Administration permissions

Enable users to create and manage users and roles, to manage and update migrations, and to install Control Room licenses.

You will be able to use the Retrieve role by ID. See User Management API endpoint with the role ID to retrieve the permissions assigned to any system or user defined roles.

Users and roles permissions

Action Resource Type Description
usermanagement usermanagement Allows you to only view all other users in the system. You cannot create, edit, or delete users.
Note: You must assign this permission before assigning the createuser updateuser, or deleteuser permission.
deleteuser usermanagement Allows you to delete other users the Control Room.
createuser usermanagement Allows you to create new users in the Control Room.
updateuser usermanagement Allows you to edit all users in the system.
rolesview rolesmanagement Users with this permission are able to view the roles in the Control Room.
Note: You must assign this permission before assigning the rolesmanagement permission.
rolesmanagement

rolesmanagement

Allows you to view and manage all roles in the Control Room.
viewuserrolebasicinfo

usermanagement

Allows you to view basic information on users and roles.

Migration permissions

Action Resource Type Description
view migration Allows you to view new migrations, but not run them
Note: You must assign this permission before assigning the manage migration permission
manage migration Allows you to view and run new migrations

updatestatus

migration Allows Bot Runner Run-as user to update the bot conversion status in the Control Room

Licenses permissions

Action Resource Type Description

licensemanagement

licensemanagement

Allows you to view the license details for the Control Room.

licenseinstall

licensemanagement Allows you to install Automation 360 licenses for the Control Room.

licenseuserallocation

licensemanagement

Allows you to assign device licenses to other users.
Note: Only a user with the AAE_Admin role has the ability to view and manage settings in the Control Room. See System-created roles.

Runtime Client Management permissions

Action Resource Type Description
runtimeclientsmanagement runtimeclientsmanagement Allows you to use the device mentioned in the resourceId for deployment. This permission is assigned when you are assigned a default device.
accessresourceany runtimeclientsmanagement Allows you to use any device for deployment. This permission is currently granted for all users with AAE_ADMIN role.

Global Values Permissions

Action Resource Type Description
manageuserscopevalues globalvalues Manage tenant level global values, given to AAE_Admin only. This cannot be given to any custom role at the moment.
managetenantscopevalues globalvalues Not used, created for future purpose.

other permissions

Action Resource Type Description
systemadmin system

This permission is given to AAE_Admin only.

It is a system call and cannot be called manually. This permission is used to count the number of pages consumed against the entitled pages for the IQ bot application.

It fetches a list of all the users with basic details and license information.

view settings View settings.
Note: You will be allowed to view settings only with the system-created Admin role to view Settings.
all botrunners Allows you to use any runAsUser for deployment. This permission is currently granted for all users with AAE_ADMIN role.
operationroom operationroom Legacy, not used and will be removed from the future releases.
manage mfa Legacy, not used and will be removed from the future releases.
1 Not available in the UI and is seen only in the API response.