Skip to main content

Variable admin permissions

By default, a user with team admin permissions has access to all features and settings within your Celonis Platform. Admins can manage users, edit team security settings, and update service permissions. However you may want to enable some users to only perform a selection of those admin roles, such as managing users or content only. To achieve this, you can assign variable admin permissions to users and groups within your Celonis Platform team who currently don't hold global admin permissions.

In this example, one user has full admin permissions whereas another has been granted variable admin permissions for the service permissions, users, and groups only:

A user with full admin permissions:

example_with_full_permissions.png

A user with variable admin permissions:

example_with_variable_admin_permissions.png

Note

Managing individual permissions requires the Manage service permission. Advanced Restricted permissions are available only to true Admins or variable admins with this permission.

Assigning variable admin permissions per service

To assign variable admin permissions to team members who currently have member or analyst permissions:

  1. Click Admin & Settings - Users, opening the user management screen.

  2. Click the name of the team member who should be granted variable admin permissions.

    assign_variable_admin_via_users_screen.png

  3. Select the Admin & Settings service.

    admin_and_settings_for_variable.png

  4. Click Manage for each admin permission you want the user to hold.

    For example: Groups, service permissions, and users (matching those from the earlier example).

    variable_admin_applied_manage.png

  5. Click Save.

The user permissions have been updated and are now applied to the relevant user.

Variable admin preferences

In addition to assigning admin permissions, you can also set your variable admin preferences for your team. These preferences allow full team admins to further control what the abilities of the variable admins within their team.

To set your variable admin preferences - click Admin & Settings and then scroll down to Variable admin preferences:

An example UI from the Celonis Platform.

By default, the following permissions are enabled (and can be disabled by full team admins only):

  • CSV downloads of the following:

    • Audit logs

    • User groups

    • User login histories

    • User permissions

  • Inviting users, creating groups, and creating application keys.

When preferences are disabled, any existing users holding variable admin permissions will lose access to the relevant admin features.