This section describes how to manage permissions that roles provide. Role groups are used to define which level of access, or access privileges to functions in ManagementStudio, ranging from view-only access to full administration rights. Management role groups simplify the assignment and maintenance of permissions to users in ManagementStudio. For example Power users and Restricted Users abilities. Anyone who wishes to use and interact with ManagementStudio must have a user account, and only an authenticated administrator can add, edit, and delete a user.
Default Role Groups
Project Admin: A member of this group will be granted full administrative rights. They will have complete and unrestricted access to the entire ManagementStudio product.
Project Member: A project member is a user who is assigned to a project. A member can be assigned to one or more projects and to one or more roles.
Power User: By default, members of this group will be granted specific administrator rights and permissions to perform common system tasks.
Api Connectors: Members of this group will be able to run the API commands and also the Connectors.
Role Group Permissions Explained
Permissions
Description
Applications - Deny Access |Read /Write |Read only
Create
Ability to create a new Application.
Lock
Ability to Lock an Application.
Archive
Ability to Archive an Application.
Delete
Ability to Delete an Application.
Importer
Ability to use the Data Importer to import Applications.
Disable Context Menu
Restrict access to the Context menu within the Applications module.
Run Custom Actions
Ability to run Custom Actions via the context menu in Applications.
Send Emails
Ability to send emails from the Applications module.
View Hidden Tab
Provides access to the Hidden tab within the Applications module.
Assigned To
Allow the user to be assigned Applications.
Owned By
Allow the user to be set as an owner of the Application.
Packaged By
Allows the user to be assigned an Application as a packager.
Delegate To 1
Allows the user to be set as a Delegate 1 of an Application.
Delegate To 2
Allows the user to be set as a Delegate 2 of an Application.
Configuration
Provides access to the Application configs within the Admin section.
Permission
Description
User Migrations - Deny Access |Read /Write |Read only
Create
Ability to create a new User Migration.
Lock
Ability to Lock a User Migration record.
Archive
Ability to Archive a User Migration.
Delete
Ability to Delete a User Migration.
Importer
Ability to use the Data Importer to import User Migrations.
Disable Context Menu
Restrict access to the Context menu within the User Migrations module.
Run Custom Actions
Ability to run Custom Actions via the context menu in the User Migrations module.
Send Emails
Ability to send emails from the User Migrations module.
View Hidden Tab
Provides access to the Hidden tab within the User Migrations module.
Initiate Migration
Ability to initiate a User Migration.
Assigned To
Allow the user to be assigned to a User Migration.
Delegate To 1
Allows the user to be set as a Delegate 1 of a User Migration.
Delegate To 2
Allows the user to be set as a Delegate 2 of a User Migration.
Configuration
Provides access to the User Migration configs within the Admin section.
Permission
Description
Devices - Deny Access |Read /Write |Read only
Create
Ability to create a new Device.
Lock
Ability to Lock a Device record.
Archive
Ability to Archive a Device.
Delete
Ability to Delete a Device.
Importer
Ability to use the Data Importer to import Devices.
Disable Context Menu
Restrict access to the Context menu within the Devices module.
Run Custom Actions
Ability to run Custom Actions via the context menu in the Devices module.
Send Emails
Ability to send emails from the Devices module.
View Hidden Tab
Provides access to the Hidden tab within the Devices module.
Initiate Migration
Ability to initiate a migration.
Assigned To
Allow the user to be assigned to a Device.
Delegate To 1
Allows the user to be set as a Delegate 1 of a Device.
Delegate To 2
Allows the user to be set as a Delegate 2 of a Device.
Configuration
Provides access to the Devices configs within the Admin section.
Permission
Description
Mailboxes - Deny Access |Read /Write |Read only
Create
Ability to create a new Mailbox.
Lock
Ability to Lock a Mailbox record.
Archive
Ability to Archive a Mailbox record.
Delete
Ability to Delete a Mailbox.
Importer
Ability to use the Data Importer to import Mailboxes.
Disable Context Menu
Restrict access to the Context menu within the Mailboxes module.
Run Custom Actions
Ability to run Custom Actions via the context menu in Mailboxes.
Send Emails
Ability to send emails from the Mailboxes module.
View Hidden Tab
Provides access to the Hidden tab within the Mailboxes module.
Assigned To
Allow the user to be assigned to a Mailbox.
Initiate Migration
Ability to initiate a migration.
Delegate To 1
Allows the user to be set as a Delegate 1 of a Mailbox.
Delegate To 2
Allows the user to be set as a Delegate 2 of a Mailbox.
Configuration
Provides access to the Mailbox configs within the Admin section.
Permission
Description
Bespoke - Deny Access |Read /Write |Read only
Create
Ability to create a new Bespoke item.
Lock
Ability to Lock a Bespoke record.
Archive
Ability to Archive a Bespoke item.
Delete
Ability to Delete a Bespoke item.
Importer
Ability to use the Data Importer to import Bespoke items.
Disable Context Menu
Restrict access to the Context menu within the Bespoke module.
Run Custom Actions
Ability to run Custom Actions via the context menu in the Bespoke module.
Send Emails
Ability to send emails from the Bespoke module.
View Hidden Tab
Provides access to the Hidden tab within the Bespoke module.
Initiate Migration
Ability to initiate a migration.
Assigned To
Allow the user to be assigned to a Bespoke item.
Delegate To 1
Allows the user to be set as a Delegate 1 of a Bespoke item.
Delegate To 2
Allows the user to be set as a Delegate 2 of a Bespoke item.
Configuration
Provides access to the Bespoke configs within the Admin section.
Permission
Description
Deployment Units - Deny Access |Read /Write |Read only
Create
Ability to create a new Deployment Unit.
Lock
Ability to Lock and unlock a Deployment Unit.
Archive
Ability to Archive and unarchive a Deployment Unit.
Delete
Ability to Delete and undelete a Deployment Unit.
Importer
Ability to use the Data Importer to import Deployment Units.
Disable Context Menu
Restrict access to the Context menu within the Deployment Unit module.
Run Custom Actions
Ability to run Custom Actions via the context menu in Deployment Units.
Send Emails
Ability to send emails from the Deployment Units module.
View Hidden Tab
Provides access to the Hidden tab within the Deployment Unit module.
Initiate Migration
Ability to initiate a migration.
Populate Deployment Units
Ability to populate and manage a Deployment unit.
Customise Scheduling Slots
Ability to edit and customise migration timeslots in a Deployment Unit.
Update Migration Slot
Ability to override and update a Migration slot.
Assigned To
Allow the user to be assigned to a deployment unit.
Delegate To 1
Allows the user to be set as a Delegate 1 of a deployment unit.
Delegate To 2
Allows the user to be set as a Delegate 2 of a deployment unit.
Configuration
Provides access to the Deployment unit configs within the Admin section.
Permission
Description
Defects - Deny Access |Read /Write |Read only
Create
Ability to create a new Defect.
Lock
Ability to Lock and unlock a Defect.
Archive
Ability to Archive and unarchive a Defect.
Delete
Ability to Delete and undelete a Defect.
Importer
Ability to use the Data Importer to import Defects.
Disable Context Menu
Restrict access to the Context menu within the Defects module.
Run Custom Actions
Ability to run Custom Actions via the context menu in Defects.
Send Emails
Ability to send emails from the Defects module.
View Hidden Tab
Provides access to the Hidden tab within the Defects module.
Assigned To
Allow the user to be assigned to a Defect.
Delegate To 1
Allows the user to be set as a Delegate 1 of a Defect.
Delegate To 2
Allows the user to be set as a Delegate 2 of a Defect.
Configuration
Provides access to the Defects configs within the Admin section.
Permission
Description
Tasks - Deny Access |Read /Write |Read only
Create
Ability to create a new a New Task.
Lock
Ability to Lock and unlock a Task.
Archive
Ability to Archive and unarchive a Task.
Delete
Ability to Delete and undelete a Task.
Importer
Ability to use the Data Importer to import Tasks.
Disable Context Menu
Restrict access to the Context menu within the Tasks module.
Run Custom Actions
Ability to run Custom Actions via the context menu in the Tasks module.
Send Emails
Ability to send emails from the Tasks module.
Assigned To
Allow the user to be assigned to a Task.
Configuration
Provides access to the Tasks configs within the Admin section.
Permission
Description
Contact
Create
Ability to create a new Contact.
Edit
Ability to edit a Contact record.
Delete
Ability to Delete and undelete a Contact.
Importer
Ability to use the Data Importer to import Contacts.
Permission
Description
Link
Create
Ability to create a new Link between modules.
Reject
Ability to Reject a link.
Delete
Ability to Delete and undelete a link.
Importer
Ability to use the Data Importer to import links.
Configuration
Provides access to the Application configs within the Admin section.
Permission
Description
Project
Member
Other Project Roles
Admin UI Access
Grants the user access to the Admin UI.
Run Scripts As
This enables the User to run a script directly.
View Email Queue
Provides the ability to view the email messaging queue.
Edit Email Queue
Provides the ability to edit the email messaging queue.
Project Config Roles
Manage Configuration
Provides access to edit and manage a Project configuration.
Manage Contacts
Provides access to manage Contacts.
Manage Scripts
Provides access to create and run Project scripts.
Manage Scheduled Tasks
Provides access to create and edit Scheduled tasks in a Project.
Manage Blueprints
Provides access to create and edit Blueprints in a Project.
Module Config Roles
Manage Settings
Provides access to the modules settings function in the Admin area.
Manage Tabs, Details, MenuItems
Allows access to the Tabs, Details & MenuItems within the Admin area.
Manage Workflow
Allows access to manage the workflow within the modules.
Manage Surveys
Provides access to manage Surveys.
Delete Surveys
Allows the user to delete Surveys.
Manage Test Types
Ability to create and edit Test Types.
Delete Test Types
Ability to delete Test Types.
Manage CustomForms
Ability to create and edit Customforms.
Manage Email Templates
Ability to create and edit email templates.
Manage UI Buttons
Allows the user to be able to manage the UI buttons.
User Account Roles
Manage User Accounts
Access to User Management in the Admin section.
Manage Role Groups
Access to User role management in the Admin section.
Manage Blueprint Rules
Provides access to manage and modify Blueprint rules.
Custom Permissions 1 - 10
These custom permissions are used for controlling which user can run specific functions within PowerShell Custom actions. For more information, please visit ManagementStudio's Service Desk to create a new support ticket.
Create a Role Group
Step
Example
Switch to Administration view and select the Role Groups menu from within the User accounts, Roles and Permissions section.
Click on Click here to add new item
Enter a unique name for the role group and a brief optional description (1) Click Save Changes (2)
Click Edit Rules next to the newly created role group.
Grant the permissions required by going through the permissions section and selecting the appropriate permissions against each module.
Click Finished after selecting the required permissions.
Click Save Changes.
Add a User to a Role Group
User permissions are granted by adding Roles to an account.
Steps
Example
Switch to Administration view and select the MS User Accounts menu from within the User accounts, Roles and Permissions section.
Select the User or Users (1) (CTRL + Click to select multiple users). Right Click and select Add Roles (2) from the context menu.
Click a Role or Roles (1) (CTRL + Click to select multiple roles). Then Click Add Roles (2).
Remove a User from a Role Group
Steps
Example
Switch to Administration view and select the MS User Accounts menu from within the User accounts, Roles and Permissions section.
Select the User or Users (1) (CTRL + Click to select multiple users). Right Click and select Remove Roles (2) from the context menu.
Click a Role or Roles (1) (CTRL + Click to select multiple roles). Then Click Remove Roles (2).
Further Support
If you require further support, please visit ManagementStudio's Service Desk to search the knowledge base or create a new support ticket.
