Roles
iceDQ provides a set of predefined roles that can be assigned to individual users or user groups. When a role is granted to a group, all users within that group automatically inherit the role and its associated permissions.
Application Admin
The Application Admin role grants full access to the administration module. It is recommended to limit this role to a small number of trusted users. Users with this role can perform the following actions:
- Create, View, Delete Users
- Create, View, Delete Groups and Assign Users
- Create, View, Delete Workspaces
- Grant Access to Accounts or Workspaces
- Create, View, Delete Custom Fields
- Configure settings like Email, Vault, Federation etc.
Owner
The Owner role can be assigned at either the account or workspace level. Owners have full control over the assigned scope and can perform the following actions:
- Create, View, Delete and Test Connections
- Create and Delete Folders
- Create, View, Delete and Run Rules
- Create, View, Delete and Run Workflows
- Create, View and Delete Parameters
- Create, View and Delete Schedules
Owner role granted at account level is inherited by the user for all the workspaces under that account
Contributor
The Contributor role can also be assigned at the account or workspace level. This role is suitable for most users and includes the ability to:
- Create and Delete Folders
- Create, View, Delete and Run Rules
- Create, View, Delete and Run Workflows
- Create, View and Delete Parameters
- Create, View and Delete Schedules
Executor
The Executor role, assignable at both account and workspace levels, allows users to:
- View and Run Rules
- View and Run Workflows
- View Parameters
- View Schedules
Reader
The Reader role provides read-only access and can be assigned at either the account or workspace level. Users with this role can:
- View Rules
- View Workflows
- View Parameters
- View Schedules