Roles & permissions summary
Last updated
Last updated
This page details roles and permissions for key areas of the Patchworks platform. User accounts can be associated with one of four possible roles:
Administrator
Manager
User
Read-only
The tables below summarise dashboard access by role. It's important to be aware that available features are determined by your core subscription tier. So, although a user's role might be associated with permissions to access a given feature, that feature is only available if it's included in the active subscription tier - think of it as 'tier trumps role'. For example:
All permissions refer to entities associated with your own company profile. If you manage multiple company profiles, please see our Multi-company profiles section for more information.
If you haven't upgraded to Core yet and are still using services to sync data, please check for roles & permissions information that's specific to services.
When someone registers for a Patchworks account, they are assigned to the administrator role, automatically. This user can go on to create additional users and/or assign roles to other users as needed.
Typically, there is one administrator for each organisation. If you require more than one user with this role, please raise a support request.
The tables below summarise access by role for key tasks within the Patchworks dashboard:
Company permissions refer to features that are available from settings > my company profile.
| Task | Allowed roles |
|---|---|
View company profile | administratormanageruserread-only |
Update company profile name | administrator |
Update company profile contact information | administratormanager |
Add & manage banner messages | administrator |
Delete company profile | administrator |
Company user permissions refer to features that are available from settings > my company profile > extra > users.
| Task | Allowed roles |
|---|---|
View company users | administratormanageruserread-only |
Search company users | administratormanageruserread-only |
Create company user with an | patchworks support |
Create a company user with a | administrator |
Create a company user with a | administratormanager |
Update details for an existing company user (all roles) | administratormanager |
Elevate an existing | administratormanager |
Elevate an existing | administrator |
Elevate an existing | patchworks support |
Reduce an existing | administratormanager |
Reduce another | patchworks support |
Trigger password reset password for a company user | administratormanager |
Update own user details | administratormanager |
Elevate or reduce own role | none |
Enable/disable own MFA | administratormanageruserread-only |
Delete company user | administratormanager |
Delete own user profile | administratormanager |
Company insights refers to your account summary company insights page.
| Task | Allowed roles |
|---|---|
View company insights | administratormanageruserread-only |
Permissions in this section are only relevant if you use Patchworks to manage multiple companies - i.e. you have a multi-company profile with one or more linked companies.
| Task | Allowed roles |
|---|---|
Adding & linking a new company to your multi-company profile | patchworks supportadministrator |
Switch in & out of linked companies | administratormanager |
Update subscriptions for linked companies | patchworks supportadministrator |
View linked companies for your multi-company profile | administratormanager |
Un-linking a company from your multi-company profile | patchworks support |
View team members for own company | administratormanageruserread-only |
Create new team member to manage a linked company | administrator |
Assign user roles for an existing team member | administratormanager |
View team members who manage a linked company | administratormanager |
Grant & revoke access for team members to manage a linked company | administratormanager |
Trigger a password reset for an existing team member | administratormanager |
Removing a team member account | administratormanager |
View 'native' users for a linked company | administratormanager |
Create a new 'native' user for a linked company | administratormanager |
Assign user roles for an existing 'native' company user | administratormanager |
Trigger a password reset for an existing 'native' company user | administratormanager |
Remove a 'native' linked company user from their company profile | administratormanager |
Marketplace permissions refer to features that are available from the marketplace page.
| Task | Allowed roles |
|---|---|
Install marketplace blueprints | administratormanager |
Build blueprints | administrator |
Browse & view marketplace connectors | administratormanageruserread-only |
Install marketplace connectors | administratormanager |
Update marketplace connectors | administratormanager |
Browse & view marketplace process flows | administratormanageruserread-only |
Install marketplace process flows | administratormanager |
Browse marketplace scripts | administratormanageruserread-only |
Preview script from scripts list | administratormanageruserread-only |
Install marketplace scripts | administratormanager |
Private marketplace permissions refer to features available to work with private marketplace resources.
| Task | Allowed roles |
|---|---|
View private marketplace | administratormanageruserread-only |
Install resources (blueprints, connectors, process flows, scripts, cross-reference lookups) | administratormanager |
Upload resources (blueprints, connectors, process flows, scripts, cross-reference lookups) | administrator |
Connector permissions refer to features that are available from the my connectors page.
| Task | Allowed roles |
|---|---|
Browse installed connectors | administratormanageruserread-only |
View installed connector settings | administratormanager |
Update installed connector settings | administratormanager |
Delete installed connectors | administratormanager |
Connector instance permissions refer to features that are available from the my connectors page.
| Task | Allowed roles |
|---|---|
View connector instances | administratormanageruserread-only |
View connector instance settings | administratormanageruserread-only |
Update connector instance settings | administratormanager |
Delete connector instances | administratormanager |
Process flow permissions refer to features that are available from the process flows page.
| Task | Allowed roles |
|---|---|
View process flow list | administratormanageruserread-only |
View canvas content for existing process flows | administratormanageruserread-only |
Create process flows (add/update/remove shapes) | administratormanager |
Update process flows (add/update/remove shapes) | administratormanager |
Create cache (cache shape settings) | administratormanager |
Create data pool (de-dupe shape settings) | administratormanager |
Delete process flows | administratormanager |
Run process flow manually | administratormanager |
Enable & deploy process flows (process flow settings) | administratormanager |
Apply/remove labels (process flow settings) | administratormanager |
Create labels (process flow settings) | administratormanager |
Apply/remove email failure groups (process flow settings) | administratormanager |
Add flow variables (process flow settings) | administratormanager |
Update flow variables (process flow settings) | administratormanager |
Remove flow variables (process flow settings) | administratormanager |
Duplicate process flow (process flow settings) | administratormanager |
Run logs permissions refer to features that are available from the run logs page.
| Task | Allowed roles |
|---|---|
View run logs list | administratormanageruserread-only |
View run logs | administratormanageruserread-only |
View run logs (classic) | administratormanageruserread-only |
View run log details | administratormanageruserread-only |
Download run logs | administratormanager |
View run log payloads | administratormanageruserread-only |
Download run log payloads | administratormanager |
Stop process flow | administratormanager |
General settings permissions refer to features that are available from the settings page.
| Task | Allowed roles |
|---|---|
Manage own account settings | administratormanager |
View notification groups | administratormanageruserread-only |
Add & manage notification groups | administratormanager |
View audit logs | administratormanageruserread-only |
Search audit logs | administratormanageruserread-only |
View labels | administratormanager |
Add & manage labels | administratormanager |
View data pools | administratormanageruserread-only |
Add & manage data pools | administratormanager |
For my company profile permissions see company permissions and company users.
Custom script permissions refer to features that are available from the scripts page.
| Task | Allowed roles |
|---|---|
View custom scripts list | administratormanageruserread-only |
View custom script details | administratormanageruserread-only |
Create custom scripts | administratormanager |
Update custom scripts | administratormanager |
Delete custom scripts | administratormanager |
Cross-reference lookup permissions refer to features that are available from the cross-reference lookups page.
| Task | Allowed roles |
|---|---|
View installed cross-reference lookups | administratormanageruserread-only |
Search installed cross-reference lookups | administratormanageruserread-only |
View cross-reference lookup values | administratormanager |
Add & manage cross-reference values | administratormanager |
Delete cross-reference lookups | administratormanager |
Cache permissions refer to features that are available from the data caches page.
| Task | Allowed roles |
|---|---|
View existing cache lists | administratormanageruserread-only |
Search existing caches | administratormanageruserread-only |
View existing cache details | administratormanageruserread-only |
Update existing cache details | administratormanager |
View existing cache contents | administratormanageruserread-only |
Clear existing cache contents | administratormanager |
Delete caches | administratormanager |
| Task | Allowed roles |
|---|---|
Obtain API token | administratormanageruserread-only |
Initialise process flow with payload | administratormanageruserread-only |
Bob is assigned the manager role
By default, the manager role has required permissions to create and update custom scripts
Bob's company is associated with a standard subscription tier, which permits read-only access to existing custom scripts and other advanced features
Bob can view any existing custom scripts (for example, that have been installed via blueprints), but he cannot make any changes and he cannot create his own scripts
Jack is assigned the manager role
By default, the manager role has required permissions to create and update custom scripts
Jack's company is associated with a professional subscription tier, which permits full access to custom scripts and other advanced features
Jack can view, create and update custom scripts as needed