Roles
Roles define the permissions that Users have in UDMG. Users can perform all functions permitted by their assigned Role, which defines their system access boundaries.
Each User must be assigned exactly one predefined Role. Custom roles and granular permission management are not available. For details on each Role, see the List of Roles.
Assigning Roles
Users are assigned a Role upon creation. Admins can also change a User's Role by editing the User record. For more information, see Adding a User and Editing a User.
List of Roles
The following table summarizes the available Roles. For a full list of permissions for each Role, see Role Details.
System Administrators and Domain Administrators both have administrative permissions within their Domain. For simplicity, both Roles are often referred to collectively as "Admins" throughout the docs.
| Name | Description |
|---|---|
| System Administrator | Manages global settings and creates new Domains. Exercises complete configuration and management control within the Primary Domain. The System Administrator Role includes all permissions of the Domain Administrator for the Primary Domain. info This Role is only available in the Primary Domain. |
| Domain Administrator | Exercises complete configuration and management control within a specific Domain. |
| Operator | Monitors Transfers, troubleshoots issues, and performs limited operational actions such as enabling or disabling Configuration Items. |
| Pipeline Management | Configures core Configuration Items (Accounts, Account Groups, Endpoints, and Pipelines) to facilitate file transfers within the Domain. |
| Read-only | Views all Configuration Items within the Domain without modification rights. info This Role is automatically given to all LDAP-created Users. |
Role Details
This table shows a full list of permissions for each Role:
Key
- R: Read
- C: Create
- U: Update
- D: Delete
- E/D: Enable/Disable/Test
- S/S: Start/Stop
- V: Reveal (for credentials)
- All: All applicable permissions (R, C, U, D, E/D, S/S, V)
- Implicit: Session management is not controlled via direct role-based permissions. Session information is only accessible via the API.
| Scope | Read-only | Operator | Pipeline Management | Domain Admin | System Admin |
|---|---|---|---|---|---|
| Transfers | R | R | R | All | All |
| Shared Files | R | R | R | All | All |
| Accounts | R | R, E/D | All | All | All |
| Account Groups | R | R | All | All | All |
| Endpoints | R | R, S/S | All | All | All |
| Pipelines | R | R, E/D | All | All | All |
| Credentials | R | R, E/D, V | All | All | All |
| Users | R | R | - | All | All |
| Domain - Banner | R | R | R | All | All |
| Domain - User LDAP | R | R, E/D | - | All | All |
| Domain - Account LDAP | R | R, E/D | All | All | All |
| Domain - User SSO | R | R, E/D | - | All | All |
| Domain - Account SSO | R | R, E/D | All | All | All |
| Domain - IP Filtering - Endpoints | R | R, E/D | All | All | All |
| Domain - ICAP Scanning | R | R, E/D | - | All | All |
| Domain - Forward Proxy | R | - | - | All | All |
| Global - Domains | - | R | - | - | All |
| Global - Cluster Nodes | - | R | - | - | All |
| Global - Settings | - | - | - | - | All |
| Sessions | - | - | - | Implicit | Implicit |