06 August 2025

Platform permissions

System administrators belong to groups with permissions to manage authorisation and integrations with SITS:Vision and UCAS. System administrators may also belong to groups with permissions to create workflows. Developers integrating third-party systems belong to groups with permissions to manage API integrations and streams.

Groups must be assigned to the Web app Edge admin to access system admin.

The table Platform permissions details the features and corresponding authorisation areas.

Platform permissions
Feature	Authorisation area	Description
Authorisation	Admin	Manage authorisation to create roles and assign groups to roles.
Data Engine	Data Engine	Data Engine is described separately. For more information, go to Data Engine permissions.
Admissions integrations	Admin	Manage the API client credentials for integrations API access, such as the scopes that are granted to the client.
	Admissions integrations	View and edit applications, person data, reference data, and staff.
	Events integrations	Subscribe to events from Admissions, Callista, reference data, SITS, Visa sponsorship, and so on.
	Reference data integrations	View and edit reference data.
SITS:Vision integration and UCAS integration	Integrations	Permissions for integrations with SITS:Vision and UCAS: Authorisation management: details the authorisation groups that can be used to preconfigure applicants from a third-party system with access to Admissions features. Events and errors: view events and errors in applications. UCAS: configure the connection to the UCAS XML-Link.
Semestry	Admin	Manage the API client credentials for integrations API access, such as the scopes that are granted to the client.
Semestry	Semestry integrations	Read and write access to the Semestry APIs.
SITS integration	Admin	Manage the API client credentials for integrations API access, such as the scopes that are granted to the client.
SITS integration	SITS integrations	Read and write access to SITS students, reference data, module occurrences, and so on.
Streams	Admin	Manage Azure event streams and event forwarding.
Workflow	Workflow	View and edit business entities, schemes, and workflows.

The roles and permissions of the authorisation areas are as follows:

Admin

The Admin area defines the roles, permissions, groups to manage authorisation and custom attributes. The default role is Edge Administrator and the permissions are detailed in the table Admin roles and permissions.

Admin roles and permissions
Permissions	Edge Administrator	Description
Event forwarding - Manage	Yes	Manage event forwarding endpoints.
Event history - Manage	Yes	Manage the event history.
Manage API client credentials	Yes	Manage the API client credentials for integrations API access.
Manage authorisation	Yes	Roles that can manage authorisation.
Manage AWS streams	Yes	Manage AWS event streams.
Manage Azure streams	Yes	Manage Azure event streams.
Show required permissions	Yes	Permissions for showing required permissions.

Admissions integration

The table Admissions integration details the permissions and the default role External administrator.

Admissions integration
Permissions	External administrator	Description
Applicant – Edit	Yes	Edit the details of an applicant.
Applicant – View	Yes	View the details of an applicant.
Application – Delete	Yes	Delete applications
Application completion status – Edit	Yes	Set the application completion status.
Applications – Edit	Yes	Edit the details of applications.
Applications – View	Yes	View the details of applications.
Clearance check – Edit	Yes	Edit the clearance checks of an application.
Clearance check – View	Yes	View the clearance checks of an application.
Document – Edit	Yes	Edit the documents of an applicant, such as the passport.
Document – View	Yes	View the documents of an applicant, such as the passport.
Notes – Create	Yes	Create notes for an application.
Notes – Edit	Yes	Edit notes for an application.
Notes – View	Yes	View notes for an application.
Person – Edit	Yes	Edit the person profile details.
Person – View	Yes	View the person profile details.
Person sensitive – Edit	Yes	Edit the sensitive characteristics of a person. Person sensitive data will be available in a future release.
Person sensitive – View	Yes	View the sensitive characteristics of a person. Person sensitive data will be available in a future release.
Reference data – Edit	Yes	Edit reference data.
Reference data – View	Yes	View reference data.
Staff – Edit	Yes	Edit staff details.
Staff – View	Yes	View staff details.

Events integration

The table Events integration permissions shows the permission and the default role Events subscriber.

Events integration permissions
Permissions	Events subscriber	Description
Subscribe to events	Yes	Subscribe to events from the service with child areas to subscribe to events from Admissions, Callista, Maytas, reference data, and so on.

Integrations

The Integrations areas has the areas detailed below. Each areas detail the permissions for the default roles. Groups assigned to the roles must also be assigned to the Web apps area Applications.

Authorisation management
Role	Integrations officer	Integrations supervisor	Description
Authorisation – Edit	Yes	No	View or edit the authorisation groups that users can be added to as part of a third-party integration.
Authorisation – View	Yes	No	View or edit the authorisation groups that users can be added to as part of a third-party integration.

Events and errors
Permissions	Integrations officer	Integrations supervisor	Description
Application errors – Edit	No	No	View or resolve errors for applications entering or leaving Admissions.
Application errors – View	No	No	View or resolve errors for applications entering or leaving Admissions.

UCAS
Permissions	Integrations officer	Integrations supervisor	Description
UCAS settings – Edit	Yes	No	Edit settings for the UCAS Integration.
UCAS import – Run	Yes	Yes	Import applications and reference data from UCAS.
UCAS – View	Yes	Yes	View the latest UCAS imports and settings.

Reference data integration

The table Reference data integrations permissions details the permissions and the default role External administrator.

Reference data integration permissions
Permissions	External administrator	Description
Reference data – View	Yes	View imports and setting for reference data integrations.
Reference data – Edit	Yes	Edit imports and setting for reference data integrations.

Workflow

The table Workflow permissions details the permissions and the default role Workflow viewer and Workflow administrator.

Workflow permissions
Permissions	Workflow viewer	Workflow administrator	Description
View business entities	Yes	Yes	View business entities.
View workflow schemes	Yes	Yes	View workflow schemes.
Edit workflow schemes	No	Yes	Edit workflow schemes.