Categories

System Admin
DXM
Documents
Data

Links

System Role Types

System Roles

System Roles are powerful, high-level access roles and should be assigned only to carefully chosen individuals. Kurtosys App users who use any or all components of the Kurtosys App are set up with specific rights or entitlements appropriate to their needs and usage requirements. A Role defines these rights and permissions.

Note: these roles can only be accessed and assigned by a SuperAdmin User to other Users.

 

Accessing System Roles

Use the Settings cog to access the System Administration tools.

  1. Click on the Users tab to select a User.

  1. Click a User’s name to see the User Options menu.

  1. Click the Roles tab to see a list of the available system roles.

  1. Check the appropriate checkbox(es).
  2. Click Save. A green successful task pop up bar will be displayed across the bottom of the screen.

 

System Role

Functionality

SuperAdmin

·      Only Product Team members

·      Only available on the Kurtosys instance

·      Typically used for creating new client instances (but may not access them)

·      Can assign System Roles

·      Has all permissions excluding API

ClientAdmin

·      Typically the PowerUser role for clients – should be given to max 1 or 2 people in an organization

·      Can add & edit users

·      Has all permissions but entitlement settings will still apply if switched on

·      Specific to a client instance

APIUser

·      Read only access – used for tools that read data from the Kurtosys system

·      Cannot edit anything

·      Has an associated API token (this token is used for any API calls associated with that client instance)

APILoaderUser

·      Can bypass password expiry and 2-factor authentication

·      Used for programmatic loaders for clients’ data ETL process (clients not using Kurtosys API for data uploads)

DocumentAdmin

·      Access to all documents – overrides entitlement settings

·      Usually assigned to Client User responsible for all documents

FundAdmin

·      Access to all benchmark, class, fund manager and fund data – overrides data entitlement settings

·      Ability to view and edit data

·      Typically assigned to Client User who manages this data

InvestorAdmin

·      Access to all account data – overrides data entitlement settings

·      Add and edit account data

CacheAdmin

·      Used for Salesforce integration to manage Salesforce users

·      Track all activity

App Template Deployer

·      Access to apps and app templates only

·      Can push templates through to environments

WarpDriveCacheAdmin

·      Can purge the client’s edge cache only

KurtosysEmployee

·      For delegated SSO clients, a KurtosysEmployee user can access a client instance which uses e.g. Salesforce logins only, the KurtosysEmployee will still receive a Kurtosys App registration email to allow them to login

AppBetaTester

·      Access apps and templates which have been flagged as “beta testing” and are not available to general users

·      Typically a QA role

See also Assigning a Role to a User.