salesforce Dreamforce On-Demand
Contact Us 1-800-596-4880
  1. Homepage
  2. Access Management
  3. Manage Permissions

  4. Permissions in Anypoint Platform

Permissions Available in Anypoint Platform

Anypoint Platform has a variety of permissions that control user access to various areas of the software. While each product owns its own permissions, most of the following permissions can be assigned to teams, granted to individual users, or combined to create roles (deprecated). Others can be assigned in their respective product interfaces. Additionally, some permissions are configurable at the environment or business group level.

Some products require permissions from other products to use them properly. For example, Anypoint Monitoring requires users to have certain Runtime Manager permissions in addition to Anypoint Monitoring-related permissions. See each product’s documentation to determine which permissions your users need and how to set them.

Depending on your organization, its licensing, and its entitlements, you might not see all of these permissions during configuration.

Access Management

Organization Administrator

At the root organization level, grants a user most permissions available in Anypoint Platform, including but not limited to secrets management, network administration, and other view, modify, execute, and delete permissions.

The Organization Administrator permission also grants access to the Organization Administration page, where the user can add and manage users and permissions, view and edit organization details, access API Manager > Client Applications, access the client ID and client secret for the organization, and customize the theme of the Developer Portal. This permission enables a user to edit all versions of all APIs, all registered applications, and all API Portals in Anypoint Platform.

For security reasons, MuleSoft recommends distributing this permission to as few users as possible.

Audit Log Config Manager

Enables a user to configure the retention period for audit logs across their organization.

Apply this permission at the root organization level. This permission appears only if the organization has the modern UI enabled in Access Management.

Audit Log Viewer

Enables a user to view audit logs in Access Management.

Anypoint Code Builder

Anypoint Code Builder Developer

Enables a user to create and use cloud IDE instances of Anypoint Code Builder. This permission does not apply to Anypoint Code Builder for Desktop.

API Catalog

API Catalog Contributor

Enables a user to catalog assets and other resources using API Catalog.

API Experience Hub

API Experience Hub Admin

Enables a user to view, create, modify, and delete content in API Experience Hub.

API Experience Hub Community User

Enables a user to view but not modify content in API Experience Hub.

API Governance

Governance Administrator

Enables a user to manage profiles and view reports.

Governance Viewer

Enables a user to view reports.

API Manager

Depending on your organization, you might see one of the following sets of permissions available for API Manager.

API Manager Environment Administrator

Enables a user to view, create, modify, and delete APIs in the specified environment.

Users can also execute any actions related to API configurations, groups, proxies, alerts, contracts, tiers, policies, automated policies, and other settings in the specified API Manager environment.

API Group Administrator

Enables a user to view, create, modify, deprecate, and delete API groups and API group instances in the specified environment.

Deploy API Proxies

Enables a user to deploy API proxies in the specified environment.

Manage API Alerts

Enables a user to view, create, modify, and delete API alerts in the specified environment.

Manage APIs Configuration

Enables a user to view and modify API configurations in the specified environment.

Manage Contracts

Enables a user to view, accept, reject, and delete contracts and tiers in the specified environment.

Manage Policies

Enables a user to view, create, modify, and delete API policies in the specified environment.

View API Alerts

Enables a user to view the API alerts in the specified environment.

View APIs Configuration

Enables a user to view API configurations in the specified environment.

View Contracts

Enables a user to view contracts and tiers in the specified environment.

View Policies

Enables a user to view API policies in the specified environment.

Or:

API Creator

Enables you to create an API in the specified environment.

API Versions Owner

Enables you to view, modify, delete, and deprecate all API versions in the specified business group.

Portals Viewer

Enables you to view all portals in the specified business group.

Data Gateway

Data Gateway Administrator

Enables a user to have full access to Data Gateway Designer.

Data Gateway Viewer

Enables a user to have read-only access to Data Gateway Designer.

DataGraph

Contribute

Enables a user to:

  • Add source APIs to the unified schema.

  • Edit any source API schema added to the unified schema.

  • Request access to run queries.

  • Promote API schemas to an environment.

  • View query traces in real-time while running queries from the UI.

  • Download a copy of the unified schema from the query editor.

Consume

Enables a user to:

  • View and explore the unified schema.

  • Request access to run queries and make data requests from the UI.

  • Download a copy of the unified schema from the query editor.

Operate

Enables a user to:

  • View customer-facing logs.

  • Set a dedicated load balancer URL for Anypoint Datagraph.

DataGraph Admin

Enables a user to:

  • Contribute, consume, and operate the unified schema.

  • View usage metrics.

DataGraph Project - Contributor

Enables a user to:

  • Add source APIs to the unified schema.

  • Edit any source API schema added to the unified schema.

  • Request access to run queries.

  • Promote API schemas to an environment.

  • View query traces in real-time while running queries from the UI.

  • Download a copy of the unified schema from the query editor in a specific project.

DataGraph Project - Operator

Enables a user to view customer-facing logs and set a dedicated load balancer URL for Anypoint Datagraph in a specific project.

DataGraph Project - Admin

Enables a user to:

  • Contribute, consume, and operate the unified schema.

  • View usage metrics in a specific project.

Design Center

Design Center Developer

Enables a user to view, create, and manage all projects within a business group.

Use this permission to set up administrators for all projects within a specific business group.

Design Center Creator

Enables a user to create projects in Design Center from the navigation panel and view all projects created or shared with the user.

Use this permission to invite users to create, edit, and maintain your projects.

Design Center Viewer

Enables a user to view all Design Center projects within a business group and test projects with the Mocking Service.
Users with this permission cannot create new projects, edit or rename existing projects, or share projects with another user.

Assign this permission to those who consume your project in a specific business group.

Design Center Project-level Permissions

Project Administrator

Enables a user to manage and share a Design Center project within a business group.

Use this permission to set up administrators for all the projects within a specific business group.

Project Editor

Enables a user to edit a Design Center project within a business group.

Use this permission to invite users to create, edit, and maintain your projects.

Project Viewer

Enables a user to view a Design Center project within a business group and test projects with the Mocking Service.

Users with this permission cannot create a new project, edit or rename the existing project, or share the project with another user.

Assign this permission to those who consume your project in a specific business group.

Exchange

Exchange Administrator

Enables a user to:

  • View, create, and download assets within a business group.

  • Edit asset portal content in an existing asset version.

    Users with this permission have the same access as users with the Exchange contributor and Exchange viewer permissions, and access to share an asset with another user, deprecate an asset, and delete an asset.

    Use this permission to set up Exchange administrators for all assets within a specific business group.

Exchange Contributor

Enables a user to view, create, and download assets within a business group.

Users with this permission can edit asset portal content in an existing asset version.

Use this permission to invite users to edit and maintain your asset portal descriptions.

Exchange Viewer

Enables a user to view and download assets within a business group. Users with this permission cannot add new assets, edit asset portal content, or share an asset with another user.

Assign this permission to those who consume your assets in a specific business group.

Exchange Creator

Enables a user to create new assets within a business group’s catalog. A user with this permission can’t modify assets or asset versions created by other users in the business group.

Once the users with this permission create an asset, the Asset Administrator permission is automatically assigned for the assets they create. The Asset Administrator permission allows these users to modify only the assets that they create.

Use this permission to restrict the modification of assets except for assets created by this user while allowing all developers across all teams in a business group to create new assets in Exchange.

Asset Viewer

Enables a user to view and download an asset. Users with this permission cannot edit asset portal content or share an asset with another user.

Use this permission to invite a user outside your business group to view and download an asset.

Asset Contributor

Enables a user to view, add a new version, and download an asset.

Use this permission to invite a user outside of your business group to view, download, and add edit portal content for an asset.

Asset Administrator

Enables a user to view, create, download, deprecate, and delete an asset. Users with this permission have the same access as users with the Exchange Administrator permission, but on only a single asset. This permission is assigned by default to an asset creator.

Use this permission to extend administrator permissions for an asset to an additional user.

Monitoring

Monitoring Administrator

Enables a user to view, create, modify, and delete content in Anypoint Monitoring.

Monitoring Viewer

Enables a user to view but not modify content in Anypoint Monitoring.

Telemetry Exporter Administrator

Enables a user to:

  • View connections and configurations in Telemetry Exporter

  • Create, modify, and delete connections in Telemetry Exporter

  • Create, modify, and delete configurations in Telemetry Exporter

    Assign this permission at the root organization level.

Telemetry Exporter Configurations Manager

Enables a user to:

  • View connections and configurations in Telemetry Exporter

  • Create, modify, and delete configurations in Telemetry Exporter

MQ

View clients

Enables a user to view all client apps, including client app IDs and client secrets for each client app.

View destinations

Enables a user to:

  • View all destinations and each destination’s settings (ID, Type, Message TTL, and Message Lock Default TTL).

  • View In Queue messages.

  • View In Flight message stats.

Clear destinations

Enables a user to:

  • View all destinations and each destination’s settings (ID, Type, Message TTL, and Message Lock Default TTL).

  • View In Queue messages.

  • View In Flight message stats.

  • Clear destinations.

Manage clients

Enables a user to:

  • View all client apps, including client app IDs and client secrets for each client app.

  • Create client apps.

Administer destinations

Enables a user to:

  • View all destinations and each destination’s settings (ID, Type, Message TTL, and Message Lock Default TTL).

  • View In Queue messages.

  • View In Flight message stats.

  • Clear destinations.

  • Create new queues, message exchanges, and bindings.

  • Edit existing queues, message exchanges, and bindings.

  • Purge messages from queues.

Manage destinations (deprecated)

This permission is deprecated. To achieve the same abilities as Manage permissions, assign these permissions to the user:

  • Administer destinations

  • Destination subscriber for given environment

  • Destination publisher for given environment

Destination subscriber for given environment

Enables a user to consume messages from a destination and delete messages from a destination.

Destination publisher for given environment

Enables a user to send messages to a destination and update message TTL on a destination.

Read MQ Stats

Enables a user to view organization and environment statistics.

Partner Manager

Partner Manager Administrator

Enables a user to have complete access to the host, partner, message flow configurations, and transaction activity.

View Host, Partners and Message Flows

Enables a user to have view-only access to the host, partner, and message flow configurations.

This user cannot view transaction activity.

Manage Partners and Message Flows

Enables a user to:

  • Create, modify, and delete partners or message flow configurations.

  • View partner configurations.

    This user cannot view and manage transaction activity.

Manage Activity

Enables a user to view and manage transaction activity.

This user cannot view or modify either partner or message flow configurations.

Manage Host

Enables a user to create, modify, and delete host configurations.

This user cannot view or modify partner configurations or transaction activity. This access applies even if the user has the Organization Administrator permission.

View Activity

Enables a user have view-only access to transaction activity.

This user cannot view or modify either partner or message flow configurations.

RPA

RPA Administrator

The RPA Administrator permission includes all other permissions, except for the RPA Project Manager permission. A user with this permission can only view or administer automation projects if the user is part of the process team.

RPA Automations Designer

The RPA Automations Designer permission enables an RPA developer, citizen technologist, or knowledge source (such as a business analyst or process owner) to do the following in RPA Manager:

  • Create automation projects.

  • Record or design models of business processes that a process manager or center of excellence approved for automation.

  • Document and edit the applications required for performing the processes.

The RPA Automations Designer permission contains the following deprecated RPA permissions:

  • Application Create

  • Application Edit

  • Process Automation Open

  • Process Create

  • Process Recording

RPA Automations Contributor

The RPA Automations Contributor permission enables an RPA developer, citizen technologist, or knowledge source (such as a business analyst or process owner) to do the following:

  • In RPA Manager:

    • Create automation projects.

    • Record or design models of business processes that a process manager or center of excellence approved for automation.

    • Document and edit the applications required for performing the processes.

    • Create and edit global variables to link to activity parameters created with RPA Builder.

  • In RPA Builder:

    • Build the automation based on the model.

    • Reuse activities from the Activity Library.

The RPA Automations Contributor permission contains the following deprecated RPA permissions:

  • Activity Library Open

  • Application Create

  • Application Edit

  • Builder Usage

  • Global Variables Create for Productionphase

  • Global Variables Create for Testphase

  • Global Variables Edit for Productionphase

  • Global Variables Edit for Testphase

  • Process Automation Open

  • Process Create

  • Process Recording

RPA Automations Manager

The RPA Automations Manager permission enables an RPA developer, citizen technologist, or knowledge source (such as a business analyst or process owner) to do the following:

  • In RPA Manager:

    • Create automation projects.

    • Record or design models of business processes that a process manager or center of excellence approved for automation.

    • Document and manage the applications required for performing the processes.

    • Create and manage global variables to link to activity parameters created with RPA Builder.

    • Change the owners and managers of processes.

    • Reassign unprocessed user tasks

  • In RPA Builder:

    • Build the automation based on the model.

    • Reuse and manage activities from the Activity Library.

The RPA Automations Manager permission contains the following deprecated RPA permissions:

  • Activity Library Administration

  • Activity Library Open

  • Application Create

  • Application Delete

  • Application Edit

  • Builder Usage

  • Change Process Owner

  • Change Project Manager

  • Global Variables Create for Productionphase

  • Global Variables Create for Testphase

  • Global Variables Edit for Productionphase

  • Global Variables Edit for Testphase

  • Global Variables Delete

  • Process Automation Open

  • Process Create

  • Process Recording

  • Unprocessed Task List Edit

  • Unprocessed Task List Open

RPA Bots Manager

The RPA Bots Manager permission enables the user to do the following in RPA Manager:

  • Monitor and manage all RPA Bots, including the following:

    • Manage service times.

    • View session queues.

  • Manage the applications required for performing the processes, including downtimes.

The RPA Bots Manager permission contains the following deprecated RPA permissions:

  • Application Create

  • Application Delete

  • Application Edit

  • Process Monitoring Open

  • Robot Management Administration

  • Robot Management Open

  • Robot State and Operation Open

  • Service Time Create

  • Service Time Delete

  • Service Time Edit

RPA Evaluations Viewer

The RPA Evaluations Viewer permission enables a user to do the following in RPA Manager:

  • View all process evaluations, regardless of whether the user belongs to the process team.

  • View:

    • Evaluation criteria

    • Evaluation templates

The RPA Evaluations Viewer permission contains the following deprecated RPA permissions:

  • Evaluation Criteria Open

  • Evaluation Templates Open

  • Global Process Evaluation View

  • Process Evaluation Open

RPA Evaluations Contributor

The RPA Evaluations Contributor permission enables a user to do the following in RPA Manager:

  • View all process evaluations, regardless of whether the user belongs to the process team.

  • View, create, and edit:

    • Evaluation criteria

    • Evaluation templates

  • View, create, edit, and delete process evaluations.

The RPA Evaluations Contributor contains the following deprecated RPA permissions:

  • Evaluation Criteria Create

  • Evaluation Criteria Edit

  • Evaluation Criteria Open

  • Evaluation Templates Create

  • Evaluation Templates Edit

  • Evaluation Templates Open

  • Global Process Evaluation View

  • Process Evaluation Administration

  • Process Evaluation Open

RPA Evaluations Manager

The RPA Evaluations Manager permission enables a user to do the following in RPA Manager:

  • View all process evaluations, regardless of whether the user belongs to the process team.

  • View, create, edit, and delete:

    • Evaluation criteria

    • Evaluation templates

    • Process evaluations

  • Approve evaluated processes to a center of excellence or a project manager for automation.

The RPA Evaluations Manager contains the following deprecated RPA permissions:

  • Evaluation Criteria Create

  • Evaluation Criteria Delete

  • Evaluation Criteria Edit

  • Evaluation Criteria Open

  • Evaluation Templates Create

  • Evaluation Templates Delete

  • Evaluation Templates Edit

  • Evaluation Templates Open

  • Global Process Evaluation View

  • Process Evaluation Administration

  • Process Evaluation Approval to a CoE

  • Process Evaluation Approval to a Project manager

  • Process Evaluation Open

RPA Operations Viewer

The RPA Operations Viewer permission enables a user to do the following in RPA Manager:

  • View all aspects of the following RPA assets:

    • Alerts

    • Bots

    • Dashboards

  • View the following information for processes for which the user belongs to the process team:

    • Deployment maps

    • Execution plans

    • Session queues

  • Watch the bot at work via process streaming.

The RPA Operations Viewer contains the following deprecated RPA permissions:

  • Alerting Open

  • Dashboard Open

  • Process Deployment Map Open

  • Process Execution Plans Open

  • Process Monitoring Open

  • Process Streaming Open

  • Robot Management Open

  • Robot State and Operation Open

RPA Operations Manager

The RPA Operations Manager enables a user to do the following in RPA Manager:

  • View and manage the following RPA assets:

    • Alerts

    • Bots

    • Dashboards

    • Unprocessed user tasks

    • Upcoming process changes

  • Analyze finance aspects and billing reports

  • View the following information for processes for which the user belongs to the process team:

    • Deployment maps

    • Execution plans

    • Session queues

  • Watch the bot at work via process streaming.

The RPA Operations Viewer contains the following deprecated RPA permissions:

  • Alerting Administration

  • Alerting Open

  • Dashboard Open

  • Process Deployment Map Open

  • Process Execution Plans Open

  • Process Monitoring Open

  • Process Streaming Open

  • Robot Management Open

  • Robot State and Operation Open

  • Billing Report Open

  • Dashboard Administration

  • Finance Analysis Edit

  • Finance Analysis Open

  • Global Finance Analysis View

  • Global Process Execution Plans View

  • Unprocessed Task List Edit

  • Unprocessed Task List Open

  • Upcoming Process Changes Administration

  • Upcoming Process Changes Open

RPA Performance Analyzer

The RPA Performance Analyzer permission enables the user to do the following in RPA Manager:

  • Analyze the financial aspects (such as the break-even point) of all processes.

  • View the billing reports.

The RPA Performance Analyzer permission contains the following deprecated RPA permissions:

  • Billing Report Open

  • Finance Analysis Edit

  • Finance Analysis Open

  • Global Finance Analysis View

RPA Project Manager

The Project Manager permission enables a user to be assigned as a project manager of automation projects in RPA Manager. For a user to function as a project manager, the user must also have one of the following permissions:

  • RPA Automations Designer

  • RPA Automations Contributor

  • RPA Automations Manager

  • RPA Administrator

The RPA Project Manager permission contains the following deprecated RPA permissions:

  • Project Management

Runtime Manager

CloudHub Network Administrator

Enables a user to manage CloudHub network resources.

CloudHub Network Viewer

Enables a user to view CloudHub network resources.

Delete Applications

Enables a user to delete applications in a specific environment.

Download Applications

Enables a user to download application files in a specific environment.

Manage Alerts

Enables a user to create, update, and delete application alerts in a specific environment.

Manage Application Data

Enables a user to create and delete application data in a specific environment.

Manage Queues

Enables a user to clear application queues in a specific environment.

Read Runtime Fabric

Enables a user to query Runtime Fabrics in the organization.

Manage Runtime Fabrics

Enables a user to read, create, update, and delete Runtime Fabric resources.

Manage Runtime Fabric

Enables a user to read, create, update, and delete Runtime Fabric resources.

Manage Schedules

Enables a user to run and update application schedules in a specific environment.

Manage Settings

Enables a user to update application settings in a specific environment.

Manage Tenants

Enables a user to create, update, and delete application tenants in a specific environment.

Read Alerts

Enables a user to view alerts in a specific environment.

Read Applications

Enables a user to view applications in a specific environment.

Manage Servers

Enables a user to create, update, and delete server and Flex Gateway resources.

Read Servers

Enables a user to view server and Flex Gateway resources.

Manage Application Flows

Enables a user to update flows.

Create Applications

Enables a user to create applications in a specific environment.

Secrets Manager

Grant access to secrets

Enables a user to browse, read metadata and grant access to secrets in a specific environment.

Manage secret groups

Enables a user to:

  • Create, modify, delete, read, and clone secret groups in a specific environment.

  • Check if the user can initiate a new clone or restore operation.

Read secrets metadata

Enables a user to browse and read metadata of secrets in a specific environment.

Write secrets

Enables a user to upload, create, modify secrets in a specific environment.

Tokenization

Manage Tokenization Services

Enables a user to to view, create, edit, and delete tokenization resources.

Manage Tokenization Formats

Enables a user to view, create, edit, and delete tokenization formats.

Usage

Usage Viewer

Enables a user to view usage reports.

Visualizer

Visualizer Editor

Enables a user to view, create, modify, and delete content in Anypoint Visualizer.