This article describes account or integration permissions for users. There are three types of user roles in the Celigo platform: account owner, administrators, and users (with different access levels).
|
Account |
Description |
Roles & permissions |
|---|---|---|
|
Account owner |
The account owner has full access to the account. The account owner can create non-production environments if it's a part of the subscription plan. The owner can invite other integrator.io users to integrations and configure their permissions to view or change integrator.io components. Sharing the account allows other team members to contribute to managing and monitoring your integrations. |
Account owner has all permissions and full access to all environments in the account. |
|
Admin |
Admins in the production environment have all the same permissions that an account owner has to modify user roles, but an admin can’t alter the permissions of the account owner or transfer ownership of the account to another user. The administrator can invite other integrator.io users to their integration environment and configure their permissions to view or change integrator.io components. Admins can create new admins, delete users from an account, and change their own permissions. |
Admin permissions allow a user to perform all tasks available to an account owner except changing account owner permissions or switching account ownership to another user. This includes:
|
|
User |
Users can access an account owner’s integrations, but access levels are defined as Manage all, Monitor all, or Custom by the account owner or an admin. To better understand access levels, see account-level and integration-level access. |
Manage all permissions allow users to change fundamental settings related to all integrations in an account. A user with manage permissions can't view or edit account settings, but a user with manage permissions can:
|
|
Monitor all permissions allow view-only access all integrations of an account. A user with monitor permissions can’t modify integrations, flows, or flow steps; enable or disable flows; view or modify account settings, connections, or API tokens. However, a user with monitor permissions can:
|
||
|
Custom permissions can have some hybrid of both manage and monitor access (listed above) to only specific integrations. An account owner or admin can vary the user's manage or monitor permission settings from integration to integration. This role is ideal for users who should not see all integrations in an account, but need some level of monitor or manage access over selected integrations, (contractors for example). A user with custom permissions can:
NoteIf a user with custom permissions has both manage and monitor access to the same integration, manage permissions will be applied. |
For information on transferring ownership, see Transfer account ownership; and, for transferring integrations to another account, see Transfer an integration to another account.
The following table explains the granular permissions that users have when you assign them one of four user roles: admin, manage all, monitor all, and custom (monitor and/or manage specific integrations).
|
Integration resources & others |
Account owner or administrator permissions |
Manage all (account-level)/ Manage (integration level) |
Monitor all (account-level) / Monitor (integration level) |
|---|---|---|---|
|
Connections |
Create, view, modify, delete |
Create, view, modify, delete |
View |
|
Exports |
Create, view, modify, delete |
Create, view, modify, delete |
View |
|
Imports |
Create, view, modify, delete |
Create, view, modify, delete |
View |
|
Flows |
Create, view, modify, delete |
Create, view, modify, delete |
View (unless given Allow integration workspace creation permissions) |
|
Flow groups |
Create, view, modify (assign or remove flows), delete |
Create, view, modify (assign or remove flows), delete |
View |
|
Lookup caches |
Create, view, modify, delete, purge |
Create, view, modify, delete, purge |
View |
|
Async helpers |
Create, view, modify, delete |
Create, view, modify, delete |
View |
|
Custom integrations |
Create, view, modify, delete |
Create, view, modify, delete |
View |
|
Integration Apps and templates |
Install (Account owner only), view, modify, delete |
View, modify |
View |
|
Stacks |
Create, view, modify, delete |
Create, view, modify, delete |
View |
|
Tokens |
Create, view, modify, delete |
N/A |
N/A |
|
Users |
Create, view, modify, delete (can also grant non-admins Invitations, Celigo Support access permissions) |
Create, view, modify – when Invitations, Celigo Support access permissions are granted |
Create, view– when Invitations, Celigo Support access permissions are granted |
|
Recycle bin |
Create, view, modify, delete |
Create, view, modify, delete |
View |
|
Jobs |
View |
View |
View |
|
Revisions |
Create, view |
Create, view |
View |
You can grant manage or monitor permissions at the account-level or the integration-level:
-
Account-level: The manage or monitor permissions (that is, manage all or monitor all) apply to all current and future integrations in the account.
-
Integration-level: The manage or monitor permissions only apply to integrations chosen by the account owner.
The following diagram represents a typical architecture for user and integration management in integrator.io.
In the above diagram, the account owner has assigned permissions to five users:
-
User 1: Has manage permissions over all integrations in the account.
-
Users 2 and 3: Have monitor permissions over all integrations in the account.
-
User 4: Has custom permissions and can only monitor one or more specific integrations selected by the account owner or an admin.
-
User 5: Has custom permissions and can only manage one or more specific integrations selected by the account owner or an admin.
The diagram below illustrates the default availability of the integration-level permissions when you assign account level permissions to an integrator.io user.
Notice
If you assign monitor all permissions to a user, the user will be able monitor all integrations in the account. However, if you want the user to manage a specific integration, you can assign the manage permission to the user for that specific integration.
In the above diagram, each user’s permissions are configured as follows:
-
User 1: Account-level monitor: Has monitor permissions for all integrations in the account. This user has no limits on integration monitor permissions, but the account owner can grant this user integration-level manage permissions for specific integrations.
-
User 2: Account-level manager: Has both manage and monitor permissions for all integrations in the account. This user has no limits on integration-level monitor and manager permissions.
-
User 3: Integration-level monitor: Has monitor permissions for one or more integrations as granted by the account owner, but the account owner can grant this user integration-level manager permissions for specific integrations.
-
User 4: Integration-level manager: Has both manager and monitor permissions for one or more integrations as granted by the account owner.
You can invite only those users who meet certain requirements that allow them to be eligible to accept an invitation to another account. The following table explains those conditions.
|
Is this user an account owner? |
License |
Does this user have integrations in their current account? |
Have other users accepted invitations to join this user's account? |
Is this user eligible to receive and accept an invitation to another account? |
|
Yes |
Free |
No |
No |
Yes |
|
No |
Free |
No |
No |
Yes |
|
Yes |
Free |
Yes |
Yes |
No |
|
Yes |
Free |
Yes |
No |
No |
|
Yes |
Free |
No |
Yes |
No |
|
Yes |
Licensed |
No |
No |
No |
|
Yes |
Licensed |
Yes |
Yes |
No |
|
Yes |
Licensed |
No |
Yes |
No |
|
Yes |
Licensed |
Yes |
No |
No |
If you accept an invitation to join another account owner’s environment, you become a user and not an account owner. The account owner or an environment administrator can grant you manage or monitor permissions to work on integrations.
An account owner or admin can use the following steps to assign permissions to a new user:
-
Open the avatar at the top right of any page in the platform.
-
Click My account (or My profile if you are an admin).
-
Click the Users tab.
-
Click + Invite user at the upper right.
-
Enter the user’s email address, and select one of the following options for Roles & permissions:
Note
You can assign duplicate permissions to multiple users at once by entering each of their email addresses separated by commas.
-
Admin: The user has all the same permissions as an account owner, but can't transfer account ownership.
-
Manage all: The user can view and modify all integrations in the account.
-
Monitor all: The user can only view all integrations in the account.
-
Custom: The account owner selects which integrations the user can view or modify. If you select this option, the Monitor integrations and Manage integrations lists allow you to select the integrations the user can manage or monitor.
Note
If you select Monitor all or Custom monitor integration permission, you can enable (default) or disable the Users can edit retry data option.
-
-
Security: You can additionally require either single sign-on (SSO) or multifactor authentication (MFA) with the toggles in the Security section. (MFA is necessary for anyone signing in with a username and password; additionally, you can require it after SSO, if internal policies require both.)
Note
-
If an admin grants invitations permission to non-admins (users with monitor or manage roles), then non-admins can invite other users to integrations.
-
If an admin grants Celigo Support access to non-admins, then non-admins can invite Celigo Support to integrations.
Use the following steps to see the permissions settings for users of your account:
-
Open the avatar at the top right of the platform, and click My account (or My profile if you are an admin).
-
Click the Users tab.
-
The Role column displays one of the following permissions:
-
Owner: the account owner
-
Admin: has admin permissions for the account
-
Monitor all: can monitor all integrations in the account
-
Manage all: can manage all integrations in the account
-
Custom: has manage or monitor permissions for only the integrations selected by the account owner or an admin
-
Use the following steps to modify permissions for an existing user:
-
Open the avatar at the top right of the platform, and click My account (or My profile if you are an admin).
-
Click the Users tab.
-
Open the Actions overflow (...) menu next to the user whose permissions you want to change, and select Manage user.
Note
If you are an admin, you will not see the Make account owner option.
-
Select one of the following options for Roles & permissions:
-
Admin: The user has all the same permissions as an account owner, but can't transfer account ownership.
-
Manage all: The user can view and modify all integrations in the account.
-
Monitor all: The user can only view all integrations in the account.
-
Custom: The account owner selects which integrations the user can view or modify. If you select this option, the Monitor integrations and Manage integrations lists allow you to select the integrations the user can manage or monitor.
-
To verify that you are an account owner, click the avatar at the upper right of the platform.
You can verify your permission level for any integration by hovering over the key icon (list view shown).