# Collaborator privileges
Collaborator privileges determine the exact permissions that each role has to access Workato features, functions, and folders of Role-based access control.
This document provides information about each of the collaborator privileges in Workato.
To find out about the roles that collaborators can have, see Collaborator roles.
When you create or modify a role, you'll see the following tabs:
# Recipe development privileges
The Recipe development tab controls access and privileges related to projects, recipes, folders, and connections:
- Project access
- Recipe creation
- Test Automation
- Workflow app
- Data storage
- Debug jobs
- Project settings
- Deployment
# Project access
Project access privileges
Manage access to projects.
All projects
Access to all projects in a workspace.
Selected projects
This role can only access the projects specified here.
# Recipe creation
Recipe creation privileges
# Projects
Manage access to projects when working with recipes.
Full access
All project permissions: view, edit, create, and delete.
View
View specific projects in a workspace.
Edit
Edit specific projects in a workspace.
Create
Create projects in a workspace.
Delete
Delete projects in a workspace.
# Folders
Manage access to folders when working with recipes.
Full access
All folder permissions: view, edit, create, and delete.
View
View folders and sub-folders in a workspace.
Edit
Edit folders and sub-folders in a workspace.
Create
Create folders and sub-folders in a workspace.
Delete
Delete folders and sub-folders in a workspace.
# Connections
Manage access to connections when working with recipes.
Full access
All connection permissions: view, edit, create, and delete.
View
View connections in a workspace.
Edit
Edit connections in a workspace.
Create
Create connections in a workspace.
Delete
Delete connections in a workspace.
# Recipes
Manage access to recipes.
Full access
All recipe permissions: View, edit, create, delete, run, and view job history.
View
View recipes in a workspace.
Edit
Edit recipes in a workspace.
Create
Create recipes in a workspace.
Delete
Delete recipes in a workspace.
Test/start/stop
Run recipes and start and stop recipe tests in a workspace.
Job history
View a recipe's job history in the Jobs tab.
# Test Automation
Test Automation privileges
RECIPE PERMISSIONS
When you provide a collaborator with Test Automation privileges, you must also enable certain Recipe permissions. These include the Recipe View, Test/Start/Stop, and View job history permissions.
For example, if you create a role with the Test Automation View privilege, that role can only view test case details of recipes for which it has the Recipe View privilege.
Similarly, if you create a role with the Test Automation Manage privilege, this role can only manage Test cases of recipes for which it has the Recipe View and Job history privilege.
Manage access to Test Automation.
Full access
All Test Automation privileges: View and manage.
View
View test case details, including mock data and checks.
Manage
View test case details
Create new test cases
Edit test cases
Pick data for mocks from previous jobs
Delete test cases
Run test cases
# Workflow app
Workflow app permissions
Define access to Workflow apps, including the ability to create apps and manage settings for Workflow apps on an individual basis. These permissions only apply to the web interface and do not affect access to the Workflow apps connector. Access to the Workflow apps portal is determined by Workflow apps portal permissions. Access to a Workflow app's corresponding data table is determined by Data tables permissions.
# App development
The following granular permission is available for Workflow app development.
- Full access
- All Workflow app development permissions: view, edit, create, and delete pages, workflow stages, and tabs.
# App access and role management
Apply the following granular permissions to Workflow app access and role management privileges.
Full access
All Workflow app access and role management permissions: Manage app users and roles and the ability to publish or unpublish apps in the Workflow apps portal.
Manage access and role
Manage the users of your Workflow app.
Go live or Take offline
Allows users to publish a Workflow app in the Workflow apps portal or take an app offline.
# Data storage
Data storage permissions
# Project properties
Apply the following granular permissions to Project properties
Full access
All project property permissions: view, edit records, create, and delete.
View
Allows users to view project properties. Users cannot view masked properties.
Edit records
Allows users to edit property names and values.
Create
Allows users to create new project properties.
Delete
Allows users to delete project properties.
# Data tables
Apply the following granular permissions to Data tables.
SCOPE OF GRANULAR PERMISSIONS
These permissions only apply to data tables on the web interface. Access to Data tables and Workflow apps connectors is unaffected.
Full access
Enables all other permissions.
View
Allows users to view all data tables.
Edit records
Allows users to add, edit, or delete records in data tables.
Create
Allows users to create new data tables.
Delete
Allows users to delete data tables.
Modify structure
Allows users to add, delete, and update columns in data tables.
# Debug jobs
Debug jobs privileges
# Network trace
- Manage access to network tracing information in job histories.
- Full access
- View network traces in job histories. Includes recipe input, output, and the network trace of HTTP calls. HTTP call information includes HTTP headers, requests, and communication (responses) between Workato and the end application.
# Project settings
Project settings privileges
# Secrets management
Provide access to manage security settings, including secrets management.
Full access
All secrets management permissions: View and edit.
View
View secrets management details, including all secrets configured in your workspace.
Edit
Edit secrets for your workspace.
# Deployment
Deployment privilege
DEPLOYMENT REQUIREMENTS
To deploy a project to an environment, you must have the deployment privilege enabled in both the Development environment and the target environment (Test or Production).
Additionally, deployment permissions allow you to deploy all assets within a project, regardless of whether you have view or edit permissions for those assets.
- Manage access to project deployments across environments.
- Full access
- Manage deployments for an environment.
# Platform tools privileges
# Tools
Tools privileges
# Common data models
Privileges for the common data model
Full access
All Common data model permissions: View, edit, create, and delete.
View
View Common data models in the workspace.
Edit
Edit Common data models in the workspace.
Create
Create Common data models in the workspace.
Delete
Delete Common data models in the workspace.
# Custom OAuth profiles
Privileges for accessing custom OAuth profiles
Full access
All Custom OAuth profile permissions: view, edit, create, and delete.
View
View Custom OAuth Profiles and Enterprise Workbots.
Edit
Edit Custom OAuth Profiles and Enterprise Workbots.
Create
Create Custom OAuth Profiles and Enterprise Workbots.
Delete
Delete Custom OAuth Profiles and Enterprise Workbots.
# FileStorage UI
Privileges for the FileStorage UI
Full access
All FileStorage UI permissions: View and create.
View
View files and directories in the FileStorage UI.
Create
Create directories in the FileStorage UI.
# Message templates
Privileges for message templates
Full access
All Message template permissions: view, edit, create, and delete.
View
View Message templates in the workspace.
Edit
Edit Message templates in the workspace.
Create
Create Message templates in the workspace.
Delete
Delete Message templates in the workspace.
# People tasks
- Privilege for managing the people task tool
- Full access
- Access to the People task tool.
# Event streams
Privileges to the Event streams feature
Full access
All Event streams permissions: view, edit, create, and delete topics, as well as view history.
View
View Event topics in the workspace.
Edit
Edit Event topics in the workspace.
Create
Create Event topics in the workspace.
Delete
Delete Event topics in the workspace.
View history
View the message content in the Event topics messages list.
# Recipe lifecycle management
- Privileges to recipe lifecycle management
- Full access
- Access to the Recipe lifecycle management (RLCM) feature. This includes the ability to create manifests and view and interact with all assets included in manifests.
RLCM PRIVILEGES
The Recipe lifecycle management privilege can indirectly provide collaborators with access to assets that are normally restricted by their assigned permission scope. This is because the RLCM privilege grants access to all manifests within a workspace. This means that a collaborator with this privilege can view assets in a manifest, even if they wouldn't normally have access to the project that contains these assets.
For example:
User A
createsProject 1
and builds a manifest with RLCM and exports itUser B
has the RLCM permission but no access toProject 1
User B
can't accessProject 1
in the UI or use RLCM to build a manifest package withProject 1
assets
User B
can view, download, and use the export package that User A
created, which contains the Project 1
content.
Workato recommends regularly deleting manifests if you do not plan to provide access to the contents of these files to other users of Recipe lifecycle management (RLCM). This practice helps maintain the security and privacy of your data.
For enhanced security, you can use the Deployment feature. This feature leverages the export-import functionality to facilitate the transfer of assets, making it a more secure and efficient method to move assets across your environments.
Learn more about RLCM.
# Workbot
Privileges to manage the Workbot
Full access
All Workbot permissions: view, edit, create, and delete.
View
View installed Workbots in the workspace.
Edit
Edit installed Workbots in the workspace.
Create
Create Workbots in the workspace.
Delete
Delete installed Workbots in the workspace.
# Runtime user connections
Privileges to manage runtime user connections
Full access
All Runtime user connection permissions: view, edit, and delete.
View
View the Runtime user connections setting.
Edit
Edit the Runtime user connections setting.
Delete
Delete the Runtime user connections setting.
# Resources
Privileges to resources
Full access
All Resource permissions: view, edit, create, and delete.
View
View resources.
Edit
Edit resources.
Create
Create resources.
Delete
Delete resources.
# Logs
Privileges to logs
Full access
Access to all logs.
Typically, this privilege is reserved for Admin roles. You can grant it to custom roles.
# On-premise
On-premise privileges
# On-prem groups & agents
Privileges for on-prem groups & agents
Full access
Access all on-prem groups and agents in the workspace; view, edit, create, and delete.
View
View on-prem groups and agents.
Edit
Edit on-prem groups and agents.
Create
Create on-prem groups and agents.
Delete
Delete on-prem groups and agents.
# Connection - on-prem files
- Privilege for managing on-prem files connection. You can restrict who can create and manage connections for the file system of the machine where the on-prem agent is installed. Global connection setting takes precedence over this setting.
- Full access
- Access to create, edit, and delete on-prem files and on-prem files secondary connections.
# Connection - command line scripts
- Privilege for managing on-prem command line scripts connection. You can restrict who can create and manage connections for the command line script execution on the machine where the on-prem agent is installed. Global connection setting takes precedence over this setting.
- Full access
- Access to create, edit, and delete on-prem command line scripts connections.
# Apps portal
Workflow apps portal permissions
Define privileges to access the Workflow apps portal. Access to create a Workflow app is determined by Workflow app permissions. Access to a Workflow app's corresponding data table is determined by Data tables permissions.
# Settings
Allows users to manage settings, including branding, authentication, and more, for the Workflow apps portal.
- Full access
- Full access to Workflow apps portal settings, including branding, authentication, and more.
# Users and groups
Enables users to manage users and groups in the Workflow apps portal.
- Full access
- Full access to users and groups: Create, delete, and edit users and groups, manage group membership, and more.
# Data storage
Data storage privileges
# Lookup tables
Apply the following granular permissions to the lookup tables interface. The permissions you define here control access to all lookup tables that are accessible by this role: lookup tables that are scoped to All projects, and those scoped to a project that this role can access.
Full access
Enables all other permissions on Lookup tables.
View
Allows users to view all tables and their records.
Edit records
Allows users to add, edit, or delete records for all Lookup tables in the Lookup tables interface.
EDIT RECORDS WITH THE LOOKUP TABLES CONNECTOR
Collaborators can still edit records (add, update, or delete) using the lookup tables connector, but only for the lookup tables they have access to.
Create
Allows users to create new tables in the Lookup tables interface.
Delete
Allows users to delete tables.
Modify structure
Allows users to edit the schema (to add, remove, or edit columns) for any table.
# Environment properties
Apply the following granular permissions to Environment properties.
Full access
Enables all other permissions on Environment properties.
View
Allows users to view all Environment properties.
Edit records
Allows users to add, edit, or delete Environment properties.
Create
Allows users to create new Environment properties.
Delete
Allows users to delete Environment properties.
# API platform
API Platform privileges
# Dashboard & logs
- Privileges for using the dashboard and logs
- Full access
- Full privileges for dashboard & logs: View metrics in dashboard and details in logs.
# Collections & endpoints
Privileges for collections and endpoints
Full access
All collections and endpoints access: view, edit, create, and delete.
View
View collections and endpoints.
Edit
Edit collections and endpoints.
Create
Create collections and endpoints.
Delete
Delete collections and endpoints.
# Clients and access profiles
Privileges for using client and access profiles
Full access
All clients and access profiles permissions: view, edit, create, and delete.
View
View clients and access profiles.
Edit
Edit clients and access profiles.
Create
Create clients and access profiles.
Delete
Delete clients and access profiles.
# Policies
Privileges for using policies
Full access
All policy permissions: view, edit, create, and delete.
View
View policy.
Edit
Edit policy.
Create
Create policy.
Delete
Delete policy.
# Settings
- Privileges for API platform settings
- Full access
- Manage API prefix and custom domain.
# Connector SDK
Connector SDK privileges
# Connector SDK
- Connector SDK privileges
- Full access
- Full Connector SDK permissions: view, edit, create, and delete.
# Use in recipes
- Privileges for using the Connector SDK in recipes
- Full access
- Allow users to distribute custom connectors into this workspace.
# Insights
Insights privileges
- Choose the privileges that people with this role have for accessing Insights dashboards.
- Full access
- Complete access to the Insights feature, including the ability to View, Edit, Create, and Delete Insights dashboards.
- View
- View existing Insights dashboards.
- Edit
- Edit existing Insights dashboards.
- Create
- Create new Insights dashboards.
- Delete
- Delete Insights dashboards.
# Admin privileges
# Workspace admin
Workspace admin privileges
# Collaborators
- Manage collaborator privileges in the workspace
- Full access
- Manage collaborators in the workspace, including adding, editing, and removing collaborators.
# Collaborator roles (non-system)
- Manage non-system collaborator roles
- Full access
- View, edit, create, and delete custom collaborator roles in the workspace.
# Collaborator SAML SSO
- Manage access to SAML SSO, such as Okta, OneLogin, or other identity authentication providers
- Full access
- View and edit SAML SSO settings for the workspace.
# Developer API
- Manage access for developer API
- Full access
- View and edit developer API settings for the workspace.
# SCIM provisioning
- Manage SCIM provisioning settings
- Full access
- View and edit SCIM provisioning settings for the workspace.
# Workspace settings
- Manage workspace settings
- Full access
- View and edit various workspace settings.
# Environment settings
Environment settings privileges
# Activity audit
- Manage access to the activity audit logs
- Full access
- Access to view workspace activity in the Dashboard's Activity audit log. This permission grants the user the ability to view all activity logs, regardless of other access settings.
# Debug, Log and Security
- Manage debug, logs, and security settings
- Full access
- Access to view and edit the workspace’s environment-specific settings, including error alerts, network trace, data retention, and AWS IAM information.
# Manage customers privileges (Embedded only)
WHO CAN USE THIS FEATURE?
The Manage customers interface only appears for Embedded collaborators with permission to create or modify collaborator roles.
# Manage customers
Manage customers privileges
# Customers and customer managers
Manage access to the Customers and Customer managers tabs of the Embedded Admin console
Full access
All customers and customer managers permissions: View, manage, and delete customers and customer managers
View
View customers and customer managers
Manage
Add customers and assign customer managers
Delete
Delete customers and customer managers
# Shared connectors
Manage access to the Shared connectors tab of the Embedded admin console
Full access
All shared connectors permissions: View, manage, and delete shared connectors
View
View shared connectors
Manage
Manage shared connectors
Delete
Delete shared connectors
# Usage metrics and settings
Manage access to the Usage metrics and Settings tabs of the Embedded Admin console
Full access
All usage metrics and settings permissions: View and manage usage metrics and settings
View
View usage metrics and settings
Manage
Manage audit log streaming and branding settings. Note that only workspace owners and admins can manage audit log streaming.
# Automation HQ privileges
Automation HQ privileges
- Automation HQ
- Manage access to Automation HQ
- Full access
- Access to the Automation HQ functionality.
# Customer managers
- Define access to the customer manager API.
- Customer manager API
- Access all endpoints.
- List all customer managers.
- The ability to obtain a list of all customer managers.
- Update role for customer manager
- The ability to update a customer manager's role.
- Create new customer manager
- The ability to create a new customer manager.
- Delete customer manager
- The ability to delete a customer manager.
Last updated: 12/16/2024, 1:44:05 AM