViewDataHistory permissions to work. |
|
ReadPolicies |
Read the policies. |
|
RefreshAgents |
Refresh processing agents. |
|
ResetUserPassword |
Reset the password of any user. |
|
SearchUsageRights |
Filter usage rights on a search component. |
|
SendConfirmationEmail |
Send users an email to confirm their registration. |
|
SendNotifications |
Send notifications from an external system to all users within the system. |
|
SetUserPassword |
Set a new user password for any user within the system. |
|
TransitionAllStateflows |
Transition to the previous or next state regardless of state flow configuration of the assigned user or user group. |