Object-centric process mining service permissions
Access to Object-Centric Process Mining (OCPM) is controlled through standard user roles and data pool-level permissions. These configurations protect sensitive transactional data and ensure compliance by regulating how developers build objects and how business analysts access published perspectives. For example, a global administrator can restrict regional analysts to localized Order-to-Cash data pools while preventing unauthorized team members from viewing sensitive vendor payment terms.
Available roles and permissions
The following standard roles are available:
Role | Permissions | Target assignment |
|---|---|---|
Admin |
| System Administrators and Global Data Engineers. |
Analyst (Edit permissions) |
| Process Analysts and localized Data Modelers. |
Analyst (View / read only permissions) |
| Internal Auditors and Process Reviewers. |
Member |
| Operational Business Users and End Users. |
Data access and security considerations
A single object-centric process mining (OCPM) data pool does not support row-level or object-level analyst restrictions within the Objects and Events dashboard. Analysts with edit permissions for a data pool can access all underlying objects, processes, and events.
To isolate and protect sensitive data during process modeling, enforce the following architecture:
Enable object-centric process mining across multiple data pools.
Restrict analyst assignments exclusively to the specific data pools containing their authorized data.
Maintain separate object-centric data pools to ensure strict data segregation across business units.
Related topics
Data permissions restrict data visibility for specific end users and groups within an Object-Centric Data Model (OCDM) perspective. Apply these restrictions to enforce data governance policies when users interact with downstream apps or analyses built on top of the perspective.
For example, in an Order-to-Cash process, regional order managers must be restricted from global data access so they only view sales orders and performance metrics matching their assigned country codes.
Verify that your user account has Data Administrator permissions within the target data pool and that the OCDM perspective has been successfully published.
To set the data permissions for a perspective:
Click Data -> Data Integration and select the data pool containing your target objects and events.
Click Data Models.
Find the perspective data model and choose Data Permissions from the context menu.

Click Add user, group, or OAuth client.
Select the target user, group, or OAuth client name and click Done.