Skip to main content

Object-centric process mining service permissions

Access to Object-Centric Process Mining (OCPM) is controlled through standard user roles and data pool-level permissions. These configurations protect sensitive transactional data and ensure compliance by regulating how developers build objects and how business analysts access published perspectives. For example, a global administrator can restrict regional analysts to localized Order-to-Cash data pools while preventing unauthorized team members from viewing sensitive vendor payment terms.

Available roles and permissions

The following standard roles are available:

Role

Permissions

Target assignment

Admin

  • View, edit, and publish all objects, events, transformations, and perspectives.

  • Manage object-centric data models in any data pool.

  • Configure environments and permissions.

System Administrators and Global Data Engineers.

Analyst (Edit permissions)

  • View and edit all objects, events, transformations, and perspectives in that data pool.

  • Publish changes to development and production environments.

Process Analysts and localized Data Modelers.

Analyst (View / read only permissions)

  • View objects, events, transformations, and perspectives.

Internal Auditors and Process Reviewers.

Member

  • Cannot access objects, events, transformations, or perspectives directly.

  • Use applications and assets built on published perspectives.

Operational Business Users and End Users.

Data access and security considerations

A single object-centric process mining (OCPM) data pool does not support row-level or object-level analyst restrictions within the Objects and Events dashboard. Analysts with edit permissions for a data pool can access all underlying objects, processes, and events.

To isolate and protect sensitive data during process modeling, enforce the following architecture:

  • Enable object-centric process mining across multiple data pools.

  • Restrict analyst assignments exclusively to the specific data pools containing their authorized data.

  • Maintain separate object-centric data pools to ensure strict data segregation across business units.

Related topics

Data permissions restrict data visibility for specific end users and groups within an Object-Centric Data Model (OCDM) perspective. Apply these restrictions to enforce data governance policies when users interact with downstream apps or analyses built on top of the perspective.

For example, in an Order-to-Cash process, regional order managers must be restricted from global data access so they only view sales orders and performance metrics matching their assigned country codes.

Verify that your user account has Data Administrator permissions within the target data pool and that the OCDM perspective has been successfully published.

To set the data permissions for a perspective:

  1. Click Data -> Data Integration and select the data pool containing your target objects and events.

  2. Click Data Models.

  3. Find the perspective data model and choose Data Permissions from the context menu.

    The data model overview in the Celonis Platform with the three-dot context menu expanded for a specific asset. The Data Permissions option is highlighted in the menu alongside options for Rename, Usage Permissions, Duplicate, Subscribe, and Delete.
  4. Click Add user, group, or OAuth client.

  5. Select the target user, group, or OAuth client name and click Done.

Related topics