System Roles FAQ

Find the answers to Frequently Asked Questions (FAQ) about System Roles.

  1. Can a user with ROLE_ADMIN_CUSTOMER manage user accounts through the User Management application in Console?

    Yes. Through this role, a customer administrator is granted access to manage user accounts.

  2. Can a user with ROLE_ADMIN_TENANT manage user accounts through the User Management application in Console?

    The ROLE_ADMIN_TENANT role has access to manage the tenant.The ROLE_ADMIN_CUSTOMER and ROLE_ADMIN_USER roles can manage user accounts, role definition, and user groups defined within a customer scope.

  3. What is the relationship between ROLE_ADMIN_CUSTOMER and ROLE_ADMIN_TENANT roles?

    The ROLE_ADMIN_CUSTOMER is a role that provides access at the customer level, whereas, the ROLE_ADMIN_TENANT role provides access at the tenant level. If User A has the ROLE_ADMIN_CUSTOMER role, he would automatically get the ROLE_ADMIN_TENANT role for all the tenants of that customer.

  4. What happens when the ROLE_ADMIN_TENANT role is removed for a user who has the ROLE_ADMIN_CUSTOMER role?

    When a user has the more powerful role (Customer administrator), removing that user's tenant administrator role specifically for a tenant will not have any effect. To provide such a user with tenant administrator access to specific tenants only, you must first remove the customer administrator role and then, provide the tenant administrator role for specific tenants.

  5. How can I allow the Tenant Administrator to be able to manage user accounts?

    You can grant the ROLE_ADMIN_USER role in addition to the ROLE_ADMIN_TENANT to the Tenant Administrator. The user will then be a tenant administrator and a user account administrator.

  6. Is there a System role that must be definitely granted to the users?

    Yes, all the users must be granted the ROLE_API System role.

  7. What access does the ROLE_ADMIN_USER provide?

    The ROLE_ADMIN_USER role allows an operator to manage user accounts belonging to a customer. This means that the operator can see ALL the user accounts that exist for a specified customer.

  8. Can you summarize the roles that must be granted to a user account for different functions?
    For administration of all tenant data and user access rights of all the tenants in the scope of a customer, you need the following roles:
    • ROLE_ADMIN_CUSTOMER
    • ROLE_API
    For administration of tenant data for specified tenants of a customer (without the access to user account management), you need the following roles:
    • ROLE_ADMIN_TENANT
    • ROLE_API
    For administration of user accounts of a customer, you need only the ROLE_ADMIN_USER role.
  9. How do I grant the ROLE_ADMIN_USER role to a user?
    You can use the User Management application in Console to grant this role to the users.
    • Log in to the User Management application in Console.
    • Select Users from the side menu.
    • Select the user and click "+" on the Roles tab to add a new role grant for ROLE_ADMIN_USER role.
    To work with the User Management application in Console, see the User Management application.
  10. Can I duplicate a system role? Will I get all the rights and privileges that are associated with it?

    Yes, you can duplicate a system role. By duplicating a system role, you can create a new customer-specific role. This new role would include everything except a few restricted privileges associated with the system role. If you need these privileges for the new role, contact Reltio Customer Support.