Administration permissions
- Updated: 2022/05/20
Administration permissions
Enable users to create and manage users and roles, to manage and update migrations, and to install Control Room licenses.
You will be able to use the Retrieve role by ID. See User Management API endpoint with the role ID to retrieve the permissions assigned to any system or user defined roles.
Users and roles permissions
| Action | Resource Type | Description |
|---|---|---|
| usermanagement | usermanagement | Allows you to only view all other users in the system. You cannot
create, edit, or delete users. Note: You must assign this permission
before assigning the
createuser
updateuser, or deleteuser
permission. |
| deleteuser | usermanagement | Allows you to delete other users the Control Room. |
| createuser | usermanagement | Allows you to create new users in the Control Room. |
| updateuser | usermanagement | Allows you to edit all users in the system. |
| rolesview | rolesmanagement | Users with this permission are able to view the roles in the Control Room. Note: You must assign this permission
before assigning the
rolesmanagement
permission. |
| rolesmanagement |
rolesmanagement |
Allows you to view and manage all roles in the Control Room. |
| viewuserrolebasicinfo |
usermanagement |
Allows you to view basic information on users and roles. |
Migration permissions
| Action | Resource Type | Description |
|---|---|---|
| view | migration | Allows you to view new migrations, but not run them Note: You must
assign this permission before assigning the
manage migration permission |
| manage | migration | Allows you to view and run new migrations |
|
updatestatus |
migration | Allows Bot Runner Run-as user to update the bot conversion status in the Control Room |
Licenses permissions
| Action | Resource Type | Description |
|---|---|---|
|
licensemanagement |
licensemanagement |
Allows you to view the license details for the Control Room. |
|
licenseinstall |
licensemanagement | Allows you to install Automation 360 licenses for the Control Room. |
|
licenseuserallocation |
licensemanagement |
Allows you to assign device licenses to other users. |
AAE_Admin role has the ability to view and
manage settings in the Control Room. See System-created roles.Runtime Client Management permissions
| Action | Resource Type | Description |
|---|---|---|
| runtimeclientsmanagement | runtimeclientsmanagement | Allows you to use the device mentioned in the resourceId for deployment. This permission is assigned when you are assigned a default device. |
| accessresourceany | runtimeclientsmanagement | Allows you to use any device for deployment. This permission is currently granted for all users with AAE_ADMIN role. |
Global Values Permissions
| Action | Resource Type | Description |
|---|---|---|
| manageuserscopevalues | globalvalues | Manage tenant level global values, given to AAE_Admin only. This cannot be given to any custom role at the moment. |
| managetenantscopevalues | globalvalues | Not used, created for future purpose. |
other permissions
| Action | Resource Type | Description |
|---|---|---|
| systemadmin | system |
This permission is given to AAE_Admin only. It is a system call and cannot be called manually. This permission is used to count the number of pages consumed against the entitled pages for the IQ bot application. It fetches a list of all the users with basic details and license information. |
| view | settings | View settings. Note: You will be allowed to
view settings only with the system-created Admin role to view
Settings.
|
| all | botrunners | Allows you to use any runAsUser for deployment. This permission is currently granted for all users with AAE_ADMIN role. |
| operationroom | operationroom | Legacy, not used and will be removed from the future releases. |
| manage | mfa | Legacy, not used and will be removed from the future releases. |