Standard Roles
Journey Manager (JM) The transaction engine for the platform. | System Manager / DevOps | 21.11 This feature was updated in 21.11.
Manager provides roles and permissions to control user access to form spaces and modules. You can use this functionality to grant users specific access that matches the functions they are permitted to perform within each space or module. Manager checks what privileges a user has when logged into a form space or module. The roles granted to a user determine these privileges and controls what they can see and do within that space or module.
Before either adding extra roles or granting roles to your users, it is important to understand the following concepts:
- A user, via their user account, can be granted one or more roles
- A role sanctions a group of permissions related to a function that is to be performed within a space or module. That is, a role is a group of permissions that is relevant only to the intended space or module
- Each form space or module have a list of valid permissions available to assign to a role. That is, the role may only grant the types of access relevant to that space or module.
- Each role is mostly for one form space or module, but can be for more than one
- Each permission is normally for one form space or module, but can be for more than one
The diagram below depicts the conceptual data model for users logging into spaces or modules and their required roles and permissions.
Out of the box, Manager comes with the standard set of roles. Each role is already configured with its permissions for each standard form space and module. It is possible to alter the standard roles as well as add new ones. However, it is recommended to preserve the standard set and, only when essential, add new roles. It is also important to understand what privileges each of the roles provide before assigning them to your users.
Manager has the following standard roles:
| Role | Description |
|---|---|
|
Administrator |
This is the most privileged role. There should be minimal need to use this role once the system has been installed, especially not in Production. The exception would be for the duration needed to perform a deployment where organizational or user roles need to be altered or imported. Regular form upgrades can be done with the System Manager role. |
|
Avoka Exchange |
Allows a user to review and install Exchange components. |
|
Developer |
Allows users to develop and manage applications. This role is identical to the System Manager role but has been retained for historical reasons. The Developer role should not be used in production environments. You should use the System Manager role for system configuration and installation in production. |
|
Maestro Administrator |
Allows a user to use the developer functions, plus create and delete projects, import and export files and libraries. |
|
Maestro Developer |
Allows a user to use most of Maestro and the Maestro editor functionality. This is the default role, which is granted to both Form Builders and Template Designers. |
| Maestro SCM Design |
Allows a user to use Maestro SCM with Designs. |
| Maestro SCM Org Library |
Allows a user to use Maestro SCM with Organization Libraries. |
| Maestro SCM Project |
Allows a user to use Maestro SCM with Projects that include project's branches and tags. |
|
Maestro Site Administrator |
Allows a user to administer a Maestro instance at a global level. |
|
Maguire Staff |
Allows a user to use Journey Space form space. |
|
Manager |
Allows users to perform operations, monitoring and management of submission transactions and collaboration jobs as a Manager. This role has limited access to customer submission data, such as receipts. |
|
Operations |
Allows a user to monitor and manage form transactions |
|
Organization Administrator |
Allows a user to test Users and Permissions. |
|
Organization User Manager |
Allows a user to manage user accounts for their organization. |
|
REST Delivery |
Allows a user to perform submission delivery by invoking REST Delivery Service. |
|
Security Manager Role |
Allows a user to test Security Manager Permission. |
|
Service Test Administrator |
Allows a user to test Users and Permission service Definition. |
|
ServiceUser |
Allows scheduled Groovy services run as ServiceUser, which defaults to a admin level role. This role can be limited to enhance the security around these services, if required. | 21.11 This feature was introduced in 21.11. |
|
System Manager |
This is a role for users who are almost as privileged as an administrator, except they cannot view submission data or create users and roles. This role should only be used where extensive system access is required. |
|
System Support |
This is a role for users to be able to do basic troubleshooting and triage of issues. This is the least privileged role in Manager. |
|
Test Role |
Allows a user to run test cases. |
|
Transact Insights |
Allows a user to use Journey Analytics. |
|
Transact Insights Administrator |
Allows a user to change global settings for Journey Analytics. |
|
Transaction Data Access |
Allows users to be able to view the form submission XML and receipt data, which is sensitive personal data that needs to be protected. |
|
Journey Space Staff |
Allows Journey Space users to use the portal |
|
Workspaces Staff |
For business Journey Workspaces Overview users. |
|
Workspaces Api Test Role |
Allows a user to test Workspaces API Test. |
To see this list in Manager, see view roles.
The roles depend on the functions that each team member performs. The following table is an example of how your team can be set up with specific roles:
| Teams | Development | UAT | Staging | Production |
|---|---|---|---|---|
|
Implementation |
||||
|
System Manager. Transaction Data Access |
System Manager. Transaction Data Access |
No Access |
No Access |
|
|
Manager Developer Tech Lead |
Administrator |
Administrator |
Administrator Transaction Data Access |
No Access |
|
Manager Tester |
Operations |
Operations |
Operations |
Operations |
|
Operations |
||||
|
System Administrator |
Administrator |
Administrator |
Administrator |
System Manager. Organization User Manager |
|
Form User Support Operations |
Operations. System Manager |
Operations. System Manager |
Operations. System Manager |
Operations. System Manager |
|
Temenos Teams |
||||
|
Support Engineers. Tech Lead |
Administrator |
Administrator |
System Manager |
System Operator |
|
Development Teams |
Developer |
Developer |
No Access |
No Access |
Next, learn about permissions.