Permissions

Three concepts govern an Integration Gateway user's permissions:

• User Type (Standard, Staff, Service Account)

• User Permissions

• Group Permissions

User Type

A Standard Integration Gateway user account is appropriate for everyday users who build, maintain, or monitor integrations.

A Staff Integration Gateway user is equivalent to a system administrator. These users have access to additional pages, notably the Invite page, which allows them to invite additional Standard and Staff users into Integration Gateway, and the Admin page, which controls settings for the Integration Gateway environment.

A Service Account manages third-party system access to integrations on Integration Gateway. A Service Account is only meant to execute integrations, and cannot log into the Integration Gateway UI, view or edit integrations, or invite other users. Learn more about service accounts here.

User Permissions

Both Standard and Staff users can have their abilities augmented by being granted permissions specific to a particular action. A Staff user can manage these permissions from the Admin portal.

Integration Permissions

Each user — both Standard and Staff — must be explicitly granted permission to access integrations. This must be done for each integration. A Staff user can assign integration permissions to individual users from the Admin portal, or assign them to a group using Group Integration Permissions.

Integrations have four separate permission types: Read, Write, Execute, and Debug. By default, the user who creates the integration has all four integration permissions.

• read — Allows the user to see the contents of the integration, including its Service Requests, Field Mappings, Value Mapping Sets, etc.

• write — Allows the user to modify the integration

• execute — Allows the user to run the integration using the Run Integration feature, or via an API call using their account credentials

• debug — Allows the user to see run histories from past integration runs, regardless of which account originally ran the integration

Group Permissions

Groups allow you to manage permissions for multiple users at once. To create a group:

1. Click your profile icon and select Admin to open the Admin portal.

2. Navigate to Authentication > Groups and click + Add.

3. Enter a name for the group.

4. Select permissions from the Available permissions list and move them to the Chosen permissions list.

5. Select users from the Available Users list and move them to the Chosen Users list.

6. Click Save.

Any member of the group automatically receives these permissions when they join, and the system revokes those permissions if you remove the user from the group.

Permissions granted through a group are only additive to any existing permissions a user has.

Permissions Across Environments

In standard Integration Gateway projects, a user will have access to three separate environments: DEV, TEST, and PROD. While the permissions concepts outlined on this page function the same way on all three environments, policies and best-practice dictates which permissions are typically given in each environment. Integration Gateway's default policy is:

*We recommend restricting Write permissions to the minimum set of users necessary to build the integration.

No group receives Execution permissions. Integration Gateway best practice is to restrict execution permissions to a dedicated service account, rather than execute integrations with an employee's Integration Gateway account.