User and role permissions

Controls whether the user may change the password of other users

See the 'Modify Funnelback users' section in the API UI.

Controls whether the user may see the Perl Admin UI 'View Diagnostics' page

Controls whether the user may see the Perl Admin UI IP address tracking screen (iptracker-check.cgi)

⚠ Deprecated as it does not work with the modern-ui.

Controls whether the user may see and change the Funnelback license key in the Perl Admin UI.

On upgrade this permission will be removed and if it was set to yes the user will be granted: sec.license.view-usage, sec.license.install, sec.license.delete.

⚠ Deprecated as it is replaced with sec.license.view-usage, sec.license.install, sec.license.delete.

Controls whether the user may see the Perl Admin UI Collection status box

Controls whether the user can Update the search analytics and trend alert reports.

Controls whether the user is allowed to see the "Edit File-Manager Rules" link in the System drop down menu. Does not control whether the user is allowed to edit File-Manager rules.

Controls whether the user may access the Accessibility Auditor reports

Also controls whether the user may audit documents and modify/view Accessibility Auditor Acknowledgements.

Controls whether the user may create new roles

See the 'Modify Funnelback roles' section in the API UI.

Controls whether the user may create new users.

See the 'Modify Funnelback users' section in the API UI.

Controls whether the user may delete roles

See the 'Modify Funnelback roles' section in the API UI.

Controls whether the user may delete users

See the 'Modify Funnelback users' section in the API UI.

Controls whether the user may view some administrative data on the server.

Required:

Controls whether the user may override read-only mode, and make changes to a server via a limited set of admin-api endpoints.

In order to make an override request, the user also needs to set the override header to true (X-Funnelback-Read-Only-Override: true).

The capability to override read-only mode is only supported on endpoints where it is necessary for a master server to propagate changes to child servers via the admin-api.

Controls whether the user may complete some administrative tasks.

Controls if the user may prepare Funnelback for upgrade using the API as well as via the classic Admin UI. Also controls by default displaying of the 'Prepare Funnelback for upgrade' link in the system drop down menu in the class Admin UI.

Controls if the user may ignore the collection parameter white-list and set any setting within collection.cfg.

Controls whether the user may edit and view file manager rules.

Controls whether the user may run mediator commands via the classic Admin UI. The user may also need other permissions such as access to the collection the command is running on.

Controls whether the user may trigger the upgrade of indexes after an upgrade.

Controls whether the user may use Debug API.

Controls whether the link to the API UI is displayed in the system drop down menu.

Controls whether the user can create and revoke non-expiring tokens.

Controls whether the user may edit auto-completion.csv file

Controls whether the user may edit a service’s best-bet style curator rules.

Controls whether a user may edit a service’s query blending synonyms.

Controls whether a user is automatically granted permission to edit unknown configuration options.

Unknown configuration options are keys which are not included in Funnelback and not declared as a custom configuration key in custom-keys.cfg.

In the case this permission is not granted, a user may still have access to edit an unknown configuration option if they are explicitly granted access to edit the key or are granted access to edit all keys.

Controls whether a user is automatically granted permission to read unknown configuration options.

Unknown configuration options are keys which are not included in Funnelback and not declared as a custom configuration key in custom-keys.cfg.

In the case this permission is not granted, a user may still have access to read an unknown configuration option if they are explicitly granted access to read the key or are granted access to read all keys.

Controls whether the user may create new clients

Controls whether the user may delete a client.

Controls whether the user can edit a collection’s collection.cfg.start.urls file

Controls whether the user may access Content Auditor.

Controls whether the user may access the Push API calls.

This controls access to all Push API calls including add/delete/get documents, snapshots, health APIs and APIs used in multi-server replication.

Controls whether the user is permitted to view all contracts on the server.

When not granted the user will only be able to view their own contracts.

Controls whether the user can edit a collection’s cookies.txt

Controls whether the user may edit a service’s curator rules.

Not required for editing curator rules with the best bet label.

Controls whether the user can edit a collection’s custom_gather.groovy

Controls whether the user may view the broken links reports and the collection update history link. Required:

Controls whether the user may delete collections.

The user must have permission to the collection being deleted. This also controls if the link to delete a collection is clickable in the classic Admin UI.

Controls whether the user may choose not to run the pre delete hook when deleting a collection.

Disabling the delete hook script is useful to avoid recursive deletions when using the delete hook on a master host to delete collections on slave hosts.

Controlled whether the user could access the old 'Edit collection settings' administration page which was removed in Funnelback 15.22.0.

Unused since: 15.22

Controls whether the user is allowed to edit external metadata.

Since: 16.0

Controls whether the user may edit faceted navigation configuration.

The user will also need access to the collection and service the faceted navigation configuration belongs to.

Controls whether the user is allowed to list and publish files in the classic Admin UI.

This controls:

Controls whether the user can edit tuning queries, view proposed queries, view some URL data. This controls:

Reserved for future use.

Controls whether the user can edit a collection’s gscopes.cfg and/or query-gscopes.cfg file/s

Controls whether the user may stop an update.

Controls whether the user can edit the public-ui groovy hook scripts in a collection.

This includes access to edit hook_extra_searches.groovy, hook_post_datafetch.groovy, hook_post_process.groovy, hook_pre_datafetch.groovy, hook_pre_process.groovy and hook_pre_cache.groovy.

Controls whether the user may run instant updates, and other "instant" tasks.

Controls whether the user may run the following tasks via the API:

See the 'Queued Tasks' under the API UI for more details.

Controls whether the user may edit knowledge graph public UI labels.

Controls whether the user may edit knowledge graph relationships.

Controls whether the user may edit knowledge graph public UI templates.

Controls whether the user may run knowledge graph updates.

Controls whether the user may delete a license.

See the 'Manage licenses for this installation' section in the API UI.

Controls whether the user may install a license.

See the 'Manage licenses for this installation' section in the API UI.

Controls whether the user has access to the document usage per license API.

Controls access to the '/v2/document-usage-per-license' API, see the 'License limits and usage' section of the Admin API UI for further details.

Controls whether the user can read or edit a collection’s meta-names.xml

Controls whether the user is allowed to modify metadata mappings.

The user must have access to the collection on which the metadata mappings are being modified. Users do not need this permission to view metadata mappings.

Controls whether a user can run a plugin under the plugin debug APIs.

Controls whether the user may access the predictive segmentation API

Controls whether the user is allowed to create and delete profiles.

Also controls, by default, if the 'Manage Profiles' link is shown in the classic Admin UI.

Also controls if the user may use the classic Admin UI to set a profile to be a service as well as decommissioning a service. Also controls if the links to do these operations are visible.

Controls whether the user is allowed to edit QIE (Query Independent Evidence) for a collection.

Controls whether the user may delete tasks of other users.

See the 'Queued tasks' section in the API UI.

Controls whether the user may change or set the priority of tasks.

See the 'Queued tasks' section in the API UI.

Controls whether the user should be able to view the search analytics with the UI.

In the classic Admin UI controls whether the 'View Query Reports Dashboard' should be shown.

In the modern Admin UI controls whether the 'Search Analytics' can be viewed.

Does not control access to the search analytic APIs.

Controls, by default, if the 'Edit Analytics Email Settings' link is shown in the classic Admin UI.

Does not control if the analytics email report settings can be modified or not.

Controls whether a user may edit the reporting blacklist or reporting stop words configuration for a search package or results page.

Controls whether a user may schedule regular updates.

Controls whether a user may start or restart an update on most collection types.

This includes most normal update types as well as restarting updates on web collections, this does not include instant updates. This does not apply to Push collections.

See the 'Queued Tasks' under the API UI for more details.

Controls whether the user may access SEO Auditor (previously known as Content Optimiser).

This was previously called sec.content.optimiser.

Controls whether the user may edit a collection’s server alias configuration.

Controls whether the user is allowed to edit or read server configuration.

This controls whether the user is allowed to edit or read any setting from server configuration (global.cfg), provided they also have access to read/edit the key. The 'environment-name' key is exempt from this setting as all users are permitted to read that setting.

Since: 15.22

Controls whether the user can run tasks using the mediator API.

Controls whether the user can view and manipulate files under SEARCH_HOME

This is not the WebDav service served by the Admin API, this permission should generally never be given to any user or role.

Controls whether the user may edit a collection’s site profiles configuration.

Controls whether the user can read or edit preferred and excluded spelling suggestions.

Controls whether the user can download a support package on the server.

Required:

Controls whether the user may edit a service’s synonyms.

Controls whether the user may edit template.xsl or a service’s template files to affect search result presentation.

Controls whether the user may edit a service’s tuning data and view past tuning runs.

Controls whether the user may start or stop a new tuning run for a service.

Controls whether the user may read or edit kills lists in the API.

Does not control access to kill list files in the classic Admin UI, that is controlled by file manager rules.

Controls whether the user can view some collection analysis tools and click some collection log links.

Controls, by default, whether the 'Browse Log Files' and the 'Collection Tools' link is shown in the classic Admin UI.

Controls whether the user may call APIs under /collection-info/v1/{collection}/update-history/. See the 'Update History' section in API UI for more details.

Controls whether the user may use the collection tools page and the analysis-tools.cgi API, used by the collection tools page.

Controls whether the user may view some collection logs via WebDav including update logs, modern UI logj2 logs and query logs.

Controls whether the user may edit web-resource files within a profile. Currently not used, reserved for future use.

Controls whether the user can read or edit a collection’s workflow.cfg

Controls whether the user may edit a collections XML indexing configuration.