System Roles
  • 07 Mar 2025
  • 3 Minutes to read
  • Dark
    Light

System Roles

  • Dark
    Light

Article summary

RapidIdentity uses groups within the Groups module to manage access and authorization across modules and their respective components. These groups are often referred to within the product as Appliance Roles. Below is a table that outlines each group, the corresponding Appliance Role, and the privileges granted.

Security Group Name

(Groups Module)

Appliance Role Name

(Configuration)

Privileges

API Developer

API Developer

API Developer

Allows access to the embedded RapidIdentity API Documentation located at /api/rest/api-docs

The following endpoints are made available:

  • GET /api/rest/api-docs

  • GET /api/rest/api-docs/{filename.+\.css}

  • GET /api/rest/api-docs/{filename.+\.js}

  • GET /api/rest/swagger.json

Note:

If your RapidIdIdentity Cloud host name is identityautomation.rapididentity.com then you can access the API documentation at https://identityautomation.rapididentity.com/api/rest/api-docs


Authentication API Consumer

Authentication API Consumer

Authentication API Consumer

Provides access to the /api/rest/authn/v1 RapidIdentity Cloud API endpoints

Note:

The list of the /api/rest/authn/v1 APIs can be found in the embedded RapidIdentity API documentation located at /api/rest/api-docs under authn-service


Connect Administrator

Connect Admin

Connect Administrator

Provides full access to the RapidIdentity Connect Module:

  • Can see all Connect Module Information

  • Can do all things related to files, jobs, logs, and status

  • Can do all things related to action sets

  • Can do all things related to RESTPoints, OAuth1, and OAuth2

Connect Auditor

Connect Auditor

Connect Auditor

Provides limited access to RapidIdentity Connect:

  • Can view and export files, jobs, and logs

  • Can view and export action sets

  • Can view details of existing RESTPoints, OAuth1 Consumers, and OAuth2 Credentials

Connect Operator

Connect Operator

Connect Operator

Provides a read-only view of Connect with processing and export capabilities:

  • Can see all Connect module information

  • Can do all things related to files, jobs, logs, and status

  • Can view, export, and run Action Sets

  • Can view details of existing RESTPoints, OAuth1 Consumers, and OAuth2 Credentials

District Manager

District Manager

District Manager

Provides the following access by module:

  • Configuration 

    • General

      • Email Templates

        • Sponsorship

        • People

        • Requests

        • Mobile

    • Policies

      • Authentication

      • Challenge

      • Claim

      • Mobile Devices

      • Password

    • Security

      • Session Management

      • Grant Support Access

    • Systems

      • Identity Bridge

  • Files

    • District Manager cannot create shares, only view them.

  • People

    • Add Person

    • Settings

      • Delegations

      • Sponsorship Attributes

      • Sponsorship Templates

  • Roles

    • My Roles

      • Add Role

      • Reports

    • Shared with Me

      • There will be a set of pre-configured reports shared here. District Managers are not able to create these.

  • Requests

    • Entitlements

      • My Entitlements

      • Catalog

    • Tasks

      • Approvals

      • Certifications

Insights Manager

Insights Manager

Insights Manager

Provides full access to the Insights module

Only an Insight Manager can:

  • Access Insights module settings

Insights Viewer

Insights Viewer

Insights Viewer

Provides view-only access to all Insights dashboards, and the ability to do the following:

  • Drill down into dashboards

  • Export dashboards to PDF

  • Update filters on dashboards

Portal Administrator

Portal Profiles Admin

Portal Administrator

Note

This role alone cannot access the Configuration module.

Acts as the administrator for the following Portal modules:

  • Applications

  • People, Accounts, and Profiles

  • Dashboard

  • Files (Portal only, not Connect)

  • Roles

  • Reporting and Sponsorship

  • General Workflow

Portal Dashboard Viewer

Portal Dashboard Viewer (Summary & Details, Summary, & Executive)

Portal Dashboard Viewer

Provides view-only access to the legacy dashboards in the Dashboard module

Portal Help Desk

Portal Profiles Helpdesk

Portal Help Desk

Provides limited access to the People, Roles, and Requests module:

  • Access to Other Profiles in the People module

  • Access to the Other Sponsored Accounts in the People module

  • Access to create sponsored accounts for other sponsors

  • Access to Other Roles in the Roles module

  • Access to Activity in the Requests module

Portal Reporting Manager

Portal Reporting Manager

Portal Reporting Manager

Has a medium-level role within the Reports module:

  • Can create and manage saved Reports module reports

  • Can import Community reports

  • Can run reports

Portal Reporting Viewer

Portal Reporting Viewer

Portal Reporting Viewer

A limited view of the Reports module:

  • Can only view and run saved Reports module reports

Portal Role Manager

Portal Group Manager

Portal Role Manager

Provides access to the Roles module.

As a Portal Role Manager, you:

  • Gain access to My Roles in the Roles Module

  • Gain access to Team Roles in the Roles Module

  • Can become the owner or manager of a RapidIdentity Role

Portal Role Viewer

Portal Group Viewer

Portal Role Viewer

Provides access to the Roles module

As a Portal Role Viewer, you:

  • Gain access to Other Roles in the Roles module

Portal Sponsor

Portal Sponsorship Sponsor

Portal Sponsor

Enables an individual to be a sponsor

As a Portal Sponsor, you:

  • Gain access to the My Sponsored Accounts system delegation in the People module

  • Can create sponsored accounts or sponsored accounts can be assigned to you to manage by another sponsor

Studio Administrator

Studio Admin

Studio Administrator

High-level access to the Studio module:

  • Can perform all tasks within the Studio module

Studio Auditor

Studio Auditor

Studio Auditor

Read-only access to the Studio module:

  • Can view all applications, their statuses, and Data Explorer

Studio Operator

Studio Operator

Studio Operator

Mid-level access to the Studio module:

  • Can view all applications, their status, and Data Explorer. Can also run Studio jobs

Tenant Administrator

Tenant Admin

Tenant Administrator

Provides administrator access to the following RapidIdentity modules:

  • Dashboard

  • Applications

  • Connect

  • Files

  • People

    • Excluding My Sponsored Accounts, and the ability to become a sponsor

  • Roles

    • Excluding My Roles. and the ability to become a RapidIdentity Role owner or manager

  • Reports

    • Excluding My Reports, and access to the Community Reports

  • Requests

  • Configuration

    • If ProxyAs is enabled this role provides the ability to Proxy As


System Administrator

System Admin

System Administrator

Note     

This configuration is a special use case. More information is available in Grant Support Access.

High-level access to the Configuration settings for a tenant:

  • System role that enables configuration of a RapidIdentity Cloud Tenant

  • Can enable and disable an Identity Automation employee (e.g., Support Engineer) to log in to the tenant as a System Administrator


Was this article helpful?