System admin permissions
System administrators belong to groups with permissions to manage authorisation and integrations with SITS:Vision. System administrators may also belong to groups with permissions to create workflows. Developers integrating third-party systems belong to groups with permissions to manage API integrations and streams.
The table System admin details the features and corresponding authorisation area in system admin.
Feature |
Authorisation area |
Description |
---|---|---|
Authorisation |
Create roles and assign groups to roles. |
|
Data Engine |
Data Engine |
Data Engine is described separately. For more information, go to Data Engine permissions. |
Duplicate matching |
People area Settings |
Enable duplicate matching. |
API integrations |
Manage the API client credentials for integrations API access, such as the scopes that are granted to the client. |
|
View and edit applications, person data, reference data, and staff. | ||
Subscribe to events from admissions and reference data. | ||
View and edit reference data. |
||
SITS:Vision integration |
Permissions for integrations with SITS:Vision:
|
|
Maytas integrations |
Manage the API client credentials for integrations API access, such as the scopes that are granted to the client. |
|
Permissions for full or read-only access. |
||
Streams |
Manage Azure event streams and event forwarding. |
|
Workflow |
View and edit business entities, schemes, and workflows. |
The roles and permissions of the authorisation areas are as follows:
The Admin area defines the roles, permissions, groups to manage authorisation and custom attributes. The default role is Edge Administrator and the permissions are detailed in the table Admin roles and permissions.
Permissions | Edge Administrator | Description |
---|---|---|
Event forwarding - Manage | Yes | Manage event forwarding endpoints. |
Event history - Manage | Yes | Manage the event history. |
Manage API client credentials | Yes | Manage the API client credentials for integrations API access. |
Manage authorisation | Yes | Roles that can manage authorisation. |
Manage Azure streams | Yes | Manage Azure event streams. |
Show required permissions | Yes | Permissions for showing required permissions. |
The table Admissions integration details the permissions and the default role External administrator.
Permissions | External administrator | Description |
---|---|---|
Applicant - Edit | Yes | Edit the details of an applicant. |
Applicant - View | Yes | View the details of an applicant. |
Application - Delete | Yes | Delete applications |
Application completion status - Edit | Yes | Set the application completion status. |
Applications -Edit | Yes | Edit the details of applications. |
Applications - View | Yes | View the details of applications. |
Clearance check - Edit | Yes | Edit the clearance checks of an application. |
Clearance check - View | Yes | View the clearance checks of an application. |
Document - Edit | Yes | Edit the documents of an applicant, such as the passport. |
Document - View | Yes | View the documents of an applicant, such as the passport. |
Notes - Create | Yes | Create notes for an application. |
Notes - Edit | Yes | Edit notes for an application. |
Notes - View | Yes | View notes for an application. |
Person - Edit | Yes | Edit the person profile details. |
Person - View | Yes | View the person profile details. |
Person sensitive - Edit | Yes | Edit the sensitive characteristics of a person.
Person sensitive data will be available in a future release. |
Person sensitive - View | Yes | View the sensitive characteristics of a person.
Person sensitive data will be available in a future release. |
Reference data - Edit | Yes | Edit reference data. |
Reference data - View | Yes | View reference data. |
Staff - Edit | Yes | Edit staff details. |
Staff - View | Yes | View staff details. |
The table Events integration permissions shows the permission and the default role Events subscriber.
Permissions | Events subscriber | Description |
---|---|---|
Subscribe to events | Yes | Subscribe to events from the service with child areas to subscribe to events from admissions, reference data, and Maytas. |
The Integrations areas has the areas detailed below. Each areas detail the permissions for the default roles. Groups assigned to the roles must also be assigned to the Web apps area Applications.
Role | Integrations officer | Integrations supervisor | Description |
---|---|---|---|
Authorisation - Edit | Yes | No | View or edit the authorisation groups that users can be added to as part of a third-party integration. |
Authorisation - View | Yes | No | View or edit the authorisation groups that users can be added to as part of a third-party integration. |
Permissions | Integrations officer | Integrations supervisor | Description |
---|---|---|---|
Application errors - Edit | No | No | View or resolve errors for applications entering or leaving Admissions excluding SITS pipelines. |
Application errors - View | No | No | View or resolve errors for applications entering or leaving Admissions excluding SITS pipelines. |
Permissions | Integrations officer | Integrations supervisor | Description |
---|---|---|---|
Configuration - Edit | No | Yes | View the pipeline configuration and edit to manage pipeline configurations. |
Configuration - View | No | Yes | View the pipeline configuration and edit to manage pipeline configurations. |
Reports - View | Yes | Yes | View pipeline reports. |
Runs - Edit | No | Yes | View pipeline run information, including transformation errors. Edit to manage the pipeline triggers. |
Runs - View | Yes | Yes | View pipeline run information, including transformation errors. Edit to manage the pipeline triggers. |
Permissions | Integrations officer | Integrations supervisor | Description |
---|---|---|---|
UCAS settings - Edit | Yes | No | Edit settings for the UCAS Integration. |
UCAS import - Run | Yes | Yes | Import applications and reference data from UCAS. |
UCAS - View | Yes | Yes | View the latest UCAS imports and settings. |
The table Maytas integration details the permissions and the default role Maytas integration - Full access and Maytas integration - Read-only access.
Permissions | Maytas integration - Full access | Maytas integration - Read-only access | Description |
---|---|---|---|
Maytas integration - Read | Yes | Yes | Read access to Maytas APIs. |
Maytas integration - Write | Yes | No | Write access to Maytas APIs. |
The People area defines the roles and permissions for viewing and editing data on the person profile and using the duplicate match feature.
The default roles are as follows:
- People viewer
- Views information related to person.
- People officer
- View and edit information related to a person.
- People supervisor
- View, edit, and manage access to information related to a person.
- People manager
- View, edit, and manage access to information related to a person. People manage also has the People - Delete permission.
The People areas are detailed below.
The table Settings permissions defines the permission and default role that can enable the duplicate match feature.
Permissions | People viewer | People officer | People supervisor | People manager | Description |
---|---|---|---|---|---|
Duplicate match - Edit | No | No | No | No | Edit the settings for duplicate matching. |
The table Reference data integrations permissions details the permissions and the default role External administrator.
Permissions | External administrator | Description |
---|---|---|
Reference data - View | Yes | View imports and setting for reference data integrations. |
Reference data - Edit | Yes | Edit imports and setting for reference data integrations. |
The table Workflow permissions details the permissions and the default role Workflow viewer and Workflow administrator.
Permissions | Workflow viewer | Workflow administrator | Description |
---|---|---|---|
View business entities | Yes | Yes | View business entities. |
View workflow schemes | Yes | Yes | View workflow schemes. |
Edit workflow schemes | No | Yes | Edit workflow schemes. |