Version: 3.3

Roles

Roles define the permissions that Users have in UDMG. Users can perform all functions permitted by their assigned Role, which defines their system access boundaries.

Each User must be assigned exactly one predefined Role. Custom roles are not available.

info

For restricting action permissions at the Configuration Item level, see Business Services.

Assigning Roles

Users are assigned a Role upon creation. Admins can also change a User's Role by editing the User record. For more information, see Adding a User and Editing a User.

List of Roles

The following table summarizes the available Roles. For a full list of permissions for each Role, see Role Permissions.

info

System Administrators and Domain Administrators both have administrative permissions within their Domain. For simplicity, both Roles are often referred to collectively as "Admins" throughout the docs.

Name	Description
System Administrator	Manages global settings and creates new Domains. Exercises complete configuration and management control within the Primary Domain. The System Administrator Role includes all permissions of the Domain Administrator for the Primary Domain. info This Role is only available in the Primary Domain.
Domain Administrator	Exercises complete configuration and management control within a specific Domain.
Operator	Monitors Transfers, troubleshoots issues, and performs limited operational actions such as enabling or disabling Configuration Items.
Pipeline Management	Configures core Configuration Items (Accounts, Account Groups, Endpoints, and Pipelines) to facilitate file transfers within the Domain.
Read-only	Views all Configuration Items within the Domain without modification rights. info This Role is automatically given to all LDAP-created Users.

Role Permissions

The following tables show the full list of permissions for each Role. The tables are organized according to the UDMG Admin UI sidebar structure.

Key Definitions

C: Create
R: Read
U: Update
D: Delete
E/D: Enable/Disable
T: Test
S/S: Start/Stop

Monitoring

Page	Permission or UI Handling	System Admin	Domain Admin	Operator	Pipeline Management	Read-only
Transfers	Permission(s)	CRUD	CRUD	R	R	R
Transfers	UI	View/Edit	View/Edit	View	View/Edit	View
Task Instances	Permission(s)	CRUD	CRUD	R	R	R
Task Instances	UI	View/Edit	View/Edit	View	View/Edit	View
Shared Files	Permission(s)	CRUD	CRUD	R	R	R
Shared Files	UI	View/Edit	View/Edit	View	View/Edit	View

Configuration

Page	Permission or UI Handling	System Admin	Domain Admin	Operator	Pipeline Management	Read-only
Accounts	Permission(s)	CRUD + E/D	CRUD + E/D	R + E/D	CRUD + E/D	R
Accounts	UI	View/Edit	View/Edit	View	View/Edit	View
Account Groups	Permission(s)	CRUD + E/D	CRUD + E/D	R	CRUD + E/D	R
Account Groups	UI	View/Edit	View/Edit	View	View/Edit	View
Endpoints	Permission(s)	CRUD + E/D + S/S	CRUD + E/D + S/S	R + E/D + S/S	CRUD + E/D + S/S	R
Endpoints	UI	View/Edit	View/Edit	View	View/Edit	View
Pipelines	Permission(s)	CRUD + E/D	CRUD + E/D	R + E/D	CRUD + E/D	R
Pipelines	UI	View/Edit	View/Edit	View	View/Edit	View
Tasks	Permission(s)	CRUD	CRUD	R	CRUD	R
Tasks	UI	View/Edit	View/Edit	View	View/Edit	View
Credentials	Permission(s)	CRUD + E/D	CRUD + E/D	R + E/D	CRUD + E/D	R
Credentials	UI	View/Edit	View/Edit	View	View/Edit	View

General

Page	Permission or UI Handling	System Admin	Domain Admin	Operator	Pipeline Management	Read-only
Users	Permission(s)	CRUD	CRUD	R	R	R
Users	UI	View/Edit	View/Edit	View	None	View
Business Services	Permission(s)	CRUD	CRUD	R	R	R
Business Services	UI	View/Edit	View/Edit	View	View	View
Settings > LDAP Authentication - Users	Permission(s)	CRUD + T	CRUD + T	R + T	None	R
Settings > LDAP Authentication - Users	UI	View/Edit	View/Edit	View	None	View
Settings > LDAP Authentication - Accounts	Permission(s)	CRUD + T	CRUD + T	R + T	CRUD + T	R
Settings > LDAP Authentication - Accounts	UI	View/Edit	View/Edit	View	View/Edit	View
Settings > Banner Customization	Permission(s)	CRUD	CRUD	R	R	R
Settings > Banner Customization	UI	View/Edit	View/Edit	View	View	View
Settings > ICAP Scanner	Permission(s)	CRUD + E/D + Test	CRUD + E/D + Test	R + E/D + Test	None	R
Settings > ICAP Scanner	UI	View/Edit	View/Edit	View	None	View
Settings > IP Filtering - Endpoints	Permission(s)	CRUD + T	CRUD + T	R + T	CRUD + T	R
Settings > IP Filtering - Endpoints	UI	View/Edit	View/Edit	View	View/Edit	View
Settings > Single Sign-On (SSO) - Users	Permission(s)	CRUD + E/D	CRUD + E/D	R + E/D	None	R
Settings > Single Sign-On (SSO) - Users	UI	View/Edit	View/Edit	View	None	View
Settings > Single Sign-On (SSO) - Accounts	Permission(s)	CRUD + E/D	CRUD + E/D	R + E/D	CRUD + T	R
Settings > Single Sign-On (SSO) - Accounts	UI	View/Edit	View/Edit	View	View/Edit	View
Settings > Security - Security	Permission(s)	CRUD	CRUD	R	R	R
Settings > Security - Security	UI	View/Edit	View/Edit	View	View	View
Settings > Forward Proxy	Permission(s)	CRUD + E/D + Test	CRUD + E/D + Test	R + E/D + Test	None	R
Settings > Forward Proxy	UI	View/Edit	View/Edit	View	None	View

Global

Page	Permission or UI Handling	System Admin	Domain Admin	Operator	Pipeline Management	Read-only
Domains	Permission(s)	CRD	CRD	R	None	R
Domains	UI	View/Edit	View/Edit	View; only in Primary Domain	None	None
Cluster Nodes	Permission(s)	CRUD	CRUD	R	None	R
Cluster Nodes	UI	View/Edit	View/Edit	View; only in Primary Domain	None	None
Settings > Licensing	Permission(s)	CRUD	CRUD	R	None	R
Settings > Licensing	UI	View/Edit	View/Edit	View; only in Primary Domain	None	None
Settings > IP Filtering - Admin UI	Permission(s)	CRUD + T	None	R	None	None
Settings > IP Filtering - Admin UI	UI	View/Edit	None	View; only in Primary Domain	None	None

Others

Scope	System Admin	Domain Admin	Operator	Pipeline Management	Read-only
Audit	R	R	None	None	None
Sessions Endpoint	CRUD (Stop)	CRUD (Stop)	R	R	R
Transfers Schedules Endpoint	CRUD	CRUD	R	R	R
Reveal Endpoint	R	R	R	R	None

Assigning Roles​

List of Roles​

Role Permissions​

Monitoring​

Configuration​

General​

Global​

Others​