Understanding System Permissions
System permissions control a user’s ability to perform key administrative and functional actions across the platform. Assigned at the role level, these permissions define access to critical system-wide features such as user management, platform configuration, and role administration.
Unlike application permissions, which govern access to specific records, workflows, and entity-level actions, system permissions oversee higher-level administrative capabilities that affect the entire environment.
Administrators use these permissions to ensure users have the access needed to perform their responsibilities—while preserving platform security and operational integrity. To maintain administrative control, roles with system permissions cannot be assigned to guest users.
Standard System Roles
To simplify access management and promote consistency, the platform includes standard system roles designed to cover the most common administrative use cases:
-
Administrator – Grants full access to manage:
-
Users
-
Groups
-
Roles
-
Hierarchies
-
-
Designer – Grants access to:
-
Application and system configuration (e.g., entities, views, workflows)
-
Setup and design functions
-
-
User – Provides access to:
-
Dashboards
-
Reporting
-
Record-level interactions
-
These roles have been carefully crafted to provide complete and secure access to the relevant areas of the platform. Whenever possible, you should assign these predefined roles rather than creating new roles with custom system permissions.
Custom roles with system permissions should only be created on a case-by-case basis, where specific access needs cannot be met by the standard roles. Remember, roles can be combined and assigned to users via groups, providing flexible access without compromising control or creating permission sprawl.
Assigning System Permissions to Roles
A Role can optionally have one or more system permissions assigned. These permissions control access to system-level functionality and are managed exclusively by users with the appropriate administrative rights.
Important: Roles with system permissions cannot be assigned to guest users.
Available System Permissions
The following is a complete list of available system permissions that can be assigned to a role:
- Option Lists: Create, Read, Update, Delete
- Applications: Create, Read, Update, Delete, Install
- Records: Create, Read, Update, Delete
- Reports: Create, Read, Update, Delete
- Users: Create, Read, Update, Delete
- Views: Create, Read, Update, Delete
- Tenant: Create, Read, Update, Delete, Grant
- Question: Create, Read, Update, Delete
- Role: Create, Read, Update, Delete
- Group: Create, Read, Update, Delete
- Notification: Create, Read, Update, Delete
- Entity: Create, Read, Update, Delete
- Dashboard: Create, Read, Update, Delete
- Sandbox: Read, Update
- Workflow: Read, Update
- Hierarchy: Create, Read, Update, Delete
Modifying System Permissions for a Role
To modify a role’s system permissions, you must already hold the appropriate administrative permission. Follow these steps:
- Open the User Management screen from the hamburger menu.
- Navigate to the Roles tab in the table.
- Select the role you want to edit by clicking the navigation icon next to its name.
- Scroll down to the System Permissions section.
- Adjust the permissions as needed. All changes will be saved automatically.