Skip to main content



Security Permissions

A permission grants access to a particular type of functionality that can be performed in irCatalog. There are 13 available permissions, which cannot be customized or modified.

Several of the permissions make reference to "defs", short for definitions, which are the different types of components that makes up a rule application. Examples of defs are entities, fields, collections, calculations, rule sets, rule flows, rules, inline tables and value list, SQL queries, endpoints, schemas, vocabulary templates, UDFs, etc.

Here is the list of all permissions and a brief description of each one:

Permission NameTasks requiring the permission
AdministerDefsadminister security permissions repair Catalog upgrade rule application
FileSystemDefsAccessnot currently used (N/A)
InsertDefsinsert def add new element to a rule application create new rule application promote rule application from one Catalog to another overwrite rule application (create new revision for existing Rule Application)
LabelDefsset labels for rule application create label rename label apply label remove label
ManageUsersAndRolesmanage users, roles and groups add user, role or group modify user, role or group (includes deactivating and activating users and groups) delete user, role or group
MarkDefsInactivedeactivate rule application deprecate shared def
ModifyDefsmodify def modify element of a rule application update category add category deactivate rule application check out def
ModifyDefSchemasconvert Entity field to a Field, Calculation or Collection check out def
ModifySharedElementsmodify shared element 2 share def unshare def check in shared def check out shared def
OpenDefsopen (read) def checkout def
RemoveDefsremove def delete rule application repair Catalog (only if the repair requires deleting a revision)
UndoAnyDefCheckoutundo another user's checkout 1 repair Catalog (only if the repair requires undoing a checkout)
-delete rule application 3
UseEngineServicenot currently used (N/A)

1 - The following can be checked out: rule application, rule sets, data folder elements, end points, Schemas, and categories.

2 - The following can be shared: Schema (Entities and Fields), rule sets, data elements, end points, and categories.

3 - Only required if the rule application is checked out by another user or saved to another user's workspace.

Example Tasks and permissions needed:

  • Add Category – requires InsertDefs and ModifyDefs
  • Checkout – requires OpenDefs, ModifyDefs and ModifyDefSchemas (If the def is shared, also need ModifySharedElements)
  • Delete a rule application – requires UndoAnyDefCheckout and RemoveDefs