System Roles are powerful, high-level access roles and should be assigned only to carefully chosen individuals. Kurtosys App users who use any or all components of the Kurtosys App are set up with specific rights or entitlements appropriate to their needs and usage requirements. A Role defines these rights and permissions.
Note: these roles can only be accessed and assigned by a SuperAdmin User to other Users.
Accessing System Roles
Use the Settings cog to access the System Administration tools.
- Click on the Users tab to select a User.
- Click a User’s name to see the User Options menu.
- Click the Roles tab to see a list of the available system roles.
- Check the appropriate checkbox(es).
- Click Save. A green successful task pop up bar will be displayed across the bottom of the screen.
· Only Product Team members
· Only available on the Kurtosys instance
· Typically used for creating new client instances (but may not access them)
· Can assign System Roles
· Has all permissions excluding API
· Typically the PowerUser role for clients – should be given to max 1 or 2 people in an organization
· Can add & edit users
· Has all permissions but entitlement settings will still apply if switched on
· Specific to a client instance
· Read only access – used for tools that read data from the Kurtosys system
· Cannot edit anything
· Has an associated API token (this token is used for any API calls associated with that client instance)
· Can bypass password expiry and 2-factor authentication
· Used for programmatic loaders for clients’ data ETL process (clients not using Kurtosys API for data uploads)
· Access to all documents – overrides entitlement settings
· Usually assigned to Client User responsible for all documents
· Access to all benchmark, class, fund manager and fund data – overrides data entitlement settings
· Ability to view and edit data
· Typically assigned to Client User who manages this data
· Access to all account data – overrides data entitlement settings
· Add and edit account data
· Used for Salesforce integration to manage Salesforce users
· Track all activity
App Template Deployer
· Access to apps and app templates only
· Can push templates through to environments
· Can purge the client’s edge cache only
· For delegated SSO clients, a KurtosysEmployee user can access a client instance which uses e.g. Salesforce logins only, the KurtosysEmployee will still receive a Kurtosys App registration email to allow them to login
· Access apps and templates which have been flagged as “beta testing” and are not available to general users
· Typically a QA role
See also Assigning a Role to a User.