Built-in permission sets

Tonic Structural comes with a set of built-in global and workspace permission sets. You cannot edit or delete the built-in permission sets.

When a new permission is added to Structural, it is also added to the appropriate built-in permission sets.

Built-in global permission sets

Structural comes with the following built-in global permission sets:

  • Admin - For self-hosted only. Provides complete access to all global permissions. The Admin permission set automatically receives any new global permissions.

  • Admin (Environment) - For self-hosted only. Identical to the Admin permission set. Only assigned to users and groups listed in the value of the environment variable TONIC_ADMINISTRATORS.

  • General User - Allows users to create workspaces. Also allows them to see other users in the organization, which is needed for workspace sharing and transfer, and to configure access to global permission sets. By default, the General User permission set is assigned to all Structural users and SSO groups.

  • Account Admin - For Structural Cloud only. An Account Admin is associated with a Structural Cloud organization. An Account Admin can remove and reset user passwords for the users in the organization. They can also manage access to any workspace for the organization, and download the usage report.

For information on the assigned global permissions for the built-in global permission sets, go to Available global permissions.

Built-in workspace permission sets

Structural comes with the following built-in workspace permission sets:

  • Manager - Provides complete access to all workspace permissions. The Manager permission set automatically receives all new workspace permissions. For instances with a Basic license, this is the only workspace permission set. By default, the Manager workspace permission set is assigned to workspace owners.

  • Editor - Requires a Professional or Enterprise license. An editor can view and update nearly every aspect of a workspace. The Editor permission set automatically receives appropriate new workspace permissions. They cannot rename or delete the workspace, change the connection information, or copy the workspace.

  • Auditor - Requires an Enterprise license. An auditor can view the workspace configuration, but cannot make any changes at all to it.

  • Viewer - Requires an Enterprise license. Similar to an auditor, a viewer can view but not edit the workspace configuration. However, they are further restricted in that they cannot:

    • View any of the data

    • View the Protection Audit Trail

    • Download the Privacy Report

    • Download job logs

For information on the assigned workspace permissions for the built-in workspace permission sets, go to Available workspace permissions.

Last updated