Roles
Roles define the access and action permissions that Users can perform in UDMG. Users can perform all functions permitted by their assigned Role, which defines their system access boundaries.
Each User must be assigned exactly one predefined Role. Custom roles and granular permission management are not available. See the List of Roles for details on each Role.
Assigning Roles
Users are assigned a Role upon creation. Admins can also change a User's Role by editing the User record. See Adding a User and Editing a User for more information.
List of Roles
The following table summarizes the available Roles. For a full list of permissions for each Role, see Role Details.
System Administrators and Domain Administrators both have administrative permissions within their Domain. For simplicity, both Roles are often referred to collectively as “Admins” throughout the docs.
| Name | Description |
|---|---|
| System Administrator | Manages global settings and creates new Domains. Exercises complete configuration and management control within the Primary Domain. The System Admin Role includes all permissions of the Domain Administrator for the Primary Domain. info This Role is only available to Users in the Primary Domain. |
| Domain Administrator | Exercises complete configuration and management control within a specific Domain. |
| Operator | Monitors Transfers, troubleshoots issues, and performs limited operational actions such as enabling or disabling Configuration Items. |
| Pipeline Management | Configures core Configuration Items (Accounts, Account Groups, Endpoints, and Pipelines) to facilitate file transfers within the Domain. |
| Read-only | Views all Configuration Items within the Domain without modification rights. info This Role is automatically given to all LDAP-created Users. |
Role Details
This table shows a full list of permissions for each Role, including all the Configuration Items each Role can Read/Write/Delete and Enable/Disable.
Key
- R: Read
- C: Create
- U: Update
- D: Delete
- E/D: Enable/Disable/Test
- S/S: Start/Stop
- V: Reveal (for credentials)
- All: All applicable permissions (R, C, U, D, E/D, S/S, V)
- Implicit: Session management is not controlled via direct role based permissions. Session information is only accessible via the API.
| Scope | Read-only | Operator | Pipeline Management | Domain Admin | System Admin |
|---|---|---|---|---|---|
| Transfers | R | R | R | All | All |
| Accounts | R | R, E/D | All | All | All |
| Account Groups | R | R | All | All | All |
| Endpoints | R | R, S/S | All | All | All |
| Pipelines | R | R, E/D | All | All | All |
| Credentials | R | R, E/D, V | All | All | All |
| Users | R | R | - | All | All |
| Domain - Banner | - | R | R | All | All |
| Domain - User and Account LDAP | - | R, E/D | - | All | All |
| Domain - SSO | - | R, E/D | - | All | All |
| Domain - IP Filtering - Endpoints | - | R, E/D | All | All | All |
| Domain - ICAP Scanning | - | R, E/D | - | All | All |
| Settings | - | - | - | All | All |
| Sessions | - | - | - | Implicit | Implicit |
| Cluster | - | - | - | - | All |