24 August 2023

System admin permissions

System administrators belong to groups with permissions to manage authorisation and integrations with SITS:Vision and UCAS. System administrators may also belong to groups with permissions to create workflows. Developers integrating third-party systems belong to groups with permissions to manage API integrations and streams.

Groups must be assigned to the Web app Edge admin to access system admin.

The table System admin details the features and corresponding authorisation area in system admin.

System admin features
Feature	Authorisation area	Description
Authorisation	Admin	Create roles and assign groups to roles.
Custom attributes	Admin	Manage custom attributes in admissions settings. Admissions settings are described separately, go to Admissions settings permissions.
Data Engine	Data Engine	Data Engine is described separately. For more information, go to Data Engine permissions.
Duplicate matching	People area Settings	Enable duplicate matching.
API integrations	Admin	Manage the API client credentials for integrations API access, such as the scopes that are granted to the client.
	Admissions integrations	View and edit applications, person data, reference data, and staff.
	Events integrations	Subscribe to events from admissions and reference data.
	Reference data integrations	View and edit reference data.
SITS:Vision integration and UCAS integration	Integrations	Permissions for integrations with SITS:Vision and UCAS: Authorisation management: details the authorisation groups that can be used to preconfigure applicants from a third-party system with access to Admissions features. Events and errors: view events and errors in applications. SITS pipeline: configure the secure connection between the SITS:Vision database and Admissions. UCAS: configure the connection to the UCAS XML-Link.
Maytas integrations	Admin	Manage the API client credentials for integrations API access, such as the scopes that are granted to the client.
Maytas integrations	Maytas integrations	Permissions for full or read-only access.
Streams	Admin	Manage Azure event streams and event forwarding.
Workflow	Workflow	View and edit business entities, schemes, and workflows.

The roles and permissions of the authorisation areas are as follows:

Admin

The Admin area defines the roles, permissions, groups to manage authorisation and custom attributes. The default role is Edge Administrator and the permissions are detailed in the table Admin roles and permissions.

Admin roles and permissions
Permissions	Edge Administrator	Description
Event forwarding - Manage	Yes	Manage event forwarding endpoints.
Event history - Manage	Yes	Manage the event history.
Manage API client credentials	Yes	Manage the API client credentials for integrations API access.
Manage authorisation	Yes	Roles that can manage authorisation.
Manage Azure streams	Yes	Manage Azure event streams.
Manage custom attributes	Yes	Roles that can manage custom attributes in admissions settings.

Admissions integrations

The table Admissions integrations details the permissions and the default role External administrator.

Applications permissions
Permissions	External administrator	Description
Applicant - Edit	Yes	Edit the details of an applicant.
Applicant - View	Yes	View the details of an applicant.
Application - Delete	Yes	Delete applications
Application completion status - Edit	Yes	Set the application completion status.
Applications -Edit	Yes	Edit the details of applications.
Applications - View	Yes	View the details of applications.
Clearance check - Edit	Yes	Edit the clearance checks of an application.
Clearance check - View	Yes	View the clearance checks of an application.
Document - Edit	Yes	Edit the documents of an applicant, such as the passport.
Document - View	Yes	View the documents of an applicant, such as the passport.
Notes - Create	Yes	Create notes for an application.
Notes - Edit	Yes	Edit notes for an application.
Notes - View	Yes	View notes for an application.
Person - Edit	Yes	Edit the person profile details.
Person - View	Yes	View the person profile details.
Person sensitive - Edit	Yes	Edit the sensitive characteristics of a person. Person sensitive data will be available in a future release.
Person sensitive - View	Yes	View the sensitive characteristics of a person. Person sensitive data will be available in a future release.
Reference data - Edit	Yes	Edit reference data.
Reference data - View	Yes	View reference data.
Staff - Edit	Yes	Edit staff details.
Staff - View	Yes	View staff details.

Events integration

The table Events integration permissions shows the permission and the default role Events subscriber.

Events integration permissions
Permissions	Events subscriber	Description
Subscribe to events	Yes	Subscribe to events from the service with child areas to subscribe to events from admissions, reference data, and Maytas.

Integrations

The Integrations areas has the areas detailed below. Each areas detail the permissions for the default roles. Groups assigned to the roles must also be assigned to the Web apps area Applications.

Authorisation management
Role	Integrations officer	Integrations supervisor	Description
Authorisation - Edit	Yes	No	View or edit the authorisation groups that users can be added to as part of a third-party integration.
Authorisation - View	Yes	No	View or edit the authorisation groups that users can be added to as part of a third-party integration.

Events and errors
Permissions	Integrations officer	Integrations supervisor	Description
Application errors - Edit	No	No	View or resolve errors for applications entering or leaving Admissions excluding SITS pipelines.
Application errors - View	No	No	View or resolve errors for applications entering or leaving Admissions excluding SITS pipelines.

SITS pipeline
Permissions	Integrations officer	Integrations supervisor	Description
Configuration - Edit	No	Yes	View the pipeline configuration and edit to manage pipeline configurations.
Configuration - View	No	Yes	View the pipeline configuration and edit to manage pipeline configurations.
Reports - View	Yes	Yes	View pipeline reports.
Runs - Edit	No	Yes	View pipeline run information, including transformation errors. Edit to manage the pipeline triggers.
Runs - View	Yes	Yes	View pipeline run information, including transformation errors. Edit to manage the pipeline triggers.

UCAS
Permissions	Integrations officer	Integrations supervisor	Description
UCAS settings - Edit	Yes	No	Edit settings for the UCAS Integration.
UCAS import - Run	Yes	Yes	Import applications and reference data from UCAS.
UCAS - View	Yes	Yes	View the latest UCAS imports and settings.

Maytas integration

The table Maytas integration details the permissions and the default role Maytas integration - Full access and Maytas integration - Read-only access.

Maytas integration
Permissions	Maytas integration - Full access	Maytas integration - Read-only access	Description
Maytas integration - Read	Yes	Yes	Read access to Maytas APIs.
Maytas integration - Write	Yes	No	Write access to Maytas APIs.

People

The People area defines the roles and permissions for viewing and editing data on the person profile and using the duplicate match feature.

The default roles are as follows:

People viewer: Views information related to person.
People officer: View and edit information related to a person.
People supervisor: View, edit, and manage access to information related to a person.
People manager: View, edit, and manage access to information related to a person. People manage also has the People - Delete permission.

The People areas are detailed below.

Settings

The table Settings permissions defines the permission and default role that can enable the duplicate match feature.

Settings permissions
Permissions	People viewer	People officer	People supervisor	People manager	Description
Duplicate match - Edit	No	No	No	No	Edit the settings for duplicate matching.

Reference data integration

The table Reference data integrations permissions details the permissions and the default role External administrator.

Reference data integration permissions
Permissions	External administrator	Description
Reference data - View	Yes	View imports and setting for reference data integrations.
Reference data - Edit	Yes	Edit imports and setting for reference data integrations.

Workflow

The table Workflow permissions details the permissions and the default role Workflow viewer and Workflow administrator.

Workflow permissions
Permissions	Workflow viewer	Workflow administrator	Description
View business entities	Yes	Yes	View business entities.
View workflow schemes	Yes	Yes	View workflow schemes.
Edit workflow schemes	No	Yes	Edit workflow schemes.