Administration permissions

Enable users to create and manage users and roles, to manage and update migrations, and to install Control Room licenses.

You will be able to use the Retrieve role endpoint with the role ID to retrieve the permissions assigned to any system or user defined roles.

Users and roles permissions


Action	Resource Type	Description
usermanagement	usermanagement	Allows you to only view all other users in the system. You cannot create, edit, or delete users. 注： You must assign this permission before assigning the `createuser` `updateuser`, or `deleteuser` permission.
deleteuser	usermanagement	Allows you to delete other users the Control Room.
createuser	usermanagement	Allows you to create new users in the Control Room.
updateuser	usermanagement	Allows you to edit all users in the system.
rolesview	rolesmanagement	Users with this permission are able to view the roles in the Control Room. 注： You must assign this permission before assigning the `rolesmanagement` permission.
rolesmanagement	rolesmanagement	Allows you to view and manage all roles in the Control Room.
viewuserrolebasicinfo	usermanagement	Allows you to view basic information on users and roles.


Action	Resource Type	Description
view	migration	Allows you to view new migrations, but not run them 注： You must assign this permission before assigning the `manage` migration permission
manage	migration	Allows you to view and run new migrations
updatestatus	migration	Allows Bot Runner Run-as user to update the bot conversion status in the Control Room


Action	Resource Type	Description
licensemanagement	licensemanagement	Allows you to view the license details for the Control Room.
licenseinstall	licensemanagement	Allows you to install Automation 360 licenses for the Control Room.
licenseuserallocation	licensemanagement	Allows you to assign device licenses to other users.

注： Only a user with the AAE_Admin role has the ability to view and manage settings in the Control Room. See System-created roles.


Action	Resource Type	Description
runtimeclientsmanagement	runtimeclientsmanagement	Allows you to use the device mentioned in the resourceId for deployment. This permission is assigned when you are assigned a default device.
accessresourceany	runtimeclientsmanagement	Allows you to use any device for deployment. This permission is currently granted for all users with AAE_ADMIN role.¹


Action	Resource Type	Description
manageuserscopevalues	globalvalues	Manage tenant level global values, given to AAE_Admin only. This cannot be given to any custom role at the moment.¹
managetenantscopevalues	globalvalues	Not used, created for future purpose.¹


Action	Resource Type	Description
systemadmin	system	This permission is given to AAE_Admin only. It is a system call and cannot be called manually. This permission is used to count the number of pages consumed against the entitled pages for the IQ bot application. It fetches a list of all the users with basic details and license information.¹
view	settings	View settings. 注： You will be allowed to view settings only with the system-created Admin role to view Settings.
all	botrunners	Allows you to use any runAsUser for deployment. This permission is currently granted for all users with AAE_ADMIN role.¹
operationroom	operationroom	Legacy, not used and will be removed from the future releases.¹
manage	mfa	Legacy, not used and will be removed from the future releases.¹

¹ Not available in the UI and is seen only in the API response.