Backoffice Roles
Introduction
Backoffice tenants can be configured into one of three roles. Each role has a set of permissions that alter functionality and visibility of content on the Backoffice.
The role of the current tenant can be viewed by clicking the user icon located in the top-right of the page.
This page will describe each of the available roles and their permissions.
If the Reviewer Role is unavailable, contact Daon Support for further information.
Admin Role
The Admin role is granted the full functionality and visibility of the Backoffice application.
| Page/ Functionality | View Access | Create/ Edit/ Delete |
|---|---|---|
| Process Definitions | Full search and view access | Full create, edit, and delete. Admin users can also search and export Process Definitions |
| Process Tokens | Full search and view access | Full create, edit, and delete access |
| Statistics | Full search and view access | |
| Process Instances | Full search and view access | Edit status, provide manual review, and delete. Admin users can also search and export Process Instances |
| For Review | Full search and view access | Search, export, and delete Process Instances in the Review status |
| Cloud Functions | Full search and view access | Full create, update status, and delete access |
| Cloud Secrets | Full search and view access | Full create, edit, and delete access. |
| API Keys | Full search and view access | Full create, edit, and delete access |
| Themes | Full search and view access | Full create, edit, and delete access |
| Custom Forms | Full search and view access | Full create, edit, and delete access |
| Custom Pages | Full search and view access | Full create, edit, and delete access |
| Email Templates | Full search and view access | Full create, edit, and delete access |
| Webhooks | Full search and view access | Full create and test access |
| Watchlists | Full search and view access | Full create, edit, and delete access |
| OIDC Audits | Full search and view access | |
| OIDC Clients | Full search and view access | Full create, edit, and delete access |
| OIDC Tests | Full search and view access | Full create, test, and delete access |
| Admin Sessions | Full search and view access | |
| Audits | Full search and view access |
Audit Role
The Audit role grants viewer access to all areas of the Backoffice application. This role can also search and export Process Instance search results. A complete list of permissions can be viewed below.
| Page/ Functionality | View Access | Create/ Edit/ Delete |
|---|---|---|
| Process Definitions | Full search and view access | No access |
| Process Tokens | Full search and view access | No access |
| Statistics | Full search and view access | |
| Process Instances | Full search and view access | Search and export of Process Instance search results |
| For Review | Full search and view access | No access |
| Cloud Functions | Full search and view access | No access |
| Cloud Secrets | Full search and view access | No access |
| API Keys | Full search and view access | No access |
| Themes | Full search and view access | No access |
| Custom Forms | Full search and view access | No access |
| Custom Pages | Full search and view access | No access |
| Email Templates | Full search and view access | No access |
| Webhooks | Full search and view access | No access |
| Watchlists | Full search and view access | No access |
| OIDC Audits | Full search and view access | |
| OIDC Clients | Full search and view access | No access |
| OIDC Tests | Full search and view access | No access |
| Admin Sessions | Full search and view access | |
| Audits | Full search and view access |
Reviewer Role
The Reviewer role is designed to provide limited access to the Backoffice application for users to review the status of Process Instances and act on Process Instances that require a manual review. For more information on manual review, see the Manual Review Guide.
| Page/ Functionality | View Access | Create/ Edit/ Delete |
|---|---|---|
| Process Definitions | No access | No access |
| Process Tokens | No access | No access |
| Statistics | No access | |
| Process Instances | Full search and view access | Search and export of Process Instance search results |
| For Review | Full search and view access | Search, export, and delete Process Instances in the Review status |
| Cloud Functions | No access | No access |
| Cloud Secrets | No access | No access |
| API Keys | No access | No access |
| Themes | No access | No access |
| Custom Forms | No access | No access |
| Custom Pages | No access | No access |
| Email Templates | No access | No access |
| Webhooks | No access | No access |
| Watchlists | No access | No access |
| OIDC Audits | No access | |
| OIDC Clients | No access | No access |
| OIDC Tests | No access | No access |
| Admin Sessions | No access | |
| Audits | No access |
Reviewer with Watchlists
This role is a composite of the Reviewer Role that includes permissions to view and modify watchlist members.
| Page/ Functionality | View Access | Create/ Edit/ Delete |
|---|---|---|
| Process Definitions | No access | No access |
| Process Tokens | No access | No access |
| Statistics | No access | |
| Process Instances | Full search and view access | Search and export of Process Instance search results |
| For Review | Full search and view access | Search, export, and delete Process Instances in the Review status |
| Cloud Functions | No access | No access |
| Cloud Secrets | No access | No access |
| API Keys | No access | No access |
| Themes | No access | No access |
| Custom Forms | No access | No access |
| Custom Pages | No access | No access |
| Email Templates | No access | No access |
| Webhooks | No access | No access |
| Watchlists | Full search and view access | Ability to add and delete members from an existing Watchlist. |
| OIDC Audits | No access | |
| OIDC Clients | No access | No access |
| OIDC Tests | No access | No access |
| Admin Sessions | No access | |
| Audits | No access |