Privileges are the highest level of security rules and allow the authorized user groups to view and modify system settings, the domain model, and the security model.


Only administrator user groups should work with privileges.

The following table details the available privileges.

PrivilegeAllows users to...
ClearCachesClear the caches.
CreateDatasourcesCreate option lists.
CreateEntityDefinitionsCreate entity definitions.
CreateRootBlocksCreate project block entities.
CreateSystemOwnedEntitiesCreate system-owned entities.
CreateTaxonomyDefinitionsCreate taxonomy definitions.
DeleteAgentsDelete processing agents.
DeleteDatasourcesDelete option lists.
DeleteEntityDefinitionsDelete non system-owned entity definitions.
EnableStateMachineEnable a state machine.
ExportExcelExport metadata from any content entities when the action is configured on a search component.
GenerateOAuthTokenRefresh the OAuth token of an identity provider.
ImpersonateImpersonate other users.
ManageAuthenticationTokensManage the API authentication tokens of all users.
ManageRolesAllocate roles to users on programs and projects.
ModifyDatasourcesModify option lists.
ModifyEntityDefinitionsModify non system-owned entity definitions, member groups and members.
ModifyPoliciesModify user group policies and privileges.
ModifySettingsModify non system-owned settings.
ModifySystemOwnedDatasourcesModify system-owned option lists.
ModifySystemOwnedDefinitionsModify system-owned definitions.
ModifySystemOwnedEntitiesModify system-owned entities.
ModifySystemOwnedMemberDefinitionsModify system-owned member definitions.
ModifySystemOwnedMemberGroupsModify system-owned member groups.
ModifySystemOwnedPolicyRulesModify system-owned policy rules.
ModifyTaxonomyDefinitionsExtend taxonomy definitions with additional properties and relations.
MonitorAgentsMonitor processing agents activities.
MonitorSystemStatusMonitor system status.
PublishCollectionCreate public collections.
ReadAuditRead and download business and user audit logs on the user management page. ReadAudit is required for ViewFileHistory and ViewDataHistory permissions to work.
ReadPoliciesRead the policies.
RefreshAgentsRefresh processing agents.
ResetUserPasswordReset the password of any user.
SearchUsageRightsFilter usage rights on a search component.
SendConfirmationEmailSend users an email to confirm their registration.
SendNotificationsSend notifications from an external system to all users within the system.
SetUserPasswordSet a new user password for any user within the system.
TransitionAllStateflowsTransition to the previous or next state regardless of state flow configuration of the assigned user or user group.

Can we improve this article ? Provide feedback