Managing Permissions for the Users
A permission defines the specific actions a user can perform within the system. Permissions control access to various features and functionalities, determining what users can view, edit, create, or delete. Each user is assigned a set of permissions based on their role and responsibilities. These permissions are configured during user creation and are assigned based on the user type (Organization Owner, Admin, or Standard User). These can be modified as needed. Examples of permissions include Viewing user profiles, Editing user details, Managing permission for users etc.
Permission Sets
A permission set is a collection of access rights that defines what actions a user can perform within each modules such as Loyalty, Campaign, User Management etc.. Permission sets can be either standard (pre-defined) or custom (user-defined).
Types of Permission Sets
Standard Permission Sets
Standard permission sets are predefined in the system, designed with common module-related permissions in mind, and are available across all organisations. Users cannot delete or modify these sets. Any changes, such as introducing new permissions, can only be made by the Capillary technical team. For information on the list of standard permission sets available, refer to the documentation here.
Custom Permission Sets
Custom permission sets can be created by Org Owners, combining permissions from different modules to meet specific organizational needs. These custom sets are only available within the organization where they are created.
Org Owners have full control over custom permission sets, including the ability to update, delete, and modify them. The number of custom permission sets you can create is limited to 20, but you can raise a JIRA request with the platform UI team and increase it based on the request. For more information on the custom permission set, refer to the detailed documentation here.
Viewing Permission Sets
You can navigate to User Management > Permission sets and view the available permission sets.
Assigning Permission Set to Users
Permission sets can be assigned to both Admin and Standard users to grant them the necessary access rights. The process of assigning permission sets varies depending on the user type.
- Organization Owner Users
Organization Owners have access to all permission sets by default, as they have the highest level of privileges in the system. - Admin and Standard Users
For Admin and Standard users, permission sets can be assigned during the following scenarios:- User Creation
When adding a new Admin or Standard user, you can select the relevant permission set(s) to be applied.
The selected permission set(s) will define the user's access privileges. - User Update
For existing Admin and Standard users, you can modify the assigned permission set(s) as needed.
- User Creation
Custom Permission Sets
Creating a Custom Permission Set
To create permission sets, perform the following:
- Click Create permission set.
- Enter the Permission set name and Description for the permission set.
- Select Start from scratch and click Next.
- Select the relevant modules and assign the permissions.
- Click Done. The new permission sets are created.
Editing a Custom Permission Set
To edit a permission set,
- From the list of Permission sets, click the kebab menu (⋮) of the permission set you want to edit and select Edit.
- Make the changes as required and click Save Changes.
Deleting a Custom Permission Set
To delete a permission set, from the list of Permission sets, click the kebab menu (⋮) of the permission set you want to delete and select Delete. You can only delete a custom permission set.
List of Standard Permission Set
The following standard permission sets are available and are designed to align with common user roles and responsibilities within the organisation. The permissions that do not have a tick mark are the actions that are not available in the permissions.
| Category | Permission Set | Description |
|---|---|---|
| Member Care | Customer/PII Deletion | Perform customer/PII deletion-related activities in Member Care. |
| MemberCare Authorise | Authorise specific Member Care operations. | |
| MemberCare Create | Create Member Care entities. | |
| MemberCare Activate | Activate Member Care entities. | |
| MemberCare Goodwill Explore | Explore goodwill options within Member Care. | |
| MemberCare Explore | General exploration within Member Care. | |
| Vulcan Permissions | Vulcan Super Admin | Includes Vulcan Admin permissions plus cluster config, app deletion, and Member Care Vulcan override control. |
| Vulcan Admin | Includes Vulcan Developer permissions plus app creation/editing, build promotion, and build enable/disable. | |
| Vulcan Developer | Includes Vulcan Viewer permissions plus app build uploads and build enable/disable on UAT. | |
| Vulcan Viewer | Read-only access to Vulcan apps on the platform. | |
| Extension Permissions | Extension Org Viewer | Read-only access to extensions. |
| Extension Org Admin | Manage extension configs and enable/disable extension options for organisations. | |
| Extension Admin | Allow creation and updates of extensions. | |
| Neo Permissions | Neo Admin | Includes Neo Editor permissions plus approve/reject data flows, update names/tags, and publish versions live. |
| Neo Editor | Includes Neo Viewer permissions plus non-critical POST requests like saving a data flow. | |
| Neo Viewer | View rule listings, rule versions, and the data flow canvas. Supports only GET requests. | |
| Data Management | Data Import | Handle data import processes. |
| Finance | Finance Manager | Manage finance-related activities. |
| Insights+ | Insights+ Export/Segments/Settings | Export data, manage segments, and configure settings in Insights+. |
| Insights+ Reports | Access reports within Insights+. | |
| Engage+ | Engage+ Authorize | Authorise Engage+ actions. |
| Engage+ Activate | Activate Engage+ campaigns. | |
| Engage+ Explore | Explore Engage+ functionalities. | |
| Program Management | Program Manager | Oversee program management tasks. |
| Promotion Manager | Handle promotions within the system. | |
| Loyalty+ | Loyalty+ Explore | Explore functionalities within Loyalty+. |
Member Care Customer/PII Deletion
This permission set suits those who approve/view/reject customer/PII deletion-related activities in Member Care.
| Module | Sub-Module | Create | Approval | View |
|---|---|---|---|---|
| Member Care | Customer PII | ✔ | ✔ | ✔ |
Vulcan Super Admin
The Vulcan Super Admin access group is designed for users who require the highest level of administrative privileges within the Vulcan system. Users with Super Admin access can delete applications, set up, modify, and delete cluster CF configurations, and override Member Care UI.
| Module | Sub-Module | Create | View | Edit | Delete |
|---|---|---|---|---|---|
| Insights+ | Reports | ✔ | |||
| Segments | ✔ | ||||
| Export | ✔ | ||||
| Settings | ✔ | ||||
| OTHER_PERMISSIONS | Application Listing Page | ✔ | |||
| App ID Creation | ✔ | ||||
| Prefix Validation | ✔ | ||||
| i18n Config Validation | ✔ | ||||
| Application Creation | ✔ | ||||
| Application Details | ✔ | ||||
| Edit Application | ✔ | ||||
| Get Deployments by App ID | ✔ | ||||
| Create Deployment by App ID | ✔ | ||||
| Enable Deployment in UAT | ✔ | ||||
| Enable Deployment in Prod | ✔ | ||||
| Get Deployment Details | ✔ | ||||
| Update Deployment | ✔ | ||||
| Update Cluster Config | ✔ | ||||
| Delete Cluster Config | ✔ | ||||
| Delete Application | ✔ | ||||
| Upsert OAuth Clients | ✔ |
Vulcan Admin
This access level is for administrators managing the overall application. Users with Admin access can create new applications, enable or disable User Acceptance Testing (UAT) mode, enable or disable production (PROD) mode, and delete applications.
| Module | Sub-Module | Create | Edit | View | Delete |
|---|---|---|---|---|---|
| Insights+ | Reports | ✔ | |||
| Segments | ✔ | ||||
| Export | ✔ | ||||
| Settings | ✔ | ||||
| Other | View application listing page | ✔ | |||
| Create app_id for applications | ✔ | ||||
| Validate prefix | ✔ | ||||
| Validate i18n config | ✔ | ||||
| Create application | ✔ | ||||
| Get application details by appId | ✔ | ||||
| Edit application | ✔ | ||||
| Get deployments by appId | ✔ | ||||
| Create deployment by appId | ✔ | ||||
| Enable deployment in UAT | ✔ | ||||
| Enable deployment in Prod | ✔ | ||||
| Get deployment details by ID | ✔ | ||||
| Update deployment | ✔ | ||||
| Update cluster config | ✔ | ||||
| Delete cluster config | ✔ | ||||
| Delete application | ✔ | ||||
| Upsert OAuth clients on Vulcan | ✔ |
Vulcan Developer
This access level is for developers actively working on application development and testing. Users with this access can upload new builds to the platform and enable or disable User Acceptance Testing (UAT) mode.
| Module | Sub-Module | Create | View | Edit | Delete |
|---|---|---|---|---|---|
| Insights+ | Reports | ✔ | |||
| Segments | ✔ | ||||
| Export | ✔ | ||||
| Settings | ✔ | ||||
| Other | Access to view application listing page | ✔ | |||
| Access to get application details by appId | ✔ | ||||
| Access to get deployments by appId | ✔ | ||||
| Access to create deployment by appId | ✔ | ||||
| Access to enable deployment in UAT environment | ✔ | ||||
| Access to get deployment details by deploymentId | ✔ |
Vulcan Viewer
This access level is for users to view the application without making any changes.
| Module | Sub-Module | View |
|---|---|---|
| Insights+ | Reports | ✔ |
| Segments | ✔ | |
| Export | ✔ | |
| Settings | ✔ | |
| Other | Access to view application listing page | ✔ |
| Access to get application details by appId | ✔ | |
| Access to get deployments by appId | ✔ | |
| Access to get deployment details by deploymentId | ✔ |
Extension Org Viewer
This access group applies to an individual who wants to view the extensions available for the org.
| Module | Sub-Module | View | Edit | Create | Delete |
|---|---|---|---|---|---|
| Member Care | Customer profile | ✔ | ✔ | ✔ | ✔ |
| Customer goodwill | ✔ | ||||
| Customer group | ✔ | ||||
| Other | Access to delete customer cache | ✔ | |||
| Access for edit sessions | ✔ | ||||
| Access for create sessions | ✔ | ||||
| Access for sessions record create | ✔ | ||||
| Access for sessions end create | ✔ |
Extension Org Admin
This access group applies to an individual who manages extension configs and enable/disable extension options for orgs.
| Module | Sub-Module | View | Edit | Create | Delete |
|---|---|---|---|---|---|
| Member Care | Customer | ||||
| Customer profile | ✔ | ✔ | ✔ | ✔ | |
| Customer goodwill | ✔ | ||||
| Customer group | ✔ | ||||
| Other | Settings view and update permission | ✔ | ✔ | ||
| Access to delete customer cache | ✔ | ||||
| Access for edit sessions | ✔ | ||||
| Access for create sessions | ✔ | ||||
| Access for sessions record create | ✔ | ||||
| Access for sessions end create | ✔ |
Extension Admin
This access group is applicable for users who create and update extensions.
| Module | Sub-Module | View | Edit | Create | Delete |
|---|---|---|---|---|---|
| Member Care | Customer profile | ✔ | ✔ | ✔ | ✔ |
| Customer goodwill | ✔ | ||||
| Customer group | ✔ | ||||
| Other | Access to delete customer cache | ✔ | |||
| Access for edit sessions | ✔ | ||||
| Access for create sessions | ✔ | ||||
| Access for sessions record create | ✔ | ||||
| Access for sessions end create | ✔ |
Neo Admin
This access group is applicable for users who approve/reject data flows, update names/tags, and publish data flow versions.
| Module | Sub-Module | View | Create |
|---|---|---|---|
| Other | OTHER_PERMISSIONS | ||
| Ext Neo rule list view | ✔ | ||
| Ext Neo rule ver list view | ✔ | ||
| Ext Neo rule action | ✔ | ||
| Ext Neo get rule ver | ✔ | ||
| Ext Neo get rule details | ✔ | ||
| Ext Neo get rule meta blocks | ✔ | ||
| Ext Neo add rule meta block | ✔ | ||
| Ext Neo edit rule meta block | ✔ | ||
| Ext Neo create rule | ✔ | ||
| Ext Neo save rule | ✔ | ||
| Ext Neo send for app | ✔ | ||
| Ext Neo edit rule | ✔ | ||
| Ext Neo approve rule | ✔ | ||
| Ext Neo restore rule | ✔ | ||
| Ext Neo reject rule | ✔ | ||
| Ext Neo rule codeview | ✔ | ||
| Ext Neo rule tags | ✔ |
Neo Editor
This access group is applicable for users who perform certain non-critical actions on Neo such as saving a data flow.
| Module | Sub-Module | View | Create |
|---|---|---|---|
| Other | OTHER_PERMISSIONS | ||
| Ext Neo rule list view | ✔ | ||
| Ext Neo rule ver list view | ✔ | ||
| Ext Neo get rule ver | ✔ | ||
| Ext Neo get rule details | ✔ | ||
| Ext Neo get rule meta blocks | ✔ | ||
| Ext Neo add rule meta block | ✔ | ||
| Ext Neo edit rule meta block | ✔ | ||
| Ext Neo create rule | ✔ | ||
| Ext Neo save rule | ✔ | ||
| Ext Neo send for app | ✔ | ||
| Ext Neo edit rule | ✔ | ||
| Ext Neo restore rule | ✔ | ||
| Ext Neo rule codeview | ✔ | ||
| Ext Neo rule tags | ✔ |
Neo Viewer
This access group is applicable for users who want to view Neo configuration/workflow.
| Module | Sub-Module | View | Create |
|---|---|---|---|
| Other | Ext Neo rule list view | ✔ | |
| Ext Neo rule ver list view | ✔ | ||
| Ext Neo get rule ver | ✔ | ||
| Ext Neo get rule details | ✔ | ||
| Ext Neo get rule meta blocks | ✔ | ||
| Ext Neo rule codeview | ✔ | ||
| Ext Neo rule tags | ✔ |
Data Import
This permission set is suitable for the Data Import team.
| Module | Sub Module | View | Approval |
|---|---|---|---|
| Engage+ | |||
| Campaign | Workflow | ✔ | |
| Insights+ | Reports | ✔ | |
| Segments | ✔ | ||
| Export | ✔ | ||
| Settings | ✔ |
Finance Manager
This permission set is suitable for the Finance team.
| Module | Sub Module | View | Create | Approval |
|---|---|---|---|---|
| Member Care | ||||
| Customer | Customer Retro Transaction | ✔ | ✔ | |
| Engage+ | ||||
| Campaign | Workflow | ✔ | ✔ | |
| Incentive | ✔ | |||
| Audience | ✔ | |||
| Report | ✔ | |||
| Crative | ✔ | |||
| Insights+ | ||||
| Reports | ✔ | ✔ |
MemberCare Authorise
This permission set is suitable for the users who approve or reject requests on MemberCare.
| Module | Sub-Module | Approval |
|---|---|---|
| Member Care | ||
| Customer | Customer PII | ✔ |
| Customer Retro Transaction | ✔ | |
| Requests | Requests Goodwill Points | ✔ |
| Requests Goodwill Coupons | ✔ | |
| Requests ID Change | ✔ | |
| Requests Transaction | ✔ | |
| Group | Group Goodwill | ✔ |
MemberCare Create
This permission set is suitable for users who perform create and edit actions on MemberCare. For example, creation of a request.
| Module | Sub-Module | View | Create | Edit | Approval |
|---|---|---|---|---|---|
| Member Care | Customer | ✔ | |||
| Customer Profile | ✔ | ✔ | |||
| Customer PII | ✔ | ✔ | |||
| Customer Retro Transaction | ✔ | ✔ | |||
| Customer Cards | ✔ | ✔ | |||
| Requests | ✔ | ||||
| Requests Goodwill Points | ✔ | ✔ | |||
| Requests Goodwill Coupons | ✔ | ✔ | |||
| Requests ID Change | ✔ | ✔ | ✔ | ||
| Requests Transaction | ✔ | ✔ | |||
| Group | ✔ | ||||
| Group Goodwill | ✔ | ✔ | |||
| Insights+ | Reports | ✔ | ✔ |
MemberCare Activate
This permission allows users to view Goodwill requests and edit customer profiles.
| Module | Sub-Module | View | Create | Edit |
|---|---|---|---|---|
| Member Care | ||||
| Customer | Customer Profile | ✔ | ✔ | |
| Requests | Requests Goodwill Coupons | ✔ |
MemberCare Goodwill Explore
This permission allows users to view Goodwill requests including the Group goodwill requests.
| Module | Sub-Module | View |
|---|---|---|
| Member Care | ||
| Requests | Requests Goodwill Points | ✔ |
| Requests Goodwill Coupons | ✔ | |
| Group Goodwill | ✔ |
MemberCare Explore
This permission allows users to view customer details on MemberCare except for the requests.
| Name | Module | View | Create | Edit | Delete |
|---|---|---|---|---|---|
| Member Care | |||||
| Customer | Customer profile | ✔ | ✔ | ✔ | ✔ |
| Customer PII | ✔ | ||||
| Customer Retro Transaction | ✔ | ||||
| Requests | Requests ID Change | ✔ | |||
| Requests ID Reallocation/Merge | ✔ | ||||
| Requests Transaction | ✔ | ||||
| Insights+ | Reports | ✔ |
Insights+ Export/Segments/Settings
This permission allows users to view Insights+ settings, reports, segments and export details.
| Module | Sub-Module | View |
|---|---|---|
| Insights+ | ✔ | |
| Reports | ✔ | |
| Segments | ✔ | |
| Export | ✔ | |
| Settings | ✔ |
Insights+ Reports
This permission allows users to view, edit and create reports on Insights+.
| Module | Sub-Module | Permissions | View | Create |
|---|---|---|---|---|
| Member Care | ||||
| Customer | Customer Retro Transaction | ✔ | ✔ | |
| Engage+ | ||||
| Campaign | Workflow | ✔ | ||
| Incentive | ✔ | |||
| Audience | ✔ | |||
| Creatives | ✔ | |||
| Insights+ | Reports | ✔ | ✔ | |
| Segments | ✔ | |||
| Export | ✔ | |||
| Settings | ✔ |
Engage+ Authorize
This permission allows users to create and approve a campaign on Engage+. The user will be also able to create and approve Incentives and messages.
| Module | Sub-Module | View | Create | Edit | Approval |
|---|---|---|---|---|---|
| Engage+ | |||||
| Campaign | Workflow | ✔ | ✔ | ✔ | |
| Messages | ✔ | ✔ | |||
| Incentive | ✔ | ✔ | ✔ | ||
| Audience | ✔ | ||||
| Report | ✔ | ||||
| Creatives | ✔ | ||||
| Config | ✔ | ||||
| Insights+ | Reports | ✔ |
Engage+ Activate
This permission set has permissions required to create and approve a workflow on Engage+. In addition, the user can also configuremessages and incentives.
| Module | Sub-Module | View | Create | Edit | Approval |
|---|---|---|---|---|---|
| Engage+ | |||||
| Campaign | Workflow | ✔ | ✔ | ✔ | |
| Messages | ✔ | ||||
| Incentive | ✔ | ✔ | |||
| Audience | ✔ | ||||
| Report | ✔ | ||||
| Creatives | ✔ | ||||
| Config | ✔ | ||||
| Insights+ | Reports | ✔ |
Engage+ Explore
This permission set allows the user to view various Engage+ workflows
| Module | Sub-Module | View | Approval |
|---|---|---|---|
| Engage+ | |||
| Campaign | Workflow | ✔ | ✔ |
| Incentive | ✔ | ||
| Audience | ✔ | ||
| Report | ✔ | ||
| Creatives | ✔ | ||
| Insights+ | Reports | ✔ |
Program Manager
This permission set enables a user to create a loyalty program.
| Module | Sub-Module | View | Create |
|---|---|---|---|
| Loyalty+ | Program | ✔ |
Promotion Manager
This permission set enables a user to create a loyalty promation.
| Module | Sub-Module | View | Create |
|---|---|---|---|
| Loyalty+ | Promotion | ✔ |
Loyalty+ Explore
This permission set enables users to view the Loyalty+ modules.
| Module | Sub-Module | Permissions | View |
|---|---|---|---|
| Loyalty+ | Basic | ✔ |
List of Configurable Permissions
The tables below provide information on the permissions that you can configure for each module when creating a custom permission set. The permissions that do not have a tick mark are the actions that are not available in the permissions.
Campaign Permissions
| Modules | Sub Modules | View | Create | Edit | Approval |
|---|---|---|---|---|---|
| Campaign | ✔ | ✔ | ✔ | ✔ | |
| Workflow | ✔ | ✔ | ✔ | ||
| Messages | ✔ | ✔ | |||
| Incentive | ✔ | ✔ | ✔ | ||
| Audience | ✔ | ||||
| Report | ✔ | ||||
| Creatives | ✔ | ||||
| Config | ✔ | ||||
| Journeys |
Loyalty+ Permissions
| Modules | View | Create |
|---|---|---|
| Basic | ✔ | |
| Program | ✔ | |
| Promotion | ✔ |
Member Care Permissions
| Modules | Sub Modules | View | Create | Edit | Delete | Approval |
|---|---|---|---|---|---|---|
| Customer | ✔ | ✔ | ✔ | ✔ | ✔ | |
| Customer Profile | ✔ | ✔ | ✔ | ✔ | ||
| Customer PII | ✔ | ✔ | ✔ | |||
| Customer Retro Transaction | ✔ | ✔ | ✔ | |||
| Customer Cards | ✔ | |||||
| Customer Goodwill | ✔ | |||||
| Customer Group | ✔ | |||||
| Requests | ✔ | ✔ | ✔ | |||
| Requests Goodwill Points | ✔ | ✔ | ✔ | |||
| Requests Goodwill Coupons | ✔ | ✔ | ✔ | |||
| Requests ID Change | ✔ | ✔ | ✔ | |||
| Requests ID Reallocation/Merge | ✔ | |||||
| Requests PII Deletion | ||||||
| Requests Cards | ||||||
| Requests Retro Transaction | ||||||
| Requests Transaction | ✔ | ✔ | ✔ | ✔ | ✔ | |
| Group | ✔ | ✔ | ✔ | |||
| Group Goodwill | ✔ | ✔ | ✔ | |||
| Group Transactions |
Insights+ Permissions
| Modules | View | Create |
|---|---|---|
| Reports | ✔ | ✔ |
| Segments | ✔ | |
| Export | ✔ | |
| Settings | ✔ |
Updated 22 days ago