Permissions Available in Anypoint Platform

Anypoint Platform has a variety of permissions that control user access to various areas of Anypoint Platform. Each product owns its own permissions, but you can assign most of the permissions to teams and individual users. You can assign other permissions in their respective product interfaces.

Some products require permissions from other products to use them properly. For example, Anypoint Monitoring requires users to have certain Runtime Manager permissions in addition to Anypoint Monitoring-related permissions. See each product’s documentation to determine which permissions your users need and how to set them.

Depending on your organization, its licensing, and its entitlements, you might not see all of these permissions during configuration.

Access Management

Required Permissions	Grants the Ability to	Notes
Organization Administrator	At the root organization level, perform most Anypoint Platform tasks, including but not limited to secrets management, network administration, and other view, modify, execute, and delete permissions. Access the Organization Administration page. Add and manage users and permissions, view and edit organization details, access API Manager > Client Applications, access the client ID and client secret for the organization, and customize the theme of the Developer Portal. Edit all versions of all APIs, all registered applications, and all API Portals in Anypoint Platform.	For security reasons, MuleSoft recommends distributing this permission to as few users as possible.
Audit Log Config Manager	Configure the retention period for audit logs across the organization.	Apply this permission at the root organization level. This permission appears only if the organization has the modern UI enabled in access management.
Audit Log Viewer	View audit logs in Access Management.

Required Permissions

Grants the Ability to

Notes

Organization Administrator

At the root organization level, perform most Anypoint Platform tasks, including but not limited to secrets management, network administration, and other view, modify, execute, and delete permissions.

Access the Organization Administration page. Add and manage users and permissions, view and edit organization details, access API Manager > Client Applications, access the client ID and client secret for the organization, and customize the theme of the Developer Portal.

Edit all versions of all APIs, all registered applications, and all API Portals in Anypoint Platform.

For security reasons, MuleSoft recommends distributing this permission to as few users as possible.

Audit Log Config Manager

Configure the retention period for audit logs across the organization.

Apply this permission at the root organization level.

This permission appears only if the organization has the modern UI enabled in access management.

Audit Log Viewer

View audit logs in Access Management.

Anypoint Code Builder

Required Permissions	Grants the Ability to	Notes
Anypoint Code Builder Developer	Create and use cloud IDE instances of Anypoint Code Builder.	This permission does not apply to Anypoint Code Builder for Desktop.
Mule Developer Generative AI User	Use natural language prompts to develop and generate flows using the Einstein for Anypoint Code Builder Generative Flows feature.

Required Permissions

Grants the Ability to

Notes

Anypoint Code Builder Developer

Create and use cloud IDE instances of Anypoint Code Builder.

This permission does not apply to Anypoint Code Builder for Desktop.

Mule Developer Generative AI User

Use natural language prompts to develop and generate flows using the Einstein for Anypoint Code Builder Generative Flows feature.

API Catalog

Required Permissions	Grants the Ability to	Notes
API Catalog Contributor	Catalog assets and other resources using API Catalog.

Required Permissions

Grants the Ability to

Notes

API Catalog Contributor

Catalog assets and other resources using API Catalog.

API Experience Hub

Required Permissions	Grants the Ability to	Notes
API Experience Hub Admin	View, create, modify, and delete content in API Experience Hub.
API Experience Hub Community User	View, but not modify content in API Experience Hub.

Required Permissions

Grants the Ability to

Notes

API Experience Hub Admin

View, create, modify, and delete content in API Experience Hub.

API Experience Hub Community User

View, but not modify content in API Experience Hub.

API Governance

Required Permissions	Grants the Ability to	Notes
Governance Administrator	Manage profiles and view reports.
Governance Viewer	View reports.

Required Permissions

Grants the Ability to

Notes

Governance Administrator

Manage profiles and view reports.

Governance Viewer

View reports.

API Manager

Depending on your organization, you might see one of these sets of permissions available for API Manager.

Table 1. Post-Crowd
Required Permissions	Grants the Ability to	Notes
API Manager Environment Administrator	View, create, modify, and delete APIs in the specified environment.	Users can also execute any actions related to API configurations, groups, proxies, alerts, contracts, tiers, policies, automated policies, and other settings in the specified API Manager environment.
API Group Administrator	View, create, modify, deprecate, and delete API groups and API group instances in the specified environment.
Deploy API Proxies	Deploy API proxies in the specified environment.
Manage API Alerts	View, create, modify, and delete API alerts in the specified environment.
Manage APIs Configuration	View and modify API configurations in the specified environment.
Manage Client Applications	Create and manage client applications in the root organization.	Users with this permission can view and modify application credentials and can add and remove client owners.
Manage Contracts	View, accept, reject, and delete contracts and tiers in the specified environment.
Manage Policies	View, create, modify, and delete API policies in the specified environment.
View API Alerts	View the API alerts in the specified environment.
View APIs Configuration	View API configurations in the specified environment.
View Client Applications	View client applications in the root organization.	Users with this credential can’t view application secrets and can’t modify applications.
View Contracts	View contracts and tiers in the specified environment.
View Policies	View API policies in the specified environment.

Table 2. Pre-Crowd
Required Permissions	Grants the Ability to	Notes
API Creator	Create an API in the specified environment.
API Versions Owner	View, modify, delete, and deprecate all API versions in the specified business group.
Portals Viewer	View all portals in the specified business group.

Data Gateway

Required Permissions	Grants the Ability to	Notes
Data Gateway Administrator	Full access to Data Gateway Designer.
Data Gateway Viewer	Read-only access to Data Gateway Designer.

Required Permissions

Grants the Ability to

Notes

Data Gateway Administrator

Full access to Data Gateway Designer.

Data Gateway Viewer

Read-only access to Data Gateway Designer.

DataGraph

Required Permissions	Grants the Ability to	Notes
Contribute	Add source APIs to the unified schema. Edit any source API schema added to the unified schema. Request access to run queries. Promote API schemas to an environment. View query traces in real-time while running queries from the UI. Download a copy of the unified schema from the query editor.
Consume	View and explore the unified schema. Request access to run queries and make data requests from the UI. Download a copy of the unified schema from the query editor.
Operate	View customer-facing logs. Set a dedicated load balancer URL for Anypoint Datagraph.
DataGraph Admin	Contribute, consume, and operate the unified schema. View usage metrics.
DataGraph Project - Contributor	Add source APIs to the unified schema. Edit any source API schema added to the unified schema. Request access to run queries. Promote API schemas to an environment. View query traces in real-time while running queries from the UI. Download a copy of the unified schema from the query editor in a specific project.
DataGraph Project - Operator	View customer-facing logs and set a dedicated load balancer URL for Anypoint Datagraph in a specific project.
DataGraph Project - Admin	Contribute, consume, and operate the unified schema. View usage metrics in a specific project.

Required Permissions

Grants the Ability to

Notes

Contribute

Add source APIs to the unified schema.
Edit any source API schema added to the unified schema.
Request access to run queries.
Promote API schemas to an environment.
View query traces in real-time while running queries from the UI.
Download a copy of the unified schema from the query editor.

Consume

View and explore the unified schema.
Request access to run queries and make data requests from the UI.
Download a copy of the unified schema from the query editor.

Operate

View customer-facing logs.
Set a dedicated load balancer URL for Anypoint Datagraph.

DataGraph Admin

Contribute, consume, and operate the unified schema.
View usage metrics.

DataGraph Project - Contributor

Add source APIs to the unified schema.
Edit any source API schema added to the unified schema.
Request access to run queries.
Promote API schemas to an environment.
View query traces in real-time while running queries from the UI.
Download a copy of the unified schema from the query editor in a specific project.

DataGraph Project - Operator

View customer-facing logs and set a dedicated load balancer URL for Anypoint Datagraph in a specific project.

DataGraph Project - Admin

Contribute, consume, and operate the unified schema.
View usage metrics in a specific project.

Design Center

Required Permissions	Grants the Ability to	Notes
Design Center Developer	View, create, and manage all projects within a business group.	Use this permission to set up administrators for all projects within a specific business group.
Design Center Creator	Create projects in Design Center from the navigation panel and view all projects created or shared with the user.	Use this permission to invite users to create, edit, and maintain your projects.
Design Center Viewer	View all Design Center projects within a business group and test projects with the Mocking Service.	Users with this permission can’t create new projects, edit or rename existing projects, or share projects with another user. Assign this permission to those who consume your project in a specific business group.

Required Permissions

Grants the Ability to

Notes

Design Center Developer

View, create, and manage all projects within a business group.

Use this permission to set up administrators for all projects within a specific business group.

Design Center Creator

Create projects in Design Center from the navigation panel and view all projects created or shared with the user.

Use this permission to invite users to create, edit, and maintain your projects.

Design Center Viewer

View all Design Center projects within a business group and test projects with the Mocking Service.

Users with this permission can’t create new projects, edit or rename existing projects, or share projects with another user.

Assign this permission to those who consume your project in a specific business group.

Design Center Project-level Permissions

Required Permissions	Grants the Ability to	Notes
Project Administrator	Manage and share a Design Center project within a business group.	Use this permission to set up administrators for all the projects within a specific business group.
Project Editor	Edit a Design Center project within a business group.	Use this permission to invite users to create, edit, and maintain your projects.
Project Viewer	View a Design Center project within a business group and test projects with the Mocking Service.	Users with this permission can’t create a new project, edit or rename the existing project, or share the project with another user. Assign this permission to those who consume your project in a specific business group.

Required Permissions

Grants the Ability to

Notes

Project Administrator

Manage and share a Design Center project within a business group.

Use this permission to set up administrators for all the projects within a specific business group.

Project Editor

Edit a Design Center project within a business group.

Use this permission to invite users to create, edit, and maintain your projects.

Project Viewer

View a Design Center project within a business group and test projects with the Mocking Service.

Users with this permission can’t create a new project, edit or rename the existing project, or share the project with another user.

Assign this permission to those who consume your project in a specific business group.

Exchange

Required Permissions	Grants the Ability to	Notes
Exchange Administrator	View, create, and download assets within a business group. Edit asset portal content in an existing asset version.	Users with this permission have the same access as users with the Exchange contributor and Exchange viewer permissions, and access to share an asset with another user, deprecate an asset, and delete an asset. Use this permission to set up Exchange administrators for all assets within a specific business group.
Exchange Contributor	View, create, and download assets within a business group. Users with this permission can edit asset portal content in an existing asset version.	Use this permission to invite users to edit and maintain your asset portal descriptions.
Exchange Viewer	View and download assets within a business group.	Users with this permission can’t add new assets, edit asset portal content, or share an asset with another user. Assign this permission to those who consume your assets in a specific business group.
Exchange Creator	Create new assets within a business group’s catalog.	A user with this permission can’t modify assets or asset versions created by other users in the business group. Once the users with this permission create an asset, the Asset Administrator permission is automatically assigned for the assets they create. The Asset Administrator permission allows these users to modify only the assets that they create. Use this permission to restrict the modification of assets except for assets created by this user while allowing all developers across all teams in a business group to create new assets in Exchange.
Asset Viewer	View and download an asset.	Users with this permission can’t edit asset portal content or share an asset with another user. Use this permission to invite a user outside your business group to view and download an asset.
Asset Contributor	View, add a new version, and download an asset.	Use this permission to invite a user outside of your business group to view, download, and add edit portal content for an asset.
Asset Administrator	View, create, download, deprecate, and delete an asset.	Users with this permission have the same access as users with the Exchange Administrator permission, but on only a single asset. This permission is assigned by default to an asset creator. Use this permission to extend administrator permissions for an asset to an additional user.

Required Permissions

Grants the Ability to

Notes

Exchange Administrator

View, create, and download assets within a business group.
Edit asset portal content in an existing asset version.

Users with this permission have the same access as users with the Exchange contributor and Exchange viewer permissions, and access to share an asset with another user, deprecate an asset, and delete an asset.

Use this permission to set up Exchange administrators for all assets within a specific business group.

Exchange Contributor

View, create, and download assets within a business group.

Users with this permission can edit asset portal content in an existing asset version.

Use this permission to invite users to edit and maintain your asset portal descriptions.

Exchange Viewer

View and download assets within a business group.

Users with this permission can’t add new assets, edit asset portal content, or share an asset with another user.

Assign this permission to those who consume your assets in a specific business group.

Exchange Creator

Create new assets within a business group’s catalog.

A user with this permission can’t modify assets or asset versions created by other users in the business group.

Once the users with this permission create an asset, the Asset Administrator permission is automatically assigned for the assets they create. The Asset Administrator permission allows these users to modify only the assets that they create.

Use this permission to restrict the modification of assets except for assets created by this user while allowing all developers across all teams in a business group to create new assets in Exchange.

Asset Viewer

View and download an asset.

Users with this permission can’t edit asset portal content or share an asset with another user.

Use this permission to invite a user outside your business group to view and download an asset.

Asset Contributor

View, add a new version, and download an asset.

Use this permission to invite a user outside of your business group to view, download, and add edit portal content for an asset.

Asset Administrator

View, create, download, deprecate, and delete an asset.

Users with this permission have the same access as users with the Exchange Administrator permission, but on only a single asset. This permission is assigned by default to an asset creator.

Use this permission to extend administrator permissions for an asset to an additional user.

IDP

Required Permissions	Grants the Ability to	Notes
Manage Actions	Complete access to IDP and assigns reviewer permission by default for every document action.
Build Actions	Create, edit, and publish document actions and assign reviewers to the actions.
Execute Published Actions	Execute a published document action and retrieve the results of the execution.
Configure Connected Apps	Configure a connected app to communicate with IDP.

Required Permissions

Grants the Ability to

Notes

Manage Actions

Complete access to IDP and assigns reviewer permission by default for every document action.

Build Actions

Create, edit, and publish document actions and assign reviewers to the actions.

Execute Published Actions

Execute a published document action and retrieve the results of the execution.

Configure Connected Apps

Configure a connected app to communicate with IDP.

Monitoring

Required Permissions	Grants the Ability to	Notes
Monitoring Administrator	View, create, modify, and delete content in Anypoint Monitoring.
Monitoring Viewer	View but not modify content in Anypoint Monitoring.
Telemetry Exporter Administrator	View connections and configurations in Telemetry Exporter. Create, modify, and delete connections in Telemetry Exporter. Create, modify, and delete configurations in Telemetry Exporter.	Assign this permission at the root organization level.
Telemetry Exporter Configurations Manager	View connections and configurations in Telemetry Exporter. Create, modify, and delete configurations in Telemetry Exporter.

Required Permissions

Grants the Ability to

Notes

Monitoring Administrator

View, create, modify, and delete content in Anypoint Monitoring.

Monitoring Viewer

View but not modify content in Anypoint Monitoring.

Telemetry Exporter Administrator

View connections and configurations in Telemetry Exporter.
Create, modify, and delete connections in Telemetry Exporter.
Create, modify, and delete configurations in Telemetry Exporter.

Assign this permission at the root organization level.

Telemetry Exporter Configurations Manager

View connections and configurations in Telemetry Exporter.
Create, modify, and delete configurations in Telemetry Exporter.

MQ

Required Permissions	Grants the Ability to	Notes
View clients	View all client apps, including client app IDs and client secrets for each client app.
View destinations	View all destinations and each destination’s settings (ID, Type, Message TTL, and Message Lock Default TTL). View In Queue messages. View In Flight message stats.
Clear destinations	View all destinations and each destination’s settings (ID, Type, Message TTL, and Message Lock Default TTL). View In Queue messages. View In Flight message stats.
Manage clients	View all client apps, including client app IDs and client secrets for each client app. Create client apps.
Administer destinations	View all destinations and each destination’s settings (ID, Type, Message TTL, and Message Lock Default TTL). View In Queue messages. View In Flight message stats. Create new queues, message exchanges, and bindings. Edit existing queues, message exchanges, and bindings. Purge messages from queues.
Manage destinations (deprecated)	View all destinations and each destination’s settings (ID, Type, Message TTL, and Message Lock Default TTL). View In Queue messages. View In Flight message stats. Create new queues and message exchanges. Edit existing queues and message exchange settings. Access Message Sender and Browser pages. Delete messages. Purge messages from queues.	This permission is deprecated. Assign these permissions instead: Administer destinations Destination subscriber for given environment Destination publisher for given environment
Destination subscriber for given environment	Consume messages from a destination. Delete messages from a destination.
Destination publisher for given environment	Send messages to a destination. Update message TTL on a destination.
Read MQ Stats	View organization and environment statistics.

Required Permissions

Grants the Ability to

Notes

View clients

View all client apps, including client app IDs and client secrets for each client app.

View destinations

View all destinations and each destination’s settings (ID, Type, Message TTL, and Message Lock Default TTL).
View In Queue messages.
View In Flight message stats.

Clear destinations

View all destinations and each destination’s settings (ID, Type, Message TTL, and Message Lock Default TTL).
View In Queue messages.
View In Flight message stats.

Manage clients

View all client apps, including client app IDs and client secrets for each client app.
Create client apps.

Administer destinations

View all destinations and each destination’s settings (ID, Type, Message TTL, and Message Lock Default TTL).
View In Queue messages.
View In Flight message stats.
- Create new queues, message exchanges, and bindings.
- Edit existing queues, message exchanges, and bindings.
- Purge messages from queues.

Manage destinations (deprecated)

View all destinations and each destination’s settings (ID, Type, Message TTL, and Message Lock Default TTL).
View In Queue messages.
View In Flight message stats.
Create new queues and message exchanges.
Edit existing queues and message exchange settings.
Access Message Sender and Browser pages.
Delete messages.
Purge messages from queues.

This permission is deprecated. Assign these permissions instead:

Administer destinations
Destination subscriber for given environment
Destination publisher for given environment

Destination subscriber for given environment

Consume messages from a destination.
Delete messages from a destination.

Destination publisher for given environment

Send messages to a destination.
Update message TTL on a destination.

Read MQ Stats

View organization and environment statistics.

Object Store v2

Required Permissions	Grants the Ability to	Notes
Manage stores	Create, read, update, and delete stores.
Manage stores data	Perform all store operations including data, partition, and confirmation APIs.
View stores	Read store details.
Manage store clients	Manage all clients of a cloud store.	This permission doesn’t apply to Object Store v2.
View store clients (object store only)	View all clients of a cloud store.	This permission doesn’t apply to Object Store v2.
Store Metrics Viewer	Retrieve Object Store v2 metrics using the Object Store v2 Stats API.

Required Permissions

Grants the Ability to

Notes

Manage stores

Create, read, update, and delete stores.

Manage stores data

Perform all store operations including data, partition, and confirmation APIs.

View stores

Read store details.

Manage store clients

Manage all clients of a cloud store.

This permission doesn’t apply to Object Store v2.

View store clients (object store only)

View all clients of a cloud store.

This permission doesn’t apply to Object Store v2.

Store Metrics Viewer

Retrieve Object Store v2 metrics using the Object Store v2 Stats API.

Partner Manager

Required Permissions	Grants the Ability to	Notes
Partner Manager Administrator	Have complete access to the host, partner, message flow configurations, and transaction activity.
View Host, Partners and Message Flows	Have view-only access to the host, partner, and message flow configurations.	This user can’t view transaction activity.
Manage Partners and Message Flows	Create, modify, and delete partners or message flow configurations. View partner configurations.	This user can’t view and manage transaction activity.
Manage Activity	View and manage transaction activity.	This user can’t view or modify either partner or message flow configurations.
Manage Host	Create, modify, and delete host configurations.	This user can’t view or modify partner configurations or transaction activity. This access applies even if the user has the Organization Administrator permission.
View Activity	Have view-only access to transaction activity.	This user can’t view or modify either partner or message flow configurations.

Required Permissions

Grants the Ability to

Notes

Partner Manager Administrator

Have complete access to the host, partner, message flow configurations, and transaction activity.

View Host, Partners and Message Flows

Have view-only access to the host, partner, and message flow configurations.

This user can’t view transaction activity.

Manage Partners and Message Flows

Create, modify, and delete partners or message flow configurations.
View partner configurations.

This user can’t view and manage transaction activity.

Manage Activity

View and manage transaction activity.

This user can’t view or modify either partner or message flow configurations.

Manage Host

Create, modify, and delete host configurations.

This user can’t view or modify partner configurations or transaction activity. This access applies even if the user has the Organization Administrator permission.

View Activity

Have view-only access to transaction activity.

This user can’t view or modify either partner or message flow configurations.

RPA

Required Permissions	Grants the Ability to	Notes
RPA Administrator	Perform all tasks, except those provided by the RPA Project Manager permission.	A user with this permission can only view or administer automation projects if the user is part of the process team.
RPA Automations Designer	RPA developer, citizen technologist, or knowledge source (such as a business analyst or process owner): In RPA Manager: Create automation projects. Record or design models of business processes that a process manager or center of excellence approved for automation. Document and edit the applications required for performing the processes.	Replaces these permissions Application Create Application Edit Process Automation Open Process Create Process Recording
RPA Automations Contributor	RPA developer, citizen technologist, or knowledge source (such as a business analyst or process owner): In RPA Manager: Create automation projects. Record or design models of business processes that a process manager or center of excellence approved for automation. Document and edit the applications required for performing the processes. Create and edit global variables to link to activity parameters created with RPA Builder. In RPA Builder: Build the automation based on the model. Reuse activities from the Activity Library.	Replaces these permissions Activity Library Open Application Create Application Edit Builder Usage Global Variables Create for Productionphase Global Variables Create for Testphase Global Variables Edit for Productionphase Global Variables Edit for Testphase Process Automation Open Process Create Process Recording
RPA Automations Manager	RPA developer, citizen technologist, or knowledge source (such as a business analyst or process owner): In RPA Manager: Create automation projects. Record or design models of business processes that a process manager or center of excellence approved for automation. Document and manage the applications required for performing the processes. Create and manage global variables to link to activity parameters created with RPA Builder. Change the owners and managers of processes. Reassign unprocessed user tasks In RPA Builder: Build the automation based on the model. Reuse and manage activities from the Activity Library.	Replaces these permissions Activity Library Administration Activity Library Open Application Create Application Delete Application Edit Builder Usage Change Process Owner Change Project Manager Global Variables Create for Productionphase Global Variables Create for Testphase Global Variables Edit for Productionphase Global Variables Edit for Testphase Global Variables Delete Process Automation Open Process Create Process Recording Unprocessed Task List Edit Unprocessed Task List Open
RPA Bots Manager	In RPA Manager: Monitor and manage all RPA Bots, including: Manage service times. View session queues. Manage the applications required for performing the processes, including downtimes.	Replaces these permissions Application Create Application Delete Application Edit Process Monitoring Open Robot Management Administration Robot Management Open Robot State and Operation Open Service Time Create Service Time Delete Service Time Edit
RPA Evaluations Viewer	In RPA Manager: View all process evaluations, regardless of whether the user belongs to the process team. View: Evaluation criteria Evaluation templates	Replaces these permissions Evaluation Criteria Open Evaluation Templates Open Global Process Evaluation View Process Evaluation Open
RPA Evaluations Contributor	In RPA Manager: View all process evaluations, regardless of whether the user belongs to the process team. View, create, and edit: Evaluation criteria Evaluation templates View, create, edit, and delete process evaluations.	Replaces these permissions Evaluation Criteria Create Evaluation Criteria Edit Evaluation Criteria Open Evaluation Templates Create Evaluation Templates Edit Evaluation Templates Open Global Process Evaluation View Process Evaluation Administration Process Evaluation Open
RPA Evaluations Manager	In RPA Manager: View all process evaluations, regardless of whether the user belongs to the process team. View, create, edit, and delete: Evaluation criteria Evaluation templates Process evaluations Approve evaluated processes to a center of excellence or a project manager for automation.	Replaces these permissions Evaluation Criteria Create Evaluation Criteria Delete Evaluation Criteria Edit Evaluation Criteria Open Evaluation Templates Create Evaluation Templates Delete Evaluation Templates Edit Evaluation Templates Open Global Process Evaluation View Process Evaluation Administration Process Evaluation Approval to a CoE Process Evaluation Approval to a Project manager Process Evaluation Open
RPA Operations Viewer	In RPA Manager: View all aspects of these RPA assets: Alerts Bots Dashboards View this information for processes for which the user belongs to the process team: Deployment maps Execution plans Session queues Watch the bot at work via process streaming.	Replaces these permissions Alerting Open Dashboard Open Process Deployment Map Open Process Execution Plans Open Process Monitoring Open Process Streaming Open Robot Management Open Robot State and Operation Open
RPA Operations Manager	In RPA Manager: View and manage these RPA assets: Alerts Bots Dashboards Unprocessed user tasks Upcoming process changes Analyze finance aspects and billing reports View this information for processes for which the user belongs to the process team: Deployment maps Execution plans Session queues Watch the bot at work via process streaming.	Replaces these permissions Alerting Administration Alerting Open Dashboard Open Process Deployment Map Open Process Execution Plans Open Process Monitoring Open Process Streaming Open Robot Management Open Robot State and Operation Open Billing Report Open Dashboard Administration Finance Analysis Edit Finance Analysis Open Global Finance Analysis View Global Process Execution Plans View Unprocessed Task List Edit Unprocessed Task List Open Upcoming Process Changes Administration Upcoming Process Changes Open
RPA Performance Analyzer	In RPA Manager: Analyze the financial aspects (such as the break-even point) of all processes. View the billing reports.	Replaces these permissions Billing Report Open Finance Analysis Edit Finance Analysis Open Global Finance Analysis View
RPA Project Manager	Be assigned as a project manager of automation projects in RPA Manager. For a user to function as a project manager, the user must also have one of these permissions: RPA Automations Designer RPA Automations Contributor RPA Automations Manager RPA Administrator	Replaces the RPA Project Management permissions.

Required Permissions

Grants the Ability to

Notes

RPA Administrator

Perform all tasks, except those provided by the RPA Project Manager permission.

A user with this permission can only view or administer automation projects if the user is part of the process team.

RPA Automations Designer

RPA developer, citizen technologist, or knowledge source (such as a business analyst or process owner):

In RPA Manager:

Create automation projects.
Record or design models of business processes that a process manager or center of excellence approved for automation.
Document and edit the applications required for performing the processes.

Replaces these permissions

Application Create
Application Edit
Process Automation Open
Process Create
Process Recording

RPA Automations Contributor

RPA developer, citizen technologist, or knowledge source (such as a business analyst or process owner):

In RPA Manager:
- Create automation projects.
- Record or design models of business processes that a process manager or center of excellence approved for automation.
- Document and edit the applications required for performing the processes.
- Create and edit global variables to link to activity parameters created with RPA Builder.
In RPA Builder:
- Build the automation based on the model.
- Reuse activities from the Activity Library.

Replaces these permissions

Activity Library Open
Application Create
Application Edit
Builder Usage
Global Variables Create for Productionphase
Global Variables Create for Testphase
Global Variables Edit for Productionphase
Global Variables Edit for Testphase
Process Automation Open
Process Create
Process Recording

RPA Automations Manager

RPA developer, citizen technologist, or knowledge source (such as a business analyst or process owner):

In RPA Manager:
- Create automation projects.
- Record or design models of business processes that a process manager or center of excellence approved for automation.
- Document and manage the applications required for performing the processes.
- Create and manage global variables to link to activity parameters created with RPA Builder.
- Change the owners and managers of processes.
- Reassign unprocessed user tasks
In RPA Builder:
- Build the automation based on the model.
- Reuse and manage activities from the Activity Library.

Replaces these permissions

Activity Library Administration
Activity Library Open
Application Create
Application Delete
Application Edit
Builder Usage
Change Process Owner
Change Project Manager
Global Variables Create for Productionphase
Global Variables Create for Testphase
Global Variables Edit for Productionphase
Global Variables Edit for Testphase
Global Variables Delete
Process Automation Open
Process Create
Process Recording
Unprocessed Task List Edit
Unprocessed Task List Open

RPA Bots Manager

In RPA Manager:

Monitor and manage all RPA Bots, including:
- Manage service times.
- View session queues.
Manage the applications required for performing the processes, including downtimes.

Replaces these permissions

Application Create
Application Delete
Application Edit
Process Monitoring Open
Robot Management Administration
Robot Management Open
Robot State and Operation Open
Service Time Create
Service Time Delete
Service Time Edit

RPA Evaluations Viewer

In RPA Manager:

View all process evaluations, regardless of whether the user belongs to the process team.
View:
- Evaluation criteria
- Evaluation templates

Replaces these permissions

Evaluation Criteria Open
Evaluation Templates Open
Global Process Evaluation View
Process Evaluation Open

RPA Evaluations Contributor

In RPA Manager:

View all process evaluations, regardless of whether the user belongs to the process team.
View, create, and edit:
- Evaluation criteria
- Evaluation templates
View, create, edit, and delete process evaluations.

Replaces these permissions

Evaluation Criteria Create
Evaluation Criteria Edit
Evaluation Criteria Open
Evaluation Templates Create
Evaluation Templates Edit
Evaluation Templates Open
Global Process Evaluation View
Process Evaluation Administration
Process Evaluation Open

RPA Evaluations Manager

In RPA Manager:

View all process evaluations, regardless of whether the user belongs to the process team.
View, create, edit, and delete:
- Evaluation criteria
- Evaluation templates
Process evaluations
Approve evaluated processes to a center of excellence or a project manager for automation.

Replaces these permissions

Evaluation Criteria Create
Evaluation Criteria Delete
Evaluation Criteria Edit
Evaluation Criteria Open
Evaluation Templates Create
Evaluation Templates Delete
Evaluation Templates Edit
Evaluation Templates Open
Global Process Evaluation View
Process Evaluation Administration
Process Evaluation Approval to a CoE
Process Evaluation Approval to a Project manager
Process Evaluation Open

RPA Operations Viewer

In RPA Manager:

View all aspects of these RPA assets:
- Alerts
- Bots
- Dashboards
View this information for processes for which the user belongs to the process team:
- Deployment maps
- Execution plans
- Session queues
Watch the bot at work via process streaming.

Replaces these permissions

Alerting Open
Dashboard Open
Process Deployment Map Open
Process Execution Plans Open
Process Monitoring Open
Process Streaming Open
Robot Management Open
Robot State and Operation Open

RPA Operations Manager

In RPA Manager:

View and manage these RPA assets:
- Alerts
- Bots
- Dashboards
- Unprocessed user tasks
- Upcoming process changes
Analyze finance aspects and billing reports
View this information for processes for which the user belongs to the process team:
- Deployment maps
- Execution plans
- Session queues
Watch the bot at work via process streaming.

Replaces these permissions

Alerting Administration
Alerting Open
Dashboard Open
Process Deployment Map Open
Process Execution Plans Open
Process Monitoring Open
Process Streaming Open
Robot Management Open
Robot State and Operation Open
Billing Report Open
Dashboard Administration
Finance Analysis Edit
Finance Analysis Open
Global Finance Analysis View
Global Process Execution Plans View
Unprocessed Task List Edit
Unprocessed Task List Open
Upcoming Process Changes Administration
Upcoming Process Changes Open

RPA Performance Analyzer

In RPA Manager:

Analyze the financial aspects (such as the break-even point) of all processes.
View the billing reports.

Replaces these permissions

Billing Report Open
Finance Analysis Edit
Finance Analysis Open
Global Finance Analysis View

RPA Project Manager

Be assigned as a project manager of automation projects in RPA Manager. For a user to function as a project manager, the user must also have one of these permissions:

RPA Automations Designer
RPA Automations Contributor
RPA Automations Manager
RPA Administrator

Replaces the RPA Project Management permissions.

Runtime Manager

Required Permissions	Grants the Ability to	Notes
CloudHub Network Administrator	Manage CloudHub and CloudHub 2.0 network resources.
CloudHub Network Viewer	View CloudHub and CloudHub 2.0 network resources.
Delete Applications	Delete applications in a specific environment.
Download Applications	Download application files in a specific environment.
Manage Alerts	Create, update, and delete application alerts in a specific environment.
Manage Application Data	Create and delete application data in a specific environment.
Manage Queues	Clear application queues in a specific environment.
Read Runtime Fabric	Query Runtime Fabric instances in the organization.
Manage Runtime Fabrics	read, create, update, and delete Runtime Fabric resources.
Manage Runtime Fabric	Read, create, update, and delete Runtime Fabric resources.
Manage Schedules	Run and update application schedules in a specific environment.
Manage Settings	Update application settings in a specific environment.
Manage Tenants	Create, update, and delete application tenants in a specific environment.
Read Alerts	View alerts in a specific environment.
Read Applications	View applications in a specific environment.
Manage Servers	Create, update, and delete server and Flex Gateway resources.
Read Servers	View server and Flex Gateway resources.
Manage Application Flows	Update flows.
Create Applications	Create applications in a specific environment.

Required Permissions

Grants the Ability to

Notes

CloudHub Network Administrator

Manage CloudHub and CloudHub 2.0 network resources.

CloudHub Network Viewer

View CloudHub and CloudHub 2.0 network resources.

Delete Applications

Delete applications in a specific environment.

Download Applications

Download application files in a specific environment.

Manage Alerts

Create, update, and delete application alerts in a specific environment.

Manage Application Data

Create and delete application data in a specific environment.

Manage Queues

Clear application queues in a specific environment.

Read Runtime Fabric

Query Runtime Fabric instances in the organization.

Manage Runtime Fabrics

read, create, update, and delete Runtime Fabric resources.

Manage Runtime Fabric

Read, create, update, and delete Runtime Fabric resources.

Manage Schedules

Run and update application schedules in a specific environment.

Manage Settings

Update application settings in a specific environment.

Manage Tenants

Create, update, and delete application tenants in a specific environment.

Read Alerts

View alerts in a specific environment.

Read Applications

View applications in a specific environment.

Manage Servers

Create, update, and delete server and Flex Gateway resources.

Read Servers

View server and Flex Gateway resources.

Manage Application Flows

Update flows.

Create Applications

Create applications in a specific environment.

Secrets Manager

Required Permissions	Grants the Ability to	Notes
Grant access to secrets	Browse, read metadata and grant access to secrets in a specific environment.
Manage secret groups	Create, modify, delete, read, and clone secret groups in a specific environment. Check if the user can initiate a new clone or restore operation.
Read secrets metadata	Browse and read metadata of secrets in a specific environment.
Write secrets	Upload, create, modify secrets in a specific environment.

Required Permissions

Grants the Ability to

Notes

Grant access to secrets

Browse, read metadata and grant access to secrets in a specific environment.

Manage secret groups

Create, modify, delete, read, and clone secret groups in a specific environment.
Check if the user can initiate a new clone or restore operation.

Read secrets metadata

Browse and read metadata of secrets in a specific environment.

Write secrets

Upload, create, modify secrets in a specific environment.

Tokenization

Required Permissions	Grants the Ability to	Notes
Manage Tokenization Services	View, create, edit, and delete tokenization resources.
Manage Tokenization Formats	View, create, edit, and delete tokenization formats.

Required Permissions

Grants the Ability to

Notes

Manage Tokenization Services

View, create, edit, and delete tokenization resources.

Manage Tokenization Formats

View, create, edit, and delete tokenization formats.

Usage

Required Permissions	Grants the Ability to	Notes
Usage Viewer	View usage reports.

Required Permissions

Grants the Ability to

Notes

Usage Viewer

View usage reports.

Visualizer

Required Permissions	Grants the Ability to	Notes
Visualizer Editor	View, create, modify, and delete content in Anypoint Visualizer.

Required Permissions

Grants the Ability to

Notes

Visualizer Editor

View, create, modify, and delete content in Anypoint Visualizer.