Work Item permission matrix
For regular users in TrendMiner, the work item permission level (Owner, Manage, Write, or Read) determines which actions are available on an item. The Owner has the most access, followed by users with Manage permission, then Write, and finally those with Read permission, which provides the most limited access. Each permission level builds upon the previous one, adding additional capabilities in a clear and predictable way.
One exception to this rule is the system administrator. Because of their elevated application role, a system administrator can perform additional actions that go beyond the standard item-level permissions.
READ > WRITE > MANAGE > OWNER
Permission levels
Permission | Description | Key capabilities |
|---|---|---|
READ | View-and-use only access | Open items, limited Save As (only in home folder or folder with MANAGE permission) |
WRITE | Content contributor | Open and update existing items; cannot create items/folders, move, delete, or share; Save As only in home or MANAGE folder |
MANAGE | Full workspace management | Create/move/rename/delete/share items and folders; update content |
OWNER | Full workspace management + ownership transfer | Full control including ownership transfer and execute monitors |
Manage permission
Granting Manage permission to a subject provides extensive control over the shared item or folder. Users with this permission can perform key management actions such as deleting items or folders, including the shared resource itself, and can also share the item or folder with others.
Carefully consider who should receive Manage permission, as it effectively grants broad administrative access.
Monitors
It’s also important to note that only the owner of a folder can execute a monitor. Users with any other permission level cannot run a monitor directly. If such a user wants to execute a monitor, they must first make a copy of the work item into their own home folder, and then use that copy to create and run their own monitor.
Permission matrix
Work Item Permission | |||||
Owner | Manage | Write | Read | ||
Actions | Open, Read item | x | x | x | x |
Save, Update item | x | x | x | ||
Save As (create copy) item | x | x | x* | x* | |
Rename item/folder | x | x | |||
Delete item/folder | x | x | |||
Transfer ownership | x | ||||
Share (Assign Permissions) | x | x | |||
Browse, Search & Filter | x | x | x | x | |
Create new item | x | x | |||
Create subfolder | x | x | |||
Move item/folder | x | x** | |||
Execute monitors | x*** | ||||
* WRITE and READ can only Save As in own home folder or folder with MANAGE permission
** Items and folders can be moved inside the parent folder shared with MANAGE permission
*** Only Owner can execute monitors from saved items
ConfigHub - Work Organizer
As a system administrator, you have control over most folder actions in the ConfigHub work organizer. Additionally, you can perform extra administrative tasks to manage home folders, such as transferring items and deleting the home folder.
Warning
Notebooks can be shared with other users in the Work organizer. Without “Save-As” functionality, only the original author of notebook can make changes to the shared notebook.
Warning
For security reasons, custom calculations can only be shared with READ permission.
Custom calculations run with the owner’s permission and have access to the owner’s access token. Allowing Write permission could let others modify the calculation to misuse these credentials. With this restriction, other users can execute a shared custom calculation and view its results, but they cannot modify it.