System Admin


System Role Types

System Roles

System Roles are powerful, high-level access roles and should be assigned only to carefully chosen individuals. Kurtosys App users who use any or all components of the Kurtosys App are set up with specific rights or entitlements appropriate to their needs and usage requirements. A Role defines these rights and permissions.

Note: these roles can only be accessed and assigned by a SuperAdmin User to other Users.

Accessing System Roles

Use the Settings cog to access the System Administration tools.

  1. Click on the Users tab to select a User.

  1. Click a User鈥檚 name to see the User Options聽menu.

  1. Click the Roles tab to see a list of the available system roles.

  1. Check the appropriate checkbox(es).
  2. Click Save. A green successful task pop up bar will be displayed across the bottom of the screen.

System Role



路聽聽聽聽聽 Only Product Team members

路聽聽聽聽聽 Only available on the Kurtosys instance

路聽聽聽聽聽 Typically used for creating new client instances (but may not access them)

路聽聽聽聽聽 Can assign System Roles

路聽聽聽聽聽 Has all permissions excluding API


路聽聽聽聽聽 Typically the PowerUser role for clients 鈥 should be given to max 1 or 2 people in an organization

路聽聽聽聽聽 Can add & edit users

路聽聽聽聽聽 Has all permissions but entitlement settings will still apply if switched on

路聽聽聽聽聽 Specific to a client instance


路聽聽聽聽聽 Read only access 鈥 used for tools that read data from the Kurtosys system

路聽聽聽聽聽 Cannot edit anything

路聽聽聽聽聽 Has an associated API token (this token is used for any API calls associated with that client instance)


路聽聽聽聽聽 Can bypass password expiry and 2-factor authentication

路聽聽聽聽聽 Used for programmatic loaders for clients鈥 data ETL process (clients not using Kurtosys API for data uploads)


路聽聽聽聽聽 Access to all documents 鈥 overrides entitlement settings

路聽聽聽聽聽 Usually assigned to Client User responsible for all documents


路聽聽聽聽聽 Access to all benchmark, class, fund manager and fund data 鈥 overrides data entitlement settings

路聽聽聽聽聽 Ability to view and edit data

路聽聽聽聽聽 Typically assigned to Client User who manages this data


路聽聽聽聽聽 Access to all account data 鈥 overrides data entitlement settings

路聽聽聽聽聽 Add and edit account data


路聽聽聽聽聽 Used for Salesforce integration to manage Salesforce users

路聽聽聽聽聽 Track all activity

App Template Deployer

路聽聽聽聽聽 Access to apps and app templates only

路聽聽聽聽聽 Can push templates through to environments


路聽聽聽聽聽 Can purge the client鈥檚 edge cache only


路聽聽聽聽聽 For delegated SSO clients, a KurtosysEmployee user can access a client instance which uses e.g. Salesforce logins only, the KurtosysEmployee will still receive a Kurtosys App registration email to allow them to login


路聽聽聽聽聽 Access apps and templates which have been flagged as 鈥渂eta testing鈥 and are not available to general users

路聽聽聽聽聽 Typically a QA role

See also Assigning a Role to a User.