Contents x
    System Roles
    • 19 Sep 2023
    • 3 Minutes to read
    • Print
    • Dark
      Light
    Contents

    System Roles

    • Updated on 19 Sep 2023
    • 3 Minutes to read
    • Print
    • Dark
      Light
    Article Summary

    RapidIdentity uses Roles within the Roles module to manage access and authorization across modules and their respective components. These roles are often referred to within the product as Appliance Roles.  Below is a table that outlines each role and the privileges granted.


    Role NamePrivileges
    API Developer

    API Developer

    Allows access to the embedded RapidIdentity API Documentation located at /api/rest/api-docs

    The following endpoints are made available:

    • GET /api/rest/api-docs
    • GET /api/rest/api-docs/{filename.+\.css}
    • GET /api/rest/api-docs/{filename.+\.js}
    • GET /api/rest/swagger.json
    Note:

    If your RapidIdIdentity Cloud host name is identityautomation.rapididentity.com then you can access the API documentation at https://identityautomation.rapididentity.com/api/rest/api-docs


    Authentication API Consumer

    Authentication API Consumer

    Provides access to the /api/rest/authn/v1 RapidIdentity Cloud API endpoints

    Note:

    The list of the /api/rest/authn/v1 APIs can be found in the embedded RapidIdentity API documentation located at /api/rest/api-docs under authn-service


    Connect Administrator

    Connect Administrator

    Provides full access to the RapidIdentity Connect Module:

    • Can see all Connect Module Information
    • Can do all things related to files, jobs, logs, and status
    • Can do all things related to action sets
    • Can do all things related to RESTPoints, OAuth1, and OAuth2
    Connect Auditor

    Connect Auditor

    Provides limited access to RapidIdentity Connect:

    • Can view and export files, jobs, and logs
    • Can view and export action sets
    • Can view details of existing RESTPoints, OAuth1 Consumers, and OAuth2 Credentials
    Connect Operator

    Connect Operator

    Provides a read-only view of Connect with processing and export capabilities:

    • Can see all Connect module information
    • Can do all things related to files, jobs, logs, and status
    • Can view, export, and run Action Sets
    • Can view details of existing RESTPoints, OAuth1 Consumers, and OAuth2 Credentials
    District Manager

    District Manager

    Provides the following access by module:

    • Configuration 
      • General
        • Email Templates
          • Sponsorship
          • People
          • Requests
          • Mobile
      • Policies
        • Authentication
        • Challenge
        • Claim
        • Mobile Devices
        • Password
      • Security
        • Session Management
        • Grant Support Access
      • Systems
        • Identity Bridge
    • Files
      • District Manager cannot create shares, only view them.
    • People
      • Add Person
      • Settings
        • Delegations
        • Sponsorship Attributes
        • Sponsorship Templates
    • Roles
      • My Roles
        • Add Role
        • Reports
      • Shared with Me
        • There will be a set of pre-configured reports shared here. District Managers are not able to create these.
    • Requests
      • Entitlements
        • My Entitlements
        • Catalog
      • Tasks
        • Approvals
        • Certifications
    Insights Manager

    Insights Manager

    Provides full access to the Insights module

    Only an Insight Manager can:

    • Access Insights module settings
    Insights Viewer

    Insights Viewer

    Provides view-only access to all Insights dashboards, and the ability to do the following:

    • Drill down into dashboards
    • Export dashboards to PDF
    • Update filters on dashboards
    Portal Administrator

    Portal Administrator

    Note
    This role alone cannot access the Configuration module.

    Acts as the administrator for the following Portal modules:

    • Applications
    • People, Accounts, and Profiles
    • Dashboard
    • Files (Portal only, not Connect)
    • Roles
    • Reporting and Sponsorship
    • General Workflow
    Portal Dashboard Viewer

    Portal Dashboard Viewer

    Provides view-only access to the legacy dashboards in the Dashboard module

    Portal Help Desk

    Portal Help Desk

    Provides limited access to the People, Roles, and Requests module:

    • Access to Other Profiles in the People module
    • Access to the Other Sponsored Accounts in the People module
    • Access to create sponsored accounts for other sponsors
    • Access to Other Roles in the Roles module
    • Access to Activity in the Requests module
    Portal Reporting Manager

    Portal Reporting Manager

    Has a medium-level role within the Reports module:

    • Can create and manage saved Reports module reports
    • Can import Community reports
    • Can run reports
    Portal Reporting Viewer

    Portal Reporting Viewer

    A limited view of the Reports module:

    • Can only view and run saved Reports module reports
    Portal Role Manager

    Portal Role Manager

    Provides access to the Roles module.

    As a Portal Role Manager, you:

    • Gain access to My Roles in the Roles Module
    • Gain access to Team Roles in the Roles Module
    • Can become the owner or manager of a RapidIdentity Role
    Portal Role Viewer

    Portal Role Viewer

    Provides access to the Roles module

    As a Portal Role Viewer, you:

    • Gain access to Other Roles in the Roles module
    Portal Sponsor

    Portal Sponsor

    Enables an individual to become a sponsor for sponsored accounts

    As a Portal Sponsor, you:

    • Gain access to My Sponsored Accounts in the People module
    • Can create sponsored accounts as the sponsor or can designate another P
    Studio Administrator

    Studio Administrator

    High-level access to the Studio module:

    • Can perform all tasks within the Studio module
    Studio Auditor

    Studio Auditor

    Read-only access to the Studio module:

    • Can view all applications, their statuses, and Data Explorer
    Studio Operator

    Studio Operator

    Mid-level access to the Studio module:

    • Can view all applications, their status, and Data Explorer. Can also run Studio jobs
    Tenant Administrator

    Tenant Administrator

    Provides administrator access to the following RapidIdentity modules:

    • Dashboard
    • Applications
    • Connect
    • Files
    • People
      • Excluding My Sponsored Accounts, and the ability to become a sponsor
    • Roles
      • Excluding My Roles. and the ability to become a RapidIdentity Role owner or manager
    • Reports
      • Excluding My Reports, and access to the Community Reports
    • Requests
    • Configuration
      • If ProxyAs is enabled this role provides the ability to Proxy As

    System Administrator

    System Administrator

    Note     
    This configuration is a special use case. More information is available in Grant Support Access.

    High-level access to the Configuration settings for a tenant:

    • System role that enables configuration of a RapidIdentity Cloud Tenant
    • Can enable and disable an Identity Automation employee (e.g., Support Engineer) to log in to the tenant as a System Administrator
    Was this article helpful?
    What's Next