Administrators assign roles to users based on assignments and responsibilities. Set these roles in the application or map them from your identity provider if you have SSO integration enabled. If you start with a completely new Domino installation, the first user to log in is assigned the SysAdmin and Practitioner roles.
The available roles are:
-
SysAdmin - Administers instance with full administrative access.
-
ProjectManager - Manages organizations and project tags.
-
SupportStaff - Manages compute-related functionality.
-
System Librarian - Manages system artifacts.
| Permission | System Admin | Support Staff | System Librarian | Project Manager (Organization) |
|---|---|---|---|---|
View Dispatcher | ✓ | ✓ | ||
Stop Runs | ✓ | ✓ | ||
Launch/Stop/Start Executors | ✓ | ✓ | ||
Edit Hardware Tier/Executor Configuration | ✓ | ✓ | ||
View Logs | ✓ | ✓ | ||
View Usage | ✓ | ✓ | ||
Upgrade/Stop/Restart Server | ✓ | ✓ | ||
Manage API Endpoints | ✓ | ✓ | ||
Manage Project Tags | ✓ | ✓ | ✓ | |
List All Projects | ✓ | ✓ | ✓ | |
Preview Projects | ✓ | ✓ | ✓ | |
Curate Projects | ✓ | ✓ | ✓ | |
Edit Global Compute Environment | ✓ | |||
Edit Configuration Details | ✓ | |||
Manage Organizations | ✓ | |||
View Control Center | ✓ | |||
Global Project Access | ✓ | |||
Global Model APIs Access | ✓ | |||
Run MongoDB Commands | ✓ | |||
Manage User Roles | ✓ | |||
Manage Datasets | ✓ | |||
View Assets | ✓ | ✓ |
A System Admin user can grant access roles to other users. To do so, visit the admin page and click Users from the top menu. Locate the user you want to grant permissions to, click Edit next to the username, then select the desired role.
When Project Managers are members of organizations, their role grants them owner-level access to all projects that are owned by other members of the organizations. This allows the Project Manager to see these projects and their assets in the Projects Portfolio and Assets Portfolio.
The Project Manager might also have the ability to add users to these organizations, thereby gaining contributor access to those users' projects. For this reason, the Project Manager must be treated as a highly privileged role, similar to System Administrator.