Standard Roles

   Journey Manager (JM) The transaction engine for the platform.  |    System Manager / DevOps  |   21.11 This feature was updated in 21.11.

Manager provides roles and permissions to control user access to form spaces and modules. You can use this functionality to grant users specific access that matches the functions they are permitted to perform within each space or module. Manager checks what privileges a user has when logged into a form space or module. The roles granted to a user determine these privileges and controls what they can see and do within that space or module.

Before either adding extra roles or granting roles to your users, it is important to understand the following concepts:

  • A user, via their user account, can be granted one or more roles.
  • A role sanctions a group of permissions related to a function that is to be performed within a space or module. That is, a role is a group of permissions that is relevant only to the intended space or module.
  • Each form space or module have a list of valid permissions available to assign to a role. That is, the role may only grant the types of access relevant to that space or module.
  • Each role is mostly for one form space or module, but can be for more than one.
  • Each permission is normally for one form space or module, but can be for more than one.

The diagram below depicts the conceptual data model for users logging into spaces or modules and their required roles and permissions.

Out of the box, Manager comes with the standard set of roles. Each role is already configured with its permissions for each standard form space and module. It is possible to alter the standard roles as well as add new ones. However, it is recommended to preserve the standard set and, only when essential, add new roles. It is also important to understand what privileges each of the roles provide before assigning them to your users.

Manager has the following standard roles:

Role Description

Administrator

This is the most privileged role. There should be minimal need to use this role once the system has been installed, especially not in Production. The exception would be for the duration needed to perform a deployment where organizational or user roles need to be altered or imported. Regular form upgrades can be done with the System Manager role.

Avoka Exchange

Allows a user to review and install Exchange components.

Developer

Allows users to develop and manage applications. This role is identical to the System Manager role but has been retained for historical reasons. The Developer role should not be used in production environments. You should use the System Manager role for system configuration and installation in production.

Maestro Administrator

Allows a user to use the developer functions, plus create and delete projects, import and export files and libraries.

Maestro Developer

Allows a user to use most of Maestro and the Maestro editor functionality. This is the default role, which is granted to both Form Builders and Template Designers.

Maestro SCM Design

Allows a user to use Maestro SCM with Designs.

Maestro SCM Org Library

Allows a user to use Maestro SCM with Organization Libraries.

Maestro SCM Project

Allows a user to use Maestro SCM with Projects that include project's branches and tags.

Maestro Site Administrator

Allows a user to administer a Maestro instance at a global level.

Maguire Staff

Allows a user to use Journey Space form space.

Manager

Allows users to perform operations, monitoring and management of submission transactions and collaboration jobs as a Manager. This role has limited access to customer submission data, such as receipts.

Operations

Allows a user to monitor and manage form transactions

Organization Administrator

Allows a user to test Users and Permissions.

Organization User Manager

Allows a user to manage user accounts for their organization.

REST Delivery

Allows a user to perform submission delivery by invoking REST Delivery Service.

Security Manager Role

Allows a user to test Security Manager Permission.

Service Test Administrator

Allows a user to test Users and Permission service Definition.

ServiceUser

Allows scheduled Groovy services run as ServiceUser, which defaults to a admin level role. This role can be limited to enhance the security around these services, if required.  |  21.11 This feature was introduced in 21.11.

System Manager

This is a role for users who are almost as privileged as an administrator, except they cannot view submission data or create users and roles. This role should only be used where extensive system access is required.

System Support

This is a role for users to be able to do basic troubleshooting and triage of issues. This is the least privileged role in Manager.

Test Role

Allows a user to run test cases.

Transact Insights

Allows a user to use Journey Analytics.

Transact Insights Administrator

Allows a user to change global settings for Journey Analytics.

Transaction Data Access

Allows users to be able to view the form submission XML and receipt data, which is sensitive personal data that needs to be protected.

Journey Space Staff

Allows Journey Space users to use the portal

Workspaces Staff

For business Journey Workspaces Overview users.

Workspaces Api Test Role

Allows a user to test Workspaces API Test.

Note

To see this list in Manager, see view roles.

The roles depend on the functions that each team member performs. The following table is an example of how your team can be set up with specific roles:

Teams Development UAT Staging Production

Implementation

Form Builder

System Manager. Transaction Data Access

System Manager. Transaction Data Access

No Access

No Access

Manager Developer

Tech Lead

Administrator

Administrator

Administrator

Transaction Data Access

No Access

Manager Tester

Operations

Operations

Operations

Operations

Operations

System Administrator

Administrator

Administrator

Administrator

System Manager. Organization User Manager

Form User Support Operations

Operations. System Manager

Operations. System Manager

Operations. System Manager

Operations. System Manager

Temenos Teams

Support Engineers. Tech Lead

Administrator

Administrator

System Manager

System Operator

Development Teams

Developer

Developer

No Access

No Access

Next, learn about permissions.