Types of application permissions

Administrators can use a set of application permissions to limit the activities of the various users and user groups that can access the IBM OpenPages® with Watson™ application. The application permissions reside under the SOX permissions heading and can be applied to OpenPages with Watson user groups.

Important: If the changes to application permissions result in changes to menus, the menu changes do not appear until users log out and then log back in to the application.

Users are generally granted applicable permissions by being assigned to role templates that include those permissions.

Administration permissions

When you create an administrative-level group, you must grant them Administration permissions.

Table 1. Administration application permissions
Permission	Description
Application Text	Allows users and members of user groups to view and edit locale-specific application label values. For more information, see Localizing application text.
Ascent Feed	Allows users and members of user groups to configure the import of Ascent Reg Tech data by using the Ascent job in the Scheduler.
Bulk Update All Fields	Allows users to use the Bulk Update feature on all fields in grid views. For more information, see Designing a Grid View.
Calculation	Allows users and members of user groups to create, delete, and modify calculation definitions by using > Solution Configuration > Calculations. For more information, see Configuring GRC Calculations.
Currencies	Allows users and members of user groups to administer currencies. For more information, see Modifying currency exchange rates.
Dashboards	Allows administrators to create and manage dashboards by using > Solution Configuration > Dashboards. For more information, see Home page, dashboard, and tabs
Encryption Keystore	Allows administrators to configure the encryption keystore by using > Users and Security > Encryption Keystore. For more information, see Encryption.
ExportConfiguration	Allows users to access the environment migration tool to export configuration items for import into another system. Read and write access to the Migration Documents folder is also required. For more information, see Migrating OpenPages environments.
FastMap	Allows a user to import object data and to view imports performed by other users. Import allows users to import object data and to see their import history using the FastMap Import menu item. View all history allows users to view imports performed by other users. When a user has this permission, the Created By column is added to the grid on the FastMap Import tab. For more information, see Using FastMap.
Field Groups	Allows users and members of user groups to view and manage the configuration of field groups through the > Solution Configuration > Object Types menu item and the Field Groups section.
ImportConfiguration	Allows users to access the environment migration tool to import configuration items that are exported from another system. Read and write access to the Migration Documents folder is also required. For more information, see Migrating OpenPages environments.
LDAP Server	Allows Super Administrators to configure the LDAP server for user provisioning. For more information, see LDAP and user provisioning.
Logs	Allows administrators to view and manage the application server log files by using the > Other > Logs menu item.
Notification Manager	Allows Super Administrators and users to run the Notification Manager tool. For more information, see The Notification Manager.
NPS	Allows users and members of user groups to configure the Net Promoter Score (NPS) with the > Integrations > NPS Settings menu item.
Object Profiles	Allows users and members of user groups to view and manage profiles, which include object types, through the > Solution Configuration > Profiles menu item.
Object Reset	Allows users and members of user groups to reset objects for a new reporting period. For information on governing reset behavior, see Reporting periods, object resets, and rulesets.
Object Text	Allows users and members of user groups to view and edit locale-specific object label values. For more information, see Localizing object text
Object Types	Allows users and members of user groups to view and manage object types through the > Solution Configuration > Object Types menu item. Allows users and members of user groups to view and manage solution schema visualizations, through the > Solution Configuration > Solutions menu item.
RapidRatings Feed	Allows users and members of user groups to configure and run the RapidRatings job in the Scheduler. The job imports data from RapidRatings.
RegTrack Feed	Allows users and members of user groups to configure the import of Reg-Track data through the icon on the Regulatory Compliance > Reg-Track Regulatory Events page.
Reporting Framework	Allows users and members of user groups to generate and manage the reporting framework. For more information, see Generating the reporting framework.
Reporting Framework Configuration	Allows users and members of user groups to administer and configure the reporting framework. See Configuring and generating the reporting framework.
Reporting Periods	Allows users and members of user groups to work with reporting periods through the > System Configuration > Reporting Periods menu item. For more information, see Reporting periods, object resets, and rulesets.
Reporting Schema	Allows users and members of user groups to manage the Reporting Schema. See Managing the reporting schema.
RiskLens Feed	Allows users and members of user groups to configure and run the RiskLens job in the Scheduler. The job imports data from RiskLens.
RiskRecon Feed	Allows users and members of user groups to configure and run the RiskRecon job in the Scheduler. The job imports data from RiskRecon.
Role Templates	Allows users and members of user groups to view, add, and manage roles through the > Users and Security > Role Templates menu item. .
Rules Engine	Allows users and members of user groups to view, create, and manage rules in the Rules Engine. If you are using the Thomson Reuters connector, users access the Rules Engine through the TRRI Rules Engine link on the Regulatory Compliance > TRRI Regulatory Events page. If you are using the Wolters Kluwer connector, users access the Rules Engine through the Wolters Kluwer Rules Engine link on the Regulatory Compliance > WK Regulatory Events page.
Scheduler	Allows users and members of user groups to create and manage scheduled jobs through the > Solution Configuration > Scheduler menu item.
Search	Allows users and members of user groups to manage and maintain global search operations through the > System Configuration > Global Search menu item. For more information, see Configuring the global search feature.
Security Rules	Allows users and members of user groups to manage and maintain security rules. For more information, see Security rules.
Security Scorecard Feed	Allows users and members of user groups to configure and run the SecurityScorecard job in the Scheduler. The job imports data from SecurityScorecard.
Settings	Allows users and members of user groups to view and manage settings. For more information, see Viewing the Configuration and Settings page.
Solutions	Allows users and members of user groups to use the > Solution Configuration > Solutions menu item. . Allows users and members of user groups to use the > Solution Configuration > Themes menu item.
SupplyWisdom Feed	Allows users and members of user groups to configure and run the import of Supply Wisdom data by using the SupplyWisdom job in the Scheduler.
Tagging	Allows users and members of user groups to enable and disable the Tagging feature, and create, edit, and disable tags. This permission controls whether the > Solution Configuration > Tags menu item is displayed.
Task Focused UI	Allows users and members of user groups to create and manage views in the View Designer. For more information, see Using the View Designer. This permission also controls whether the > Other > Display Debug Info menu item is displayed.
TRRI Feed	Allows users and members of user groups to configure the import of Thomson Reuters Regulatory Intelligence (TRRI) data through the icon on the Regulatory Compliance > TRRI Regulatory Events page.
Watson Assistant	Allows users and members of user groups to use the > Integrations > Watson Assistant menu item.
Watson Language Translator	Allows users and members of user groups to use the > Integrations > Watson Language Translator menu item.
Custom Machine Learning Models	Allows users and members of user groups to use the > Integrations > Custom Machine Learning Models menu item.
Watson Mapping and Taxonomy Suggestions	Allows users and members of user groups to use the > Integrations > Mapping and Taxonomy Suggestions menu item.
WK Feed	Allows users and members of user groups to configure the import of Wolters Kluwer data through the icon on the Regulatory Compliance > WK Regulatory Events page.
Workflow	Allows users and members of user groups to create workflow definitions and terminate workflow instances through the > Solution Configuration > Workflows menu item. For more information, see Configuring GRC Workflow.

IBM CommandCenter Studio permissions

This application permission allows users and members of user groups to access IBM Cognos Analytics from IBM OpenPages with Watson.

Table 2. IBM Command Center Studio permission
Permission	Description
Cognos Analytics	This application permission enables access to IBM Cognos Analytics through the Analytics link in the primary menu. Use IBM Cognos Analytics to access your Cognos software and corporate data. Depending on your access permissions, you can create, update, run, and distribute reports, dashboards, stories, and cubes, create and run agents, or schedule entries.

Audit Trail permission

The Audit Trail application permission allows users and members of user groups to view historical information about object for the selected Reporting Period.

Users can access the Activity tab in Task Views.

For more information, see Reporting period interactions and the IBM OpenPages with Watson User Guide.

Note:

When you copy objects, change histories are not copied with the object. The copy of the object has no change history because it is a new object.
When you add new fields to an object type, the OpenPages with Watson administrator might see a blank to blank change in the change history because the fields were not previously available.

Issues permission

This application permission allows users and members of user groups to view the list of Issues through the Issues menu item on the Remediation menu.

Note: This application permission is in effect only for customers who upgraded or migrated and who have not yet migrated their access controls to the role-based security model. For new, first-time installations, this permission is not honored.

Watson permissions

Watson Assistant UI: Users with this permission have access to the user interface that enables them to interact with IBM Watson® Assistant in OpenPages.
Watson Language Translator UI: Users with this permission can use IBM Watson Language Translator to view translated text in Task Views by using the icon. It also allows access to the icon from administrator tasks.

View Admin tab

Users with the View Admin tab permission can see Admin views on the Admin tab of an object instance page.

View Locks permission

Users with the View Locks permission can view the existing locks on objects. The View Locks permission does not grant the right to lock or unlock an object - for that you need either the Lock permission or the Unlock permission.