Product UpdatesStatus PageAutomation Institute
English
Organization & workspaces
Workspace collaborators
Role-based Access Control

# Collaborator privileges

Collaborator privileges determine the exact permissions that each role has to access Workato features, functions, and folders of Role-based access control.

This document provides information about each of the collaborator privileges in Workato.

To find out about the roles that collaborators can have, see Collaborator roles.

When you create or modify a role, you'll see the following tabs:

# Recipe development privileges

The Recipe development tab controls access and privileges related to projects, recipes, folders, and connections:

# Project access

Project access privileges

  • Manage access to projects.

    • All projects

    • Access to all projects in a workspace.

    • Selected projects

    • This role can only access the projects specified here.

# Recipe creation

Recipe creation privileges

# Projects

  • Manage access to projects when working with recipes.

    • Full access

    • All project permissions: view, edit, create, and delete.

    • View

    • View specific projects in a workspace.

    • Edit

    • Edit specific projects in a workspace.

    • Create

    • Create projects in a workspace.

    • Delete

    • Delete projects in a workspace.

# Folders

  • Manage access to folders when working with recipes.

    • Full access

    • All folder permissions: view, edit, create, and delete.

    • View

    • View folders and sub-folders in a workspace.

    • Edit

    • Edit folders and sub-folders in a workspace.

    • Create

    • Create folders and sub-folders in a workspace.

    • Delete

    • Delete folders and sub-folders in a workspace.

# Connections

  • Manage access to connections when working with recipes.

    • Full access

    • All connection permissions: view, edit, create, and delete.

    • View

    • View connections in a workspace.

    • Edit

    • Edit connections in a workspace.

    • Create

    • Create connections in a workspace.

    • Delete

    • Delete connections in a workspace.

# Recipes

  • Manage access to recipes.

    • Full access

    • All recipe permissions: View, edit, create, delete, run, and view job history.

    • View

    • View recipes in a workspace.

    • Edit

    • Edit recipes in a workspace.

    • Create

    • Create recipes in a workspace.

    • Delete

    • Delete recipes in a workspace.

    • Test/start/stop

    • Run recipes and start and stop recipe tests in a workspace.

    • Job history

    • View a recipe's job history in the Jobs tab.

# Test Automation

PermissionsTest Automation privileges

RECIPE PERMISSIONS

When you provide a collaborator with Test Automation privileges, you must also enable certain Recipe permissions. These include the Recipe View, Test/Start/Stop, and View job history permissions.

For example, if you create a role with the Test Automation View privilege, that role can only view test case details of recipes for which it has the Recipe View privilege.

Similarly, if you create a role with the Test Automation Manage privilege, this role can only manage Test cases of recipes for which it has the Recipe View and Job history privilege.

  • Manage access to Test Automation.

    • Full access

    • All Test Automation privileges: View and manage.

    • View

    • View test case details, including mock data and checks.

    • Manage

    • View test case details

      Create new test cases

      Edit test cases

      Pick data for mocks from previous jobs

      Delete test cases

      Run test cases

# Workflow app

Workflow app permissionsWorkflow app permissions

Define access to Workflow apps, including the ability to create apps and manage settings for Workflow apps on an individual basis. These permissions only apply to the web interface and do not affect access to the Workflow apps connector. Access to the Workflow apps portal is determined by Workflow apps portal permissions. Access to a Workflow app's corresponding data table is determined by Table Storage permissions.

# App development

  • The following granular permission is available for Workflow app development.

    • Full access
    • All Workflow app development permissions: view, edit, create, and delete pages, workflow stages, and tabs.

# App access and role management

  • Apply the following granular permissions to Workflow app access and role management privileges.

    • Full access

    • All Workflow app access and role management permissions: Manage app users and roles and the ability to publish or unpublish apps in the Workflow apps portal.

    • Manage access and role

    • Manage the users of your Workflow app.

    • Go live or Take offline

    • Allows users to publish a Workflow app in the Workflow apps portal or take an app offline.

# Data storage

Permissions- data storageData storage permissions

# Project properties

  • Apply the following granular permissions to Project properties

    • Full access

    • All project property permissions: view, edit records, create, and delete.

    • View

    • Allows users to view project properties. Users cannot view masked properties.

    • Edit records

    • Allows users to edit property names and values.

    • Create

    • Allows users to create new project properties.

    • Delete

    • Allows users to delete project properties.

# Table Storage (Data tables)

  • Apply the following granular permissions to Workato Table Storage.

    SCOPE OF GRANULAR PERMISSIONS

    These permissions only apply to data tables on the web interface. Access to Table Storage and Workflow apps connectors is unaffected.

    • Full access

    • Enables all other permissions.

    • View

    • Allows users to view all data tables.

    • Edit records

    • Allows users to add, edit, or delete records in data tables.

    • Create

    • Allows users to create new data tables.

    • Delete

    • Allows users to delete data tables.

    • Modify structure

    • Allows users to add, delete, and update columns in data tables.

# Debug jobs

debug jobsDebug jobs privileges

# Network trace

  • Manage access to network tracing information in job histories.
    • Full access
    • View network traces in job histories. Includes recipe input, output, and the network trace of HTTP calls. HTTP call information includes HTTP headers, requests, and communication (responses) between Workato and the end application.

# Project settings

Project settingsProject settings privileges

# Secrets management

  • Provide access to manage security settings, including secrets management.

    • Full access

    • All secrets management permissions: View and edit.

    • View

    • View secrets management details, including all secrets configured in your workspace.

    • Edit

    • Edit secrets for your workspace.

# Deployment

Deployment privilege Deployment privilege

DEPLOYMENT REQUIREMENTS

To deploy a project to an environment, you must have the deployment privilege enabled in both the Development environment and the target environment (Test or Production).

  • Manage access to project deployments across environments.
    • Full access
    • Manage deployments for an environment.

# Platform tools privileges

# Tools

Tools privileges

# Common data models

  • Privileges for the common data model

    • Full access

    • All Common data model permissions: View, edit, create, and delete.

    • View

    • View Common data models in the workspace.

    • Edit

    • Edit Common data models in the workspace.

    • Create

    • Create Common data models in the workspace.

    • Delete

    • Delete Common data models in the workspace.

# Custom OAuth profiles

  • Privileges for accessing custom OAuth profiles

    • Full access

    • All Custom OAuth profile permissions: view, edit, create, and delete.

    • View

    • View Custom OAuth Profiles and Enterprise Workbots.

    • Edit

    • Edit Custom OAuth Profiles and Enterprise Workbots.

    • Create

    • Create Custom OAuth Profiles and Enterprise Workbots.

    • Delete

    • Delete Custom OAuth Profiles and Enterprise Workbots.

# FileStorage UI

  • Privileges for the FileStorage UI

    • Full access

    • All FileStorage UI permissions: View and create.

    • View

    • View files and directories in the FileStorage UI.

    • Create

    • Create directories in the FileStorage UI.

# Message templates

  • Privileges for message templates

    • Full access

    • All Message template permissions: view, edit, create, and delete.

    • View

    • View Message templates in the workspace.

    • Edit

    • Edit Message templates in the workspace.

    • Create

    • Create Message templates in the workspace.

    • Delete

    • Delete Message templates in the workspace.

# People tasks

  • Privilege for managing the people task tool

# Event streams

  • Privileges to the Event streams feature

    • Full access

    • All Event streams permissions: view, edit, create, and delete topics.

    • View

    • View Event topics in the workspace.

    • Edit

    • Edit Event topics in the workspace.

    • Create

    • Create Event topics in the workspace.

    • Delete

    • Delete Event topics in the workspace.

# Recipe lifecycle management

NOTE

Providing a collaborator with the Recipe Lifecycle Management privilege indirectly gives them the ability to view/create/update other assets, including recipes, lookup tables, Event topics, and message templates. This is when the collaborator may not have explicit relevant privileges in the workspace. These users have access only to export and import the projects to which they have explicit access.

# Workbot

  • Privileges to manage the Workbot

    • Full access

    • All Workbot permissions: view, edit, create, and delete.

    • View

    • View installed Workbots in the workspace.

    • Edit

    • Edit installed Workbots in the workspace.

    • Create

    • Create Workbots in the workspace.

    • Delete

    • Delete installed Workbots in the workspace.

# Runtime user connections

  • Privileges to manage runtime user connections

    • Full access

    • All Runtime user connection permissions: view, edit, and delete.

    • View

    • View the Runtime user connections setting.

    • Edit

    • Edit the Runtime user connections setting.

    • Delete

    • Delete the Runtime user connections setting.

# Resources

  • Privileges to resources

    • Full access

    • All Resource permissions: view, edit, create, and delete.

    • View

    • View resources.

    • Edit

    • Edit resources.

    • Create

    • Create resources.

    • Delete

    • Delete resources.

# Logs

  • Privileges to logs

    • Full access

    • Access to all logs.

      Typically, this privilege is reserved for Admin roles. You can grant it to custom roles.

# On-premise

On-premise privilegesOn-premise privileges

# On-prem groups & agents

  • Privileges for on-prem groups & agents

    • Full access

    • Access all on-prem groups and agents in the workspace; view, edit, create, and delete.

    • View

    • View on-prem groups and agents.

    • Edit

    • Edit on-prem groups and agents.

    • Create

    • Create on-prem groups and agents.

    • Delete

    • Delete on-prem groups and agents.

# Connection - on-prem files

  • Privilege for managing on-prem files connection. You can restrict who can create and manage connections for the file system of the machine where the on-prem agent is installed. Global connection setting takes precedence over this setting.
    • Full access
    • Access to create, edit, and delete on-prem files and on-prem files secondary connections.

# Connection - command line scripts

  • Privilege for managing on-prem command line scripts connection. You can restrict who can create and manage connections for the command line script execution on the machine where the on-prem agent is installed. Global connection setting takes precedence over this setting.
    • Full access
    • Access to create, edit, and delete on-prem command line scripts connections.

# Apps portal

Workflow apps portal permissionsWorkflow apps portal permissions

Define privileges to access the Workflow apps portal. Access to create a Workflow app is determined by Workflow app permissions. Access to a Workflow app's corresponding data table is determined by Table Storage permissions.

# Settings

  • Allows users to manage settings, including branding, authentication, and more, for the Workflow apps portal.

    • Full access
    • Full access to Workflow apps portal settings, including branding, authentication, and more.

# Users and groups

  • Enables users to manage users and groups in the Workflow apps portal.

    • Full access
    • Full access to users and groups: Create, delete, and edit users and groups, manage group membership, and more.

# Data storage

Data storage privileges

# Lookup tables

  • Apply the following granular permissions to the lookup tables interface. The permissions you define here control access to all lookup tables that are accessible by this role: lookup tables that are scoped to All projects, and those scoped to a project that this role can access.

    • Full access

    • Enables all other permissions on Lookup tables.

    • View

    • Allows users to view all tables and their records.

    • Edit records

    • Allows users to add, edit, or delete records for all Lookup tables in the Lookup tables interface.

      EDIT RECORDS WITH THE LOOKUP TABLES CONNECTOR

      Collaborators can still edit records (add, update, or delete) using the lookup tables connector, but only for the lookup tables they have access to.

    • Create

    • Allows users to create new tables in the Lookup tables interface.

    • Delete

    • Allows users to delete tables.

    • Modify structure

    • Allows users to edit the schema (to add, remove, or edit columns) for any table.

# Environment properties

  • Apply the following granular permissions to Environment properties.

    • Full access

    • Enables all other permissions on Environment properties.

    • View

    • Allows users to view all Environment properties.

    • Edit records

    • Allows users to add, edit, or delete Environment properties.

    • Create

    • Allows users to create new Environment properties.

    • Delete

    • Allows users to delete Environment properties.

# API platform

API Platform privileges

# Dashboard & logs

  • Privileges for using the dashboard and logs
    • Full access
    • Full privileges for dashboard & logs: View metrics in dashboard and details in logs.

# Collections & endpoints

  • Privileges for collections and endpoints

    • Full access

    • All collections and endpoints access: view, edit, create, and delete.

    • View

    • View collections and endpoints.

    • Edit

    • Edit collections and endpoints.

    • Create

    • Create collections and endpoints.

    • Delete

    • Delete collections and endpoints.

# Clients and access profiles

  • Privileges for using client and access profiles

    • Full access

    • All clients and access profiles permissions: view, edit, create, and delete.

    • View

    • View clients and access profiles.

    • Edit

    • Edit clients and access profiles.

    • Create

    • Create clients and access profiles.

    • Delete

    • Delete clients and access profiles.

# Policies

  • Privileges for using policies

    • Full access

    • All policy permissions: view, edit, create, and delete.

    • View

    • View policy.

    • Edit

    • Edit policy.

    • Create

    • Create policy.

    • Delete

    • Delete policy.

# Settings

  • Privileges for API platform settings
    • Full access
    • Manage API prefix and custom domain.

# Connector SDK

Connector SDK privileges

# Connector SDK

  • Connector SDK privileges
    • Full access
    • Full Connector SDK permissions: view, edit, create, and delete.

# Use in recipes

  • Privileges for using the Connector SDK in recipes
    • Full access
    • Allow users to distribute custom connectors into this workspace.

# Admin privileges

# Workspace admin

Workspace admin privileges

# Collaborators

  • Manage collaborator privileges in the workspace
    • Full access
    • Manage collaborators in the workspace, including adding, editing, and removing collaborators.

# Collaborator roles (non-system)

# Collaborator SAML SSO

  • Manage access to SAML SSO, such as Okta, OneLogin, or other identity authentication providers

# API clients

  • Manage access for API clients
    • Full access
    • View and edit API clients for the workspace.

# Activity audit

Activity audit privileges

  • Manage access to the activity audit logs
    • Full access
    • Access to view workspace activity in the Dashboard's Activity audit log. This permission grants the user the ability to view all activity logs, regardless of other access settings.

# Manage customers privileges (Embedded only)

WHO CAN USE THIS FEATURE?

The Manage customers interface only appears for Embedded collaborators with permission to create or modify collaborator roles.

# Manage customers

Manage customers privileges Manage customers privileges

# Customers and customer managers

  • Manage access to the Customers and Customer managers tabs of the Embedded Admin console

    • Full access

    • All customers and customer managers permissions: View, manage, and delete customers and customer managers

    • View

    • View customers and customer managers

    • Manage

    • Add customers and assign customer managers

    • Delete

    • Delete customers and customer managers

# Shared connectors

  • Manage access to the Shared connectors tab of the Embedded admin console

    • Full access

    • All shared connectors permissions: View, manage, and delete shared connectors

    • View

    • View shared connectors

    • Manage

    • Manage shared connectors

    • Delete

    • Delete shared connectors

# Usage metrics and settings

  • Manage access to the Usage metrics and Settings tabs of the Embedded Admin console

    • Full access

    • All usage metrics and settings permissions: View and manage usage metrics and settings

    • View

    • View usage metrics and settings

    • Manage

    • Manage audit log streaming and branding settings. Note that only workspace owners and admins can manage audit log streaming.

# Automation HQ privileges

Automation HQ privileges

  • Automation HQ
  • Manage access to Automation HQ
    • Full access
    • Access to the Automation HQ functionality.

# Customer managers

Customer managers permissions

  • Define access to the customer manager API.
    • Customer manager API
    • Access all endpoints.
    • List all customer managers.
    • The ability to obtain a list of all customer managers.
    • Update role for customer manager
    • The ability to update a customer manager's role.
    • Create new customer manager
    • The ability to create a new customer manager.
    • Delete customer manager
    • The ability to delete a customer manager.
Roles
Managing Collaborators


Last updated: 2/16/2024, 10:21:35 PM

On this page