Administrative permissions

There are a number of administrative actions that are secured with specific roles. Users with these roles require access to certain record types across the system, irrespective of their group membership. Therefore, users with these administrative permissions might have access beyond what is configured within the group-level access rights.

For example, if a user has the System > Archiving permission, they can perform archiving activities for all sessions irrespective of the user’s rights to the processes or resources to which the session data relates.

The following administrative permissions are not affected by those set at group level:

  • Importing Business Object – Users can import objects and groups anywhere in the business object tree structure, from the File menu or the Releases tab. The location of each incoming items is determined by its position in the structure being imported.
  • Importing Process – Users can import processes and groups anywhere in the process tree structure from the File menu or the Releases tab. The location of each incoming items is determined by its position in the structure being imported.

  • Releases – When viewing packages, users can see all objects and processes regardless of their group permissions. However, restrictions do apply when configuring packages and generating release packages:

    • Creating packages – Users cannot include items they do not have permissions to access.
    • Modifying packages – Users can modify a package that contains items that they do not have the permissions to access. However, those items will be removed and the user cannot add those items again whilst their permissions prevent access.
    • Creating releases – Users cannot export a release that includes packages containing items that they do not have the permissions to access.
  • SystemArchiving– Archiving is not affected by permissions applied to groups.
  • System Reporting– Reporting is not affected by permissions applied to groups.
  • Analytics – The data displayed in dashboard tiles is not filtered by the access rights applied to groups.