Configure administrative permissions

In the Management Portal at Setup > Administrative Roles, prevent unauthorized access to the Management Portal and Setup and Sync Tool. On the Administrative Roles tab, configure the permissions of an administrative role. This determines what the login account to which it is assigned is allowed to do.


Explanation and Tips


For each administrative role, you can set different permissions on the functionality of the Management Portal and Setup and Sync Tool:

  • Select Deny to hide the item. By default, the access permissions of a new administrative role are set to Deny.
  • Select Read to set read-only access (available for services, people, organizational context and data connections).
  • Select Modify to grant full access.
  • Select Inherit (blank) to let items inherit the access permissions of their parent (available for data connections, organizational context and services). You can also set explicit access permissions for these items that deviate from the permissions of the "parent".
  • In the section Attribute Value Visibility, specify permissions to modify restricted information in text and table service attributes, text and table people attributes and people identifiers. This includes any related placeholders. These values are shown as Evil eye to administrators with insufficient permissions to view restricted information. This functionality applies to the Management Portal only; restricted information is still shown in the Web Portal.

Multiple administrative roles

If you assign multiple administrative roles to a login account, the permissions of all roles are combined, in which the least restrictive permissions apply:

Example 1

Result: A login account that is assigned both administrative roles 1 and 2 gets Modify permissions on service A.

Example 2

Result: A login account with roles 1 and 2 gets Modify permissions on the Service Catalog page.

See also

Was this article useful?    

The topic was:



Not what I expected