Skip to main content
Skip table of contents

Roles and permissions

LUY provides access control for defining and restricting permissions by using roles.

The assignments of roles to users are not managed in LUY. It can be associated within the organization’s identity management system, or the internal user management iTURM (built-in) can be used.

Key points of LUY and identity management

  • Role names in LUY must exactly match the role/group names in the identity management system, while respecting case sensitivity.

  • If a user is present in multiple groups and these groups are sent from the identity management system, they will be matched to roles in LUY and all the matching roles will be effective for that user. The resulting permissions are a combination from all applicable roles.

  • The only static and uneditable role is "luy_Supervisor". Users with this role assigned (either directly or by hierarchical role) have all privileges in LUY, independent of any other configuration.

The role “luy_Supervisor” must not be deleted.

Permissions summary

When selecting a certain role on the “roles and permissions” page, the effective permissions of this role are shown. Roles in the LUY permission system might hand their settings down to another role. These are called subordinate roles. The resulting access rights based on this hierarchical role structure are displayed as grey checkboxes. 

Permissions to view and edit data

The permissions to read, create, update and delete (CRUD) building block types and business mappings can be set with the displayed checkboxes.

  • Read: Users with a role with this permission can view all information about building block types and business mappings. This permission is required to grant further permissions.

  • Update: Users with this permission are able to edit building block types and business mappings.

  • Create: Users with this permission are able to create building block types and business mappings.
    The “copy” action is also protected by this permission.

  • Delete: Users with this permission are able to delete building block types and business mappings.

Permissions for relations

Permissions for the relations between building block types A and B, are derived from the building block type permissions as follows:

  • If a user has read permissions for A and B, then the user has the permission to view the relations between building blocks of those types.

  • If a user has update, create or delete permissions for either A or B, then the user has the permission to edit the relations between building blocks of those types, meaning updating, adding and removing relations is possible.

Functional permissions

Functional permissions control the visibility of certain tiles on the start screen, as well as the access to specific functions. For a detailed description, expand the following table:

List of functional permissions

Functional permission

Affected feature or area of user interface | menu entry / tab

Configure attribute and groups

Permission to add, edit or delete attributes. Be aware that users without this permission can still edit attribute values.

Permission to add, edit or delete attribute groups and control edit rights.

Administration / Attribute groups

Configure LUY

Permission to edit the configuration of LUY.

Administration / System

Configure plugin API

Permission to create, edit, delete and run scripts of the plugin API. Be aware that plugin scripts can access all data, independent of the user who created or executes the script.

Administration / plugin API

Share reports

Permission to edit, create and delete saved queries. Controls sharing dialogs and external sharing, too.

Reports / Saved queries

Edit customization

Permission to customize LUY.

Administration / Customizing

Edit roles and grant permissions

Permission to manage roles and permissions.

Administration / Roles and permissions

Execute bulk updates

Permission to execute bulk updates/mass updates via the multi mode.

Lists / Multi mode

Execute iteraQL power queries

Permission to use the query console to execute iteraQL power queries. Note that this permission does not control iteraQL queries via the REST API.

Reports / Query console

Export diagrams and lists

Permission to export various reports jpgs, pdf, csv, excel, etc. 

Manage surveys

Permission to create/edit/delete surveys.

Administration / Surveys

Manage users

Permission to manage users.

Administration / Users

Run import and export

Permission to import and export data.

Reports / Export/Import

Share diagrams reports externally

Permission to share diagram reports externally (via sharing link). Be aware that this permission is also affected by the share reports permission.

Reports / Saved queries

Share building block type list reports externally

Permission to share building block type list reports externally (via sharing link). Be aware that this permission is also affected the share reports permission.

Reports / Saved queries

Subscribe to building blocks and reports

Permission to subscribe to changes of building blocks and reports and view your personal subscriptions.

Lists / Subscribers 

Supervising data

Permission to delete all comments on building blocks.

Single element view / Comments

Use custom dashboard

Permission to use custom dashboards.

Reports / Custom dashboard

Use diagram builder

Permission to access the diagram builder.

Diagrams / Diagram builder

Use nested cluster

Permission to access the nested cluster.

Diagrams / Nested cluster

Use global search

Permission to run a global search on building blocks.

Start / Search input box

Use graphics reactor

Permission to access and use the LUY graphics reactor.

Reports / Graphics reactor

Use navigator

Permission to access the navigator.

Diagrams / Navigator

Use personal global filter

Permission to use the personal global filter.

Complete application

Use diagrams

Permission to use all built-in diagrams.

Diagrams / <all diagram types>

View all subscribers of a building block

Permission to view subscribers of a building block.

Lists / Subscribers

View history

Permission to view a building block's history.

Single element view / History tab

View roles and permissions

Permission to view roles and permissions.

Administration / Roles and permissions

Read and write access for attribute groups

In LUY, it is possible to restrict the read and write permissions for attributes by setting the permission for the whole attribute group. For each group and each role, the access can be set to read-only or read/write.

If no permissions are set for attribute groups, the permissions draw from the attributes themselves.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.