The following tables describe the administrative activities available for the following roles:
An additional role, Impersonating Troubleshooter, has the permissions granted to a Troubleshooter, plus the ability to impersonate a Site Administrator and perform all the activities available to that role as needed.
To assign these roles go to (Admin) > Site > Site Permissions.
The first four tables describe the options available via the (Admin) > Site > Admin Console, on the Settings tab. The last table describes various user- and project-related activities.
Table Legend
| Action | Site Admin | Application Admin | Troubleshooter |
| ANTIVIRUS | all | read-only | read-only |
| AUDIT LOG MAINTENANCE | all | read-only | read-only |
| CAS IDENTITY PROVIDER | all | read-only | read-only |
| CLOUD SETTINGS | all | none | none |
| COMPLIANCE SETTINGS | all | all | read-only |
| CONFIGURE PAGE ELEMENTS | all | all | read-only |
| DOCKER HOST SETTINGS | all | read-only | read-only |
| ETL - ALL JOB HISTORIES | all | all | none |
| ETL - RUN SITE SCOPE ETLS | all | all | none |
| ETL - VIEW SCHEDULER SUMMARY | all | all | none |
| EXTERNAL ANALYTICS CONNECTIONS | all | read-only | read-only |
| FLOW CYTOMETRY | all | none | none |
| LDAP SYNC ADMIN | all | none | none |
| MASCOT SERVER | all | none | none |
| MASTER PATIENT INDEX | all | none | none |
| MS2 | all | none | none |
| NOTEBOOK SETTINGS | all | none | none |
| PROXY SERVLETS | all | read-only | read-only |
| PUPPETEER SERVICE | all | all | none |
| RSTUDIO SETTINGS | all | none | none |
| STARTUP PROPERTIES | read-only | read-only | read-only |
| Action | Site Admin | Application Admin | Troubleshooter |
| ANALYTICS SETTINGS | all | read-only | read-only |
| AUTHENTICATION | all | read-only | read-only |
| CHANGE USER PROPERTIES | all | all | none |
| EMAIL CUSTOMIZATION | all | all | none |
| EXPERIMENTAL FEATURES | all | none | none |
| EXTERNAL REDIRECT HOSTS | all | all | read-only |
| FILES | all | none | none |
| FOLDER TYPES | all | all | none |
| LIMIT ACTIVE USERS | all | read-only | read-only |
| LOOK AND FEEL SETTINGS | all | read all, change all except System Email Address and Custom Login | read-only |
| MISSING VALUE INDICATORS | all | all | none |
| PROJECT DISPLAY ORDER | all | all | none |
| SHORT URLS | all | all | none |
| SITE SETTINGS | all | read-only | read-only |
| SYSTEM MAINTENANCE | all | read-only | read-only |
| VIEWS AND SCRIPTING | all | read-only | read-only |
| Action | Site Admin | Application Admin | Troubleshooter |
| AUDIT LOG | all | all | read-only |
| FULL-TEXT SEARCH | all | read-only | read-only |
| ONTOLOGY | all | all | none |
| PIPELINE | all | all | none |
| PIPELINE EMAIL NOTIFICATIONS | all | none | none |
| PROTEIN DATABASES | all | none | none |
| SITE-WIDE TERMS OF USE | all | all | none |
| Action | Site Admin | Application Admin | Troubleshooter |
| ACTIONS | all | all | read-only |
| CACHES | all | read-only | read-only |
| CHECK DATABASE | all | none | none |
| CREDITS | read-only | read-only | read-only |
| DATA SOURCES | all | read-only | read-only |
| DUMP HEAP | all | all | read-only |
| ENVIRONMENT VARIABLES | all | read-only | read-only |
| LOGGERS | all | none | none |
| MEMORY USAGE | all | all | read-only |
| PROFILER | all | read-only | none |
| QUERIES | all | all | read-only |
| RESET SITE ERRORS | all | all | none |
| RUNNING THREADS | all | all | read-only |
| SITE VALIDATION | all | all | none |
| SQL SCRIPTS | all | none | none |
| SYSTEM PROPERTIES | all | read-only | read-only |
| TEST EMAIL CONFIGURATION | all | all | none |
| VIEW ALL SITE ERRORS | all | all | read-only |
| VIEW ALL SITE ERRORS SINCE RESET | all | all | read-only |
| VIEW PRIMARY SITE LOG FILE | all | all | read-only |
| Action | Site Admin | Application Admin | Project Admin | Folder Admin | Non Admin User | Notes |
| Create new users | yes | yes | yes | no | no | |
| Delete existing, and activate/de-activate users | yes | yes (see note) | no | no | no | Application Admins are not allowed to delete or deactivate a Site Admin. |
| See user details, change password, view permissions, see history grid | yes | yes (see note) | yes (see note) | yes (see note) | only for themselves | Application Admins are not allowed to reset the password of a Site Admin. Project/Folder Admins cannot change passwords. |
| Edit user details, change user email address | yes | yes (see note) | no | no | no | Application Admins are not allowed to edit details or change the email address of a Site Admin. |
| Update set of Site Admins and Site Developers | yes | no | no | no | no | |
| Update set of Application Admins | yes | yes (see note) | no | no | no | The current user receives a confirmation message when trying to remove themselves from the Application Admin role. |
| Update Site Groups (create, delete, update members, rename, export members) | yes | yes (see note) | no | no | no | Application Admins cannot update group memberships for Site Admins or Developers. |
| Update Project Groups (create, delete, update members, rename, export members) | yes | yes (see note) | yes | no | no | Application Admins cannot update group memberships for Site Admins or Developers. |
| Update Site Permissions | yes | yes | no | no | no | |
| Impersonate users, roles, and groups | yes | yes (see note) | yes (see note) | yes (see note) | no |
Application Admins cannot gain Site Admin permissions by impersonating a Site Admin. Project Admins can only impersonate users in their project. Folder Admins can only impersonate users in their folder. |
| Create and delete projects | yes | yes (see note) | no | no | no | Application Admins cannot set a custom file root for the project on the last step of the project creation wizard. |
| Create and delete project subfolders | yes | yes | yes | yes | no | |
| Update Project Settings | yes | yes (see note) | yes (see note) | yes (see note) | no | Only Site Admins can set the file root to a custom path. |
| previousnext |
| expand allcollapse all |
