Skip to main content

Celonis Product Documentation

Assigning variable admin permissions

By default, a user with team admin permissions has access to all features and settings within your Celonis Platform. Admins can manage users, edit team security settings, and update service permissions. However you may want to enable some users to only perform a selection of those admin roles, such as managing users or content only. To achieve this, you can assign variable admin permissions to users and groups within your Celonis Platform .

To assign variable admin permissions:

  1. Click Admin & Settings - Permissions to open the Permissions screen.

  2. Locate the Team permissions and click Edit.

    A screenshot showing where to edit team permissions.

  3. Assign the required permissions by either:

  4. Click Save.

The user permissions have been updated and are now applied to the relevant user.

Admin templates

When assigning variable admin permissions, you can take advantage of the variable admin templates. These templates provide a defined subset of admin permissions.

User Admin: A role that can invite, lock, and remove users, but can’t set content permissions.

Content Admin: A role that can only manage service permissions.

System Admin: A role that can manage SSO, IP restrictions, and system-related features only.

A screenshot showing the admin templates dropdown.
Variable admin preferences

In addition to assigning admin permissions, you can also set your variable admin preferences for your team. These preferences allow full team admins to further control what the abilities of the variable admins within their team.

To set your variable admin preferences - click Admin & Settings and then scroll down to Variable admin preferences:

variable_admin_preferences.png

By default, the following permissions are enabled (and can be disabled by full team admins only):

  • CSV downloads of the following:

    • Audit logs

    • User groups

    • User login histories

    • User permissions

  • Inviting users, creating groups, and creating application keys.

When preferences are disabled, any existing users holding variable admin permissions will lose access to the relevant admin features.