# Collaborator privileges
Collaborator privileges determine the exact permissions that each role has to access Workato features, functions, and folders of Role-based access control.
This document provides information about each of the collaborator privileges in Workato.
To find out about the roles that collaborators can have, see Collaborator roles.
When you create or modify a role, you'll see the following tabs:
# Recipe development privileges
The Recipe development tab controls access and privileges related to projects, recipes, folders, and connections:
# Project access
Project access privileges
- Manage access to projects
All projects
Access to all projects in a workspace.
Selected projects
This role can only access the projects specified here.
# Recipe creation
Recipe creation privileges
Projects
Manage access to projects when working with recipes.
Full access
All project permissions: view, edit, create, and delete.
View
View specific projects in a workspace.
Edit
Edit specific projects in a workspace.
Create
Create projects in a workspace.
Delete
Delete projects in a workspace.
Folders
Manage access to folders when working with recipes.
Full access
All folder permissions: view, edit, create, and delete.
View
View folders and sub-folders in a workspace.
Edit
Edit folders and sub-folders in a workspace.
Create
Create folders and sub-folders in a workspace.
Delete
Delete folders and sub-folders in a workspace.
Connections
Manage access to connections when working with recipes.
Full access
All connection permissions: view, edit, create, and delete.
View
View connections in a workspace.
Edit
Edit connections in a workspace.
Create
Create connections in a workspace.
Delete
Delete connections in a workspace.
Recipes
Manage access to recipes.
Full access
All recipe permissions: View, edit, create, delete, run, and view job history.
View
View recipes in a workspace.
Edit
Edit recipes in a workspace.
Create
Create recipes in a workspace.
Delete
Delete recipes in a workspace.
Test/start/stop
Run recipes and start and stop recipe tests in a workspace.
Job history
View a recipe's job history in the Jobs tab.
# Debug jobs
- Network trace
- Manage access to network tracing information in job histories.
- Full access
- View network traces in job histories. Includes recipe input, output, and the network trace of HTTP calls. HTTP call information includes HTTP headers, requests, and communication (responses) between Workato and the end application.
# Platform tools privileges
# Tools
Tools privileges
Common data models
Privileges for the common data model
Full access
All Common data model permissions: View, edit, create, and delete.
View
View Common data models in the workspace.
Edit
Edit Common data models in the workspace.
Create
Create Common data models in the workspace.
Delete
Delete Common data models in the workspace.
Custom OAuth profiles
Privileges for accessing custom OAuth profiles
Full access
All Custom OAuth profile permissions: view, edit, create, and delete.
View
View Custom OAuth Profiles and Enterprise Workbots.
Edit
Edit Custom OAuth Profiles and Enterprise Workbots.
Create
Create Custom OAuth Profiles and Enterprise Workbots.
Delete
Delete Custom OAuth Profiles and Enterprise Workbots.
Message templates
Privileges for message templates
Full access
All Message template permissions: view, edit, create, and delete.
View
View Message templates in the workspace.
Edit
Edit Message templates in the workspace.
Create
Create Message templates in the workspace.
Delete
Delete Message templates in the workspace.
On-prem groups
Privileges for on-prem groups
Full access
Access all on-prem groups and agents in the workspace; view, edit, create, and delete.
View
View on-prem groups and agents.
Edit
Edit on-prem groups and agents.
Create
Create on-prem groups and agents.
Delete
Delete on-prem groups and agents.
People tasks
Privilege for managing the people task tool
- Full access
- Access to the People task tool.
Pub/Sub
Privileges to the Pub/Sub feature
Full access
All PubSub permissions: view, edit, create, and delete topics.
View
View PubSub topics in the workspace.
Edit
Edit PubSub topics in the workspace.
Create
Create PubSub topics in the workspace.
Delete
Delete PubSub topics in the workspace.
Recipe lifecycle management
Privileges to reciple lifecycle management
Full access
Access to the Recipe lifecycle management feature.
NOTE
Providing a collaborator with the Recipe Lifecycle Management privilege indirectly gives them the ability to view/create/update other assets, including recipes, lookup tables, Pub/Sub topics, and message templates. This is when the collaborator may not have explicit relevant privileges in the workspace. These users have access only to export and import the projects to which they have explicit access.
Resources
Privileges to resources
Full access
All Resource permissions: view, edit, create, and delete.
View
View resources.
Edit
Edit resources.
Create
Create resources.
Delete
Delete resources.
Workbot
Privileges to manage the Workbot
Full access
All Workbot permissions: view, edit, create, and delete.
View
View installed Workbots in the workspace.
Edit
Edit installed Workbots in the workspace.
Create
Create Workbots in the workspace.
Delete
Delete installed Workbots in the workspace.
Runtime user connections
Privileges to manage runtime user connections
Full access
All Runtime user connection permissions: view, edit, and delete.
View
View the Runtime user connections setting.
Edit
Edit the Runtime user connections setting.
Delete
Delete the Runtime user connections setting.
Logs
Privileges to have access to logs
Full access
Access to all logs.
Typically, reserved for Admin roles. You can grant it to custom roles.
Secrets management
Privileges for secrets management
Full access
Access to the Secrets management feature.
View
View the Secrets management setting.
Edit
Edit the Secrets management setting.
# Data storage
Data storage privileges
# Lookup tables
Apply the following granular permission to Lookup tables.
Scope of granular permissions
These permissions only apply to Lookup tables on the web interface. Access to lookup table connector is unaffected.
Full access
Enables all other permissions on Lookup tables.
View
Allows users to view all tables and their records.
Edit records
Allows users to add, edit, or delete records for all Lookup tables in the Lookup tables interface.
Create
Allows users to create new tables in the Lookup tables interface.
Delete
Allows users to delete tables.
Modify structure
Allows users to edit the schema (to add, remove, or edit columns) for any table.
# Environment properties
- Apply the following granular permission to Environment properties.
Full access
Enables all other permissions on Environment properties.
View
Allows users to view all Environment properties.
Edit records
Allows users to add, edit, or delete Environment properties.
Create
Allows users to create new Environment properties.
Delete
Allows users to delete Environment properties.
#
# Table storage (Data tables)
- Apply the following granular permission to Workato Table Storage.
Private beta
Workato Table Storage (data tables) is currently in closed beta and unavailable to all customers. Contact your Customer Success representative for more information.
Scope of granular permissions
These permissions only apply to data tables on the web interface. Access to Table storage connector is unaffected.
Full access
Enables all other permissions.
View
Allows users to view all data tables.
Edit records
Allows users to add, edit, or delete records in data tables.
Create
Allows users to create new data tables.
Delete
Allows users to delete data tables.
Modify structure
Allows users to add, delete, and update columns in data tables.
# API platform
API Platform privileges
Dashboard & logs
Privileges for using the dashboard and logs
- Full access
- Full privileges for dashboard & logs: View metrics in dashboard and details in logs.
Collections & endpoints
Privileges for collections and endpoints
Full access
All collections and endpoints access: view, edit, create, and delete.
View
View collections and endpoints.
Edit
Edit collections and endpoints.
Create
Create collections and endpoints.
Delete
Delete collections and endpoints.
Clients and access profiles
Privileges for using client and access profiles
Full access
All clients and access profiles permissions: view, edit, create, and delete.
View
View clients and access profiles.
Edit
Edit clients and access profiles.
Create
Create clients and access profiles.
Delete
Delete clients and access profiles.
Policies
Privileges for using policies
Full access
All policy permissions: view, edit, create, and delete.
View
View policy.
Edit
Edit policy.
Create
Create policy.
Delete
Delete policy.
Settings
Privileges for settings
- Full access
- Manage API prefix and custom domain.
# Connector SDK
Connector SDK privileges
Connector SDK
Connector SDK privileges
- Full access
- Full Connector SDK permissions: view, edit, create, and delete.
Use in recipes
Privileges for using the Connector SDK in recipes
- Full access
- Allow users to distribute custom connectors into this workspace.
# Admin privileges
# Workspace access
Workspace access privileges
Collaborators
Manage collaborator privileges in the workspace
- Full access
- Manage collaborators in the workspace, including adding, editing, and removing collaborators.
Collaborator roles (non-system)
Manage non-system collaborator roles
- Full access
- View, edit, create, and delete custom collaborator roles in the workspace.
Collaborator SAML SSO
Manage access to SAML SSO, such as Okta, OneLogin, or other identity authentication providers.
- Full access
- View and edit SAML SSO settings for the workspace.
API clients
Manage access for API clinets
- Full access
- View and edit View and edit API clients for the workspace.
# Activity audit
Activity audit privileges
- Manage access to the activity audit logs
- Full access
- Access to view workspace activity in the Dashboard's Activity audit log. This permission grants the user the ability to view all activity logs, regardless of other access settings.
# Automation HQ privileges
Automation HQ privileges
- Automation HQ
- Manage access to Automation HQ
- Full access
- Access to the Automation HQ functionality.