This article describes account permissions for users and integrations. There are three types of user accounts in the Celigo platform: account owner, administrators, and users (with different access levels).
-
Account owner: The account owner has full access to the account. The account owner can create non-production environments if it's a part of the subscription plan. The owner can invite other integrator.io users to integrations and configure their permissions to view or change integrator.io components. Sharing the account allows other team members to contribute to managing and monitoring your integrations.
-
Admin: Admins have all the same permissions that an account owner has to modify user roles, but an admin can’t alter the permissions of the account owner or transfer ownership of the account to another user. The administrator can invite other integrator.io users to their integration environment and configure their permissions to view or change integrator.io components. Admins can create new admins, delete users from an account, and change their own permissions.
Note
When an owner or admin enables the Invitations feature in an account, non-admins can invite users to an integration with only monitor permission to assign errors and collaboratively fix them. This feature is enabled, by default, in new accounts.
-
User: Users can access an account owner’s integrations, but access levels are defined as Manage-all, Monitor-all, or Custom by the account owner or an admin. To better understand access levels, see account-level and integration-level access.
For information on transferring ownership, see Transfer account ownership; and, for transferring integrations to another account, see Transfer an integration to another account.
You can invite only those users who meet certain requirements that allow them to be eligible to accept an invitation to another account. The following table explains those conditions.
|
Is this user an account owner? |
License |
Does this user have integrations in their current account? |
Have other users accepted invitations to join this user's account? |
Is this user eligible to receive and accept an invitation to another account? |
|
Yes |
Free |
No |
No |
Yes |
|
No |
Free |
No |
No |
Yes |
|
Yes |
Free |
Yes |
Yes |
No |
|
Yes |
Free |
Yes |
No |
No |
|
Yes |
Free |
No |
Yes |
No |
|
Yes |
Licensed |
No |
No |
No |
|
Yes |
Licensed |
Yes |
Yes |
No |
|
Yes |
Licensed |
No |
Yes |
No |
|
Yes |
Licensed |
Yes |
No |
No |
If you accept an invitation to join another account owner’s environment, you become a user and not an account owner. The account owner or an environment administrator can grant you manage or monitor permissions to work on integrations.
You can assign a user with one of four permission types: admin, manage, monitor, and custom.
-
Admin: Admin permissions allow a user to perform all tasks available to an account owner except changing account owner permissions or switching account ownership to another user. This includes:
-
editing account settings
-
editing all resources and integrations (current and future)
-
inviting or managing users
-
troubleshooting flow errors
-
-
Manage: Manage permissions allow users to change fundamental settings related to all integrations in an account. A user with monitor permissions can't view or edit account settings, invite users, or change permissions for users, but a user with manage permissions can:
-
Edit all resources and integrations (current and future)
-
Troubleshoot flow errors
-
-
Monitor: A user with monitor permissions can only view settings that can be changed by a user with manage permissions. A user with monitor permissions can't modify integrations, flows, or flow steps; they can't enable or disable flows; view or modify account settings, connections, or API tokens. Monitors also can't invite users or change user permissions. However, a user with monitor permissions can:
-
View all integrations (current and future)
-
Run flows
-
Retry and resolve errors and edit retry data
-
-
Custom: A user with custom permissions can have some hybrid of both manage and monitor access to specific integrations. An account owner or admin can vary the user's manage or monitor permission settings from integration to integration. This role is ideal for users who should not see all integrations in an account, but need some level of monitor or manage access over selected integrations, (contractors for example). A user with custom permissions can:
-
Manage only the integration(s) selected by the admin or account owner
-
Monitor only the integration(s) selected by the admin or account owner
-
Monitor all current and future integrations and manage only integration(s) selected by the admin or account owner
Note
If a user with custom permissions has both manage and monitor access over a specific integration, manage permissions will be applied.
-
You can assign these permissions to a user at the account level or the integration level. For a detailed list of options available for either permission type, see Account access level matrix or Integration access level matrix.
You can grant manage or monitor permissions at the account-level or the integration-level:
-
Account-level: The manage or monitor permissions apply to all current and future integrations in the account.
-
Integration-level: The manage or monitor permissions only apply to integrations chosen by the account owner.
The following diagram represents a typical architecture for user and integration management in integrator.io.
In the above diagram, the account owner has assigned permissions to five users:
-
User 1: Has manage permissions over all integrations in the account.
-
Users 2 and 3: Have monitor permissions over all integrations in the account.
-
User 4: Has custom permissions and can only monitor one or more specific integrations selected by the account owner or an admin.
-
User 5: Has custom permissions and can only manage one or more specific integrations selected by the account owner or an admin.
The diagram below illustrates the default availability of the integration-level permissions when you assign account level permissions to an integrator.io user.
Notice
If you assign monitor permissions to a user, the user will be able monitor all integrations in the account. However, if you want the user to manage a specific integration, you can assign the manage permission to the user for that specific integration.
In the above diagram, each user’s permissions are configured as follows:
-
User 1: Account-level monitor: Has monitor permissions for all integrations in the account. This user has no limits on integration monitor permissions, but the account owner can grant this user integration-level manage permissions for specific integrations.
-
User 2: Account-level manager: Has both manage and monitor permissions for all integrations in the account. This user has no limits on integration-level monitor and manager permissions.
-
User 3: Integration-level monitor: Has monitor permissions for one or more integrations as granted by the account owner, but the account owner can grant this user integration-level manager permissions for specific integrations.
-
User 4: Integration-level manager: Has both manager and monitor permissions for one or more integrations as granted by the account owner.
An account owner or admin can use the following steps to assign permissions to a new user:
-
Click the avatar icon in the upper right corner of integrator.io.
-
Click My Account (or My Profile if you are an admin).
-
Click the Users tab.
-
Click +Invite User in the upper right.
-
Enter the user's email, and select one of the following options from the Roles & permissions section:
Note
You can assign duplicate permissions to multiple users at once by entering each of their email addresses separated by commas in the Email field.
-
Admin: The user has all the same permissions as an account owner, but can't transfer account ownership.
-
Manage all: The user can view and modify all integrations in the account.
-
Monitor all: The user can only view all integrations in the account.
-
Custom: The account owner selects which integrations the user can view or modify. If you select this option, the Monitor integrations and Manage integrations drop-down menus allow you to select the integrations the user can manage or monitor.
-
-
Security: You can additionally require either single sign-on (SSO) or multifactor authentication (MFA) with the toggles in the Security section.
Use the following steps to see the permissions settings for users of your account:
-
Click the avatar icon in the upper right corner of integrator.io.
-
Click My Account (or My Profile if you are an admin).
-
Click the Users tab.
-
The Role column displays one of the following permissions:
-
Owner: the account owner
-
Admin: has admin permissions for the account
-
Monitor all: can monitor all integrations in the account
-
Manage all: can manage all integrations in the account
-
Custom: has manage or monitor permissions for only the integrations selected by the account owner or an admin
-
Use the following steps to modify permissions for an existing user:
-
Click the avatar icon in the upper right corner of integrator.io.
-
Click My Account (or My Profile if you are an admin).
-
Click the Users tab.
-
Click the elipses (...) in the Actions column next to the user whose permissions you want to change, and click Manage user.
Note
If you are an admin, you will not see the Make account owner option.
-
Select one of the following options from the Roles & permissions section:
-
Admin: The user has all the same permissions as an account owner, but can't transfer account ownership.
-
Manage all: The user can view and modify all integrations in the account.
-
Monitor all: The user can only view all integrations in the account.
-
Custom: The account owner selects which integrations the user can view or modify. If you select this option, the Monitor integrations and Manage integrations drop-down menus allow you to select the integrations the user can manage or monitor.
-
To verify that you are an account owner, click the avatar icon in the upper right corner of integrator.io.
You can verify your permission level for any integration by hovering over the key icon.