Skip to main content
Skip table of contents

Creating and Managing Roles

Roles allow you to finely control access to the Lucidum system. A role is a set of permissions for tasks in Lucidum. Optionally, roles can also control access to data sources.

Lucidum includes default roles.

You can also create custom roles to meet your needs.

Default Roles

Lucidum includes default roles. You can use these roles and edit them to your specifications.

  • Admin. This role allows access to all permissions in Lucidum and is appropriate for the users who administer Lucidum.

  • Api_Users. This role is allows access to the Lucidum API.

  • IT Operations. This role is for IT and security operations staff.

  • Lucidum_Support (Lucidum internal role only). This is a role assigned to Lucidum support staff, to maintain customer systems.

The following sections describe the permissions assigned to each default role.

IT Operations

This role is for IT and security operations staff.

Name

Description

PermissionManage

Read/Write access to assign permissions to roles

RoleManage

Read/Write access to the Role Management page

UserManage

Read/Write access to the User Management page (users can only change their own user settings)

Read System Usage

Deprecated

Read System Log

Deprecated

Read License

Read access to the License page

Start Runner

Deprecated

Stop Runner

Deprecated

Read DataQC

Deprecated

Read Action

Read access to the Action page

Write Actions

Read/Write access to the Action page (user can add or change action)

Read Chart

Read access to the Home page

Query Builder

Access to the Query page (user can manage saved queries)

Search

Access to the Query page (user can submit and run queries)

Front_Dashboard

Can access the Dashboard page and dashboards

Front_Home

Can access the Home page

Front_DataMapping

Deprecated

Front_Dataqc

Deprecated

Front_PythonRunner

Deprecated

Front_License

Can an access Settings > License page and the Settings > Query Run History page.

Front_SystemStats

Deprecated

Front_Settings

Can access the sub-menus under the Settings menu.

Front_Usermanagement

Can access Settings > User Management and Settings > User Roles

Front_SystemSetting

Can access Settings > Data Settings, Settings > Query Settings, and Settings > Tunnel Proxy Settings

Front_FieldDisplay

Deprecated

Front_Connection

Deprecated

Admin

This role allows access to all permissions in Lucidum and is appropriate for the users who administer Lucidum.

Name

Description

PermissionManage

Read/Write access to assign permissions to roles

RoleManage

Read/Write access to the Role Management page

UserManage

Read/Write access to the User Management page (users can only change their own user settings)

Read System Usage

Deprecated

Read System Log

Deprecated

Read License

Read access to the License page

Start Runner

Deprecated

Stop Runner

Deprecated

Read DataQC

Deprecated

Read DataMapping

Deprecated

Write DataMapping

Deprecated

Read Action

Read access to the Action page

Write Actions

Read/Write access to the Action page (user can add or change action)

Customized Query

Deprecated

Read Chart

Read access to the Home page

Query Builder

Access to the Query page (user can manage saved queries)

Search

Access to the Query page (user can submit and run queries)

Modify License

Write access to the License page (user can upload and modify license)

Front_Dashboard

Can access the Dashboard page and dashboards

Front_Home

Can access the Home page

Front_DataMapping

Deprecated

Front_Dataqc

Deprecated

Front_PythonRunner

Deprecated

Front_License

Can access Settings > License page and the Settings > Query Run History page.

Front_CustomizedQuery

Deprecated

Front_SystemStats

Deprecated

Front_Settings

Can access the sub-menus under the Settings menu.

Front_Usermanagement

Can access Settings > User Management and Settings > User Roles

API_Operator

Access to the Lucidum API

Front_SystemSetting

Can access Settings > Data Settings, Settings > Query Settings, and Settings > Tunnel Proxy Settings

Schedule

Read/Write access to the query scheduling

Front_FieldDisplay

Deprecated

Front_Connection

Deprecated

TeamChannelAdmin

Create and manage the Team channel for Dashboards

Api_Users

This role allows access to the Lucidum API.

Name

Description

API_Operator

Access to the Lucidum API

Lucidum_Support (Lucidum internal role only)

This is a role assigned to Lucidum support staff, to maintain customer systems.

Name

Description

RoleManage

Read/Write access to the Settings > User Rolespage

UserManage

Read/Write access to the Settings > User Management page (users can only change their own user settings)

Read System Usage

Deprecated

Read System Log

Deprecated

Read License

Read access to the License page

Start Runner

Deprecated

Stop Runner

Deprecated

Read DataQC

Deprecated

Read Action

Read access to the Action page

Write Actions

Read/Write access to the Action page (user can add or change action)

Customized Query

Deprecated

Read Chart

Read access to the Home page

Query Builder

Access to the Query page (user can manage saved queries)

Search

Access to the Query page (user can submit and run queries)

Front_Dashboard

Can access the Dashboard page and dashboards

Front_Home

Can access the Home page

Front_DataMapping

Deprecated

Front_Dataqc

Deprecated

Front_PythonRunner

Deprecated

Front_License

Can access Settings > License page and the Settings > Query Run History page.

Front_CustomizedQuery

Deprecated

Front_SystemStats

Deprecated

Front_Settings

Can access the sub-menus under the Settings menu.

Front_Usermanagement

Can access Settings > User Management and Settings > User Roles

Front_SystemSetting

Can access Settings > Data Settings, Settings > Query Settings, and Settings > Tunnel Proxy Settings

Schedule

Deprecated

Front_FieldDisplay

Deprecated

Front_Connection

Deprecated

Viewing Roles

To view the list of existing roles:

  1. Navigate to Settings > User Roles.

  2. The User Roles page appears:

    user_roles_page_updated.png

Creating a Custom Role

To create a custom role:

  1. Navigate to Settings > User Roles.

  2. In the User Roles page, click the plus-sign (+) in the upper right corner.

  3. The Add Role page appears.

  4. In the Add Role modal page, enter the following:

    • Role Name. Enter a name for the custom role.

    • Permissions. Assign permissions to the custom role.

      • To assign a permission, click on its checkbox in the Available list and click the > arrow to move the permission to the Selected list.

      • To remove a permission, click on its checkbox in the Selected list and click the < arrow to more the permission to the Available list.

    • Data Sources. You can limit the data sources that a role can access.

      • If you do not select a data source, the role can access all data from all data sources, as defined by permissions.

      • To assign a data source to a role, click on its checkbox in the Available list and click the > arrow to move the permission to the Selected list.

      • To remove a data source from a role, click on its checkbox in the Selected list and click the < arrow to more the permission to the Available list.

  5. Click Add to save the new role.

Editing a Role

You cannot edit the name of an existing role. But you can edit the permissions and the data sources associated with an existing role.

  1. Navigate to Settings > User Roles.

  2. In the User Roles page, find the role you want to edit. Click its edit (pencil) icon..

  3. The Edit Role page appears.

  4. In the Edit Role modal page, you can edit one or more of the following:

    • Role Name. Enter a name for the custom role.

    • Permissions. Assign permissions to the custom role.

      • To assign a permission, click on its checkbox in the Available list and click the > arrow to move the permission to the Selected list.

      • To remove a permission, click on its checkbox in the Selected list and click the < arrow to more the permission to the Available list.

    • Data Sources. You can limit the data sources that a role can access.

      • If you do not select a data source, the role can access all data from all data sources, as defined by permissions.

      • To assign a data source to a role, click on its checkbox in the Available list and click the > arrow to move the permission to the Selected list.

      • To remove a data source from a role, click on its checkbox in the Selected list and click the < arrow to more the permission to the Available list.

  5. Click Save to save changes to the role.

Deleting a Role

To delete a role:

  1. Navigate to Settings > User Roles.

  2. In the User Roles page, find the role you want to delete.

    user_roles_page_delete_updated.png
  3. Click its delete (trash can) icon.

All Permissions

The following table describes all the permissions you can assign to a role.

Name

Description

PermissionManage

Read/Write access to assign permissions to roles

RoleManage

Read/Write access to Settings > User Roles

UserManage

Read/Write access to the Settings > User Management (users can only change their own user settings)

Read System Usage

Deprecated

Read System Log

Deprecated

Read System Setting

Deprecated

Write System Setting

Deprecated

Read License

Read access to the License page

Start Runner

Deprecated

Stop Runner

Deprecated

Read DataQC

Deprecated

Read DataMapping

Deprecated

Write DataMapping

Deprecated

Read Action

Read access to the Action page

Write Actions

Read/Write access to the Action page (user can add or change action)

Customized Query

Read/Write Access to the Lucidum support page for updating the UI back-end queries (not for normal users)

Read Chart

Read access to the Home page

Query Builder

Access to the Query page (user can manage saved queries)

Search

Access to the Query page (user can submit and run queries)

Modify License

Write access to the License page (user can upload and modify license)

Front_Dashboard

Can access the Dashboard page and dashboards

Front_Home

Can access the Home page

Front_DataMapping

Deprecated

Front_Dataqc

Deprecated

Front_PythonRunner

Deprecated

Front_License

Can access Settings > License page and the Settings > Query Run History page.

Front_CustomizedQuery

DeprecatedQuery

Front_SystemStats

Deprecated

Front_Settings

Can access the sub-menus under the Settings menu.

Front_Usermanagement

Can access Settings > User Management and Settings > User Roles

API_Operator

Access to the Lucidum API

Front_SystemSetting

Can access Settings > Data Settings, Settings > Query Settings, and Settings > Tunnel Proxy Settings

Schedule

Read/Write access to the query scheduling

Front_FieldDisplay

Deprecated

Front_Connection

Deprecated

TeamChannelAdmin

Create and manage the Team channel for Dashboards

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.