Skip to main content

Variable admin permissions

Improved permissions management experience

On February 4th, we're releasing an improved permissions management experience that enhances how administrators view and manage access across the platform. On this date, the content displayed below will be updated, reflecting the changes in our admin interfaces.

For more information, see: Updated Permissions (from Feb 4, 2026)

By default, a user with team admin permissions has access to all features and settings within your Celonis Platform. Admins can manage users, edit team security settings, and update service permissions. However you may want to enable some users to only perform a selection of those admin roles, such as managing users or content only. To achieve this, you can assign variable admin permissions to users and groups within your Celonis Platform team who currently don't hold global admin permissions.

The best method of doing this is to assign admin permissions per Celonis service (such as Data Integration, Studio etc.)

Note

Managing individual permissions requires the Manage service permission. Advanced Restricted permissions are available only to true Admins or variable admins with this permission.

Assigning variable admin permissions per service

To assign variable admin permissions to team members who currently have member or analyst permissions:

  1. Click Admin & Settings - Users, opening the user management screen.

  2. Click the name of the team member who should be granted variable admin permissions to a service.

    assign_variable_admin_via_users_screen.png

  3. Select the service to edit permissions for.

    For example, Studio:

    assign_variable_admin_select_service.png

  4. Select the service specific permissions to grant to the user.

    grant_permissions_as_variable_admin.png

  5. Click Save.

    click_save.png

The user permissions have been updated and are now applied to the relevant user.

Variable admin preferences

In addition to assigning admin permissions, you can also set your variable admin preferences for your team. These preferences allow full team admins to further control what the abilities of the variable admins within their team.

To set your variable admin preferences - click Admin & Settings and then scroll down to Variable admin preferences:

An example UI from the Celonis Platform.

By default, the following permissions are enabled (and can be disabled by full team admins only):

  • CSV downloads of the following:

    • Audit logs

    • User groups

    • User login histories

    • User permissions

  • Inviting users, creating groups, and creating application keys.

When preferences are disabled, any existing users holding variable admin permissions will lose access to the relevant admin features.