Who is this article for?

Enterprise or Decani Administrators and Module Developers who are tasked with overseeing and managing various components.

Defined responsibilities and access required.

System Administrative roles are designated for managers, leads, and module developers responsible for managing system functions. Their tasks include configuring settings, maintaining system integrity, and ensuring effective operation to meet organisational needs.

These roles are not meant for regular users or those without specialised knowledge. They are assigned to individuals with defined responsibilities to prevent issues like misconfigurations, security risks, and disruptions. Therefore, strict control and careful assignment are essential to maintain system stability and security.

Customer (Subscriber) Support Administrators 
A Customer (Subscriber) Support Administrator, or Main Administrator, is not a formal system role. They act as the primary contact, with in-depth knowledge of the organisation and its policies. They oversee application ownership and are key to the system's design, delivery, operation, improvement, and support. They may also have system Admin duties.

This article outlines the available roles and the privileges they give.

Administrative roles

Area Administrator

• View and modify preferences, translations, and various configuration options.
• Create and modify components, Toolbar buttons, and "Create New" menu items.
• Access troubleshooting screens like the search logs.

Data & Analysis Administrator

(formerly Search & Reporting Administrator)

• Upload and manage custom SSRS reports and charts. A module developer typically creates these reports.
• View, create, and manage trend profiles. All trend profiles are visible to all users.

Data Import Administrator

• Import data using Data Import. This is typically used during projects to import reference data, but it can be useful for other purposes.

Enhanced User Logging

• Used for troubleshooting. This role may grant be given to a user experiencing a problem. With this role applied, and the user using a specially constructed URL, additional logging of the user's session will be available for review and analysis.

Interface Developer

• View troubleshooting information related to web services.

Module Developer

• Create and modify modules using module builder, the building blocks of applications. Trained module developers typically create and modify modules, have completed the Module Builder courses can also make simple changes in modules.
• Access to application data contained in the search engine.

Important

Users with this role can permanently delete data.

Module Importer

(formerly Module Administrator)

• Export and import modules.
• Read-only view of module builder.

Module Viewer

• Read-only view of module builder.

Notifications Administrator

• View, edit, and delete search notifications created by all users.

Personal Administrator

• This role is granted to users for troubleshooting purposes. It allows a user to modify their role and only their role. A user can grant themselves administrative, subscriber, and module-based roles, other than the Administrative roles listed below, as needed without having full administrative access.
• Having this role reduces the number of users with the User Access Control Administrator role. 
• Users with the PRA role cannot grant themselves the following roles:
  • User Administrator
  • Data Import Administrator
  • Interface Developer
  • Module Developer
  • Module Importer

Note

User Access Control Administrators should consult with their Technical Account Manager (TAM) before granting the Personal Administrator role to others.

Procedures & Forms Author

• View and edit Mobile Documents.

Procedures & Forms Viewer

• View Mobile Documents.

SQL & Dataset Administrator

• View and manage datasets. Module developers create and manage all datasets.
• Write and execute read-only SQL queries using Query Builder.
• Provides SQL access to the application data, so only trusted users should receive this role.

Note

Query Builder access allows access to all application data, regardless of reporting authority, role, or record access control restrictions. Only trusted users should be granted this role.

Super Administrator

• This bootstrapped Administrator role is created by a User Access Control Administrator when a company's instance is first generated.
• General Administrative roles do not have the ability to grant the Super Administrator role to anyone since it supersedes reporting authority restrictions.

Team Administrator

• Create, rename, and enable/disable teams.
• Add and remove members from teams.

User Access Control Administrator

Important

User Access Control Administrator (UACA) roles must be assigned in coordination with an Ideagen representative.

• Accountable for access control of the platform for their organization.
  • Ideagen recommends that only a very small number of users have this role. 
  • This would typically correspond to the team that administers access control for your other enterprise systems and networks.
• Create and modify users, teams, and shared dashboards.
• Grants administrative roles.
• Grants subscriber-level roles that are managed in the Subscriber Roles screen.  

Note

Administrative roles (listed on this page) are not managed in the Subscriber Roles screen and thus cannot be granted by a User Administrator.

• Grant module-based roles. These are managed, per module, by Module Developers within the module definition. 

Important

Module-based roles are being deprecated.

Note

By limiting which roles can be granted, a User Access Control Administrator can prevent users from granting themselves, and others, unauthorized roles.

User Administrator

• Create and modify a user.
• Both subscriber-level and module-based roles can be granted to users by the User Administrator. 
• User Administrators cannot grant any administrative roles to users. Role limitations are defined and managed by User Access Control Administrators.
• Read-only view of administrative roles.
• Add/remove a user from a team, by ticking/unticking the checkboxes on the Teams tab in the User screen.

User and Team Viewer

• View-only access the User and Team screens, including which roles and reporting authorities are assigned to users.
  • Users with this role can add, modify, and delete shared dashboards.
  • Users with this role can view the admin audit trail.
  • Users with this role can reassign tasks from the User screen.
• If an Admin needs to grant other users any of the administrative roles listed above, they must be a User Access Control Administrator.
• If there isn't a requirement to grant these roles, the Admin should be a User Administrator.

Admin sharing roles
The User and Team Viewer role is only needed when an Area Administrators needs to see and select users and teams for sharing. If an Area Administrator has a more powerful role, such as User Administrator or User Access Control Administrator, it is not necessary to grant the User and Team Viewer role.

Additional information

Granting Administrative roles

If an Administrator needs to grant other users any of the administrative roles listed above, they must be a User Access Control Administrator.

Smoke test roles

Some users will be associated with a Smoke Test or Smoke Tester role. These are internal roles that are used for performing high-level smoke tests during upgrade implementations with a new platform release. They do not provide access to subscriber applications, nor do they affect it in any way.