Roles

A user's role determines her or his permission to perform administrative functions (for example, managing roles, users, running reports, tasks, and asset searches) and asset management functions (for example, access to workgroups, TMs, glossaries, and review packages). Permissions are propagated from the top of the object hierarchy to the bottom and are combined. Therefore the permissions for a role assigned to a user for a workgroup will be combined with the permissions of any role assigned to that user for an object (workgroup, TM, glossary, or review package) under that workgroup.

A role is a combination of system and object permissions. System permissions are set only by the role assigned to the user record (during user creation). Object permissions are set at the object level by the role assigned to the user when added to an object. The object permission defined with the role set to a user record has no impact.

The following system permissions are available to assign to a user (through role assignment):

System Permission	Description
USER_LIST	List users in a tenancy.
USER_SHOW	Show a full user record.
USER_CREATE	Create a user record.
USER_MODIFY	Modify a user record.
USER_DELETE	Delete a user record.
ROLE_LIST	List all roles.
ROLE_SHOW	Show the permissions of a role.
ROLE_ADD	Add a role.
ROLE_MODIFY	Modify permissions that make up a role.
ROLE_DELETE	Delete a role.
PERMISSION_LIST	List all permissions.
ASSET_SEARCH	Search in the asset tagging data.
ASSET_CONFIDENTIAL_LIST	Display confidential asset tagging data. Note that this permission is given by default to the Project Manager and Asset Manager roles. If you don't want these roles to have assets tagged as "Confidential" appear in asset retrieval search result sets, you must remove the permission from the role.
ASSET_TAXONOMY_MODIFY	Modify taxonomy data for this tenancy.
ASSET_COMPANY_MODIFY	Modify company data for this tenancy.
ALIAS_IMPORTED_LIST	List all imported object aliases.
ALIAS_EXPORTED_LIST	List all exported object aliases.
TASK_LIST	List all tasks of a tenancy.
TASK_KILL	Kill all tasks of a tenancy.
AUDIT_TRAIL_SHOW	Display Audit Trail information for assets in a tenancy.
SET_EFFECTIVE_USER	Switch to another user ID in this tenancy.
CREATE_REPORTS_ON_ALL	Create reports on all TMs or workgroups in this tenancy.
MESSAGE_BROADCAST	May broadcast a message to all users in this tenancy.
USERTYPES_MODIFY	Modify the tenant-wide list of usertypes.
LICENSE_LIST	List all licensed users.
LICENSE_ADD	Add a license to a user.
LICENSE_DELETE	Delete a license from a user.
TENANT_SETTINGS_SHOW	Show the settings of your tenancy.
TENANT_SETTINGS_MODIFY	Modify the settings of your tenancy.

The following object permissions are available to assign to a user (through role assignment):

Object Permission	Description
WORKGROUP_LIST	List a workgroup (directory).
WORKGROUP_PROPERTIES_SHOW	Display a workgroup's settings.
WORKGROUP_PROPERTIES_MODIFY	Add/delete a workgroup's settings.
WORKGROUP_USER_LIST	List the users in a workgroup.
WORKGROUP_USER_MODIFY	Add/delete users from a workgroup.
WORKGROUP_CREATE	Create a workgroup.
WORKGROUP_RELOCATE	Move a workgroup.
WORKGROUP_DELETE	Delete a workgroup.
TM_LIST	List TMs.
TM_SEARCH	Search (or "read") a TM.
TM_STORE	Add (or "write") to a TM.
TM_UPDATE_SEGMENT	Update a specific segment, typically in a TM editor.
TM_PROPERTIES_SHOW	Display a TM's settings.
TM_PROPERTIES_MODIFY	Modify a TM's settings.
TM_USER_LIST	List the users that are members of a TM.
TM_USER_MODIFY	Add/delete users from a TM membership.
TM_ATTRIBUTES_MODIFY	Add/delete attributes of a TM.
TM_GET_REPORTS	Get reports for a TM.
TM_ADD_LANGUAGES	Add new languages to a TM.
TM_IMPORT	Import data into a TM.
TM_EXPORT	Export data from a TM.
TM_ANALYSIS	Perform analysis on the TM.
TM_ANALYSIS_WITH_ANALYSIS_TM	May also use an analysis TM for forward fuzzy matching during analysis.
TM_UNKNOWN_SEGMENTS_ANALYSIS	Do an unknown segment analysis.
TM_PRETRANSLATE	Do a pretranslation through the TM.
TM_ADD_TO_TM	"Clean" a document into a TM.
TM_CREATE	Create a TM.
TM_RELOCATE	Move a TM.
TM_DELETE	Delete a TM, or segments inside of it.
TM_ALIAS_PUBLISH	Alias a TM to another tenancy.
TM_ALIAS_REVOKE	Revoke the alias for a TM.
TM_ALIAS_SUBSCRIBE	Subscribe to a TM from another tenancy.
TM_ALIAS_UNSUBSCRIBE	Unsubscribe from a TM.
TM_ALIAS_LIST	List the published aliases of a TM.
GLOSS_LIST	List glossaries.
GLOSS_SEARCH	Search (or "read") for a term.
GLOSS_PROPOSE	Propose a new term.
GLOSS_VALIDATE	Validate a new term.
GLOSS_EDIT	Edit a term.
GLOSS_PROPERTIES_SHOW	Display a glossary's settings.
GLOSS_PROPERTIES_MODIFY	Add/delete a glossary's settings.
GLOSS_USER_LIST	List the users that are members of a glossary.
GLOSS_USER_MODIFY	Add/modify the users that are members of a glossary.
GLOSS_GET_REPORTS	Get reports for a glossary.
GLOSS_IMPORT	Import into a glossary.
GLOSS_EXPORT	Export from a glossary.
GLOSS_CREATE	Create a glossary.
GLOSS_RELOCATE	Move a glossary.
GLOSS_DELETE	Delete a term or a whole glossary.
GLOSS_SEGMENT_DELETE	Delete segments from a glossary and clear language directions.
GLOSS_HISTORY	Display the change history of a glossary.
GLOSS_ALIAS_PUBLISH	Alias a glossary to another tenancy.
GLOSS_ALIAS_REVOKE	Revoke the alias for a glossary.
GLOSS_ALIAS_SUBSCRIBE	Subscribe to a glossary from another tenancy.
GLOSS_ALIAS_UNSUBSCRIBE	Unsubscribe from a glossary.
GLOSS_ALIAS_LIST	List the published aliases of a glossary.
REVIEW_LIST	List review files.
REVIEW_READ	Read review files.
REVIEW_WRITE	Write review files.
REVIEW_IMPORT	Import review files.
REVIEW_EXPORT	Export review files.
REVIEW_PROPERTIES_SHOW	Display review package settings.
REVIEW_PROPERTIES_MODIFY	Change review package settings.
REVIEW_USER_LIST	List the users that are members of a review package.
REVIEW_USER_MODIFY	Add/modify the users that are members of a review package.
REVIEW_REPORT	Create a review report.
REVIEW_CREATE	Create a review package.
REVIEW_RELOCATE	Move a review package.
REVIEW_DELETE	Delete a review package.
REVIEW_ALIAS_PUBLISH	Alias a review package to another tenancy.
REVIEW_ALIAS_REVOKE	Revoke the alias for a review package.
REVIEW_ALIAS_SUBSRIBE	Subscribe to a review package from another tenancy.
REVIEW_ALIAS_UNSUBSCRIBE	Unsubscribe from a review package.
REVIEW_ALIAS_LIST	List the published aliases of a review package.
FILE_LIST	List files in the file server.
FILE_READ	Read files in the file server.
FILE_WRITE	Write files to the file server.
FILE_DELETE	Delete files in the file server.
ILEAF_READ	Read from an ILEAF alignment TM.
ILEAF_WRITE	Write data (align) in an ILEAF alignment TM.
ILEAF_IMPORT	Import data into an ILEAF alignment TM.
ILEAF_EXPORT	Export data from an ILEAF alignment TM.
ILEAF_DELETE	Delete an ILEAF alignment TM.
LINK_LIST	List object links.
LINK_ADD	Add links to object.
LINK_TO	Point a link to the object.
LINK_DELETE	Delete a link from the object.
HVS_READ	Read in the HVS.
HVS_WRITE	Write to the HVS.
HVS_DELETE	Delete the HVS.
ASSET_TAGGING_SHOW	Show asset tagging information on an object.
ASSET_TAGGING_MODIFY	Add/change asset tagging information on an object.
CREATE_FULL_REPORTS	Create reports on a TM or workgroup including all users.
CREATE_OWN_REPORTS	Create reports on a TM or workgroup but only for the own user

Note: A user’s object permissions control not only what they can or cannot do in the Web interface; they also control what they can do in the clients. For example, a user whose role for a particular TM does not contain the TM_ANALYSIS_WITH_ANALYSIS_TM object permission cannot see the Use Analysis TM option when performing document analysis in the Microsoft Word Plug-in, the Translation Workspace Tools, or the XLIFF Editor. And if that user’s role does not have the TM_ANALYSIS permission, the user cannot perform document analysis at all.

Obviously, you have a great deal of control with these over what a user can do. Translation Workspace offers the following default roles:

Default Role	Description
Guest	Can see the list of workgroup, assets and do Search
Translator	Guest + can translate, review, propose terms, run analysis
Customer	Guest + can run analysis, do TM export, propose, validate terms
Terminologist	Translator+ Glossary maintenance (Term add, update, delete, import, export)
Linguist	Translator + TM maintenance (TM Editor, Attributes, Import, export)
Terminology Manager	Terminologist + Glossary management (Settings, create, delete, User assignment)
TM Manager	Guest + translate + TM management (TM settings, TM Linking, create, delete, user assignment)
Review Manager	Guest + Review package management (settings, report, user assignment)
Asset Manager	Glossary Manager + TM manager + Review Manager
Project Manager	Asset Manager + Workgroup management + Alias Publish + User list, Role list, Tasks List
TW Administrator (Platform Administrator)	Full rights

These roles are configured with an appropriate combination of system and object permissions for the typical roles in a translation operation.

For example, the Translator role has no system permissions, and has the following object permissions:

WORKGROUP_LIST
TM_LIST
TM_SEARCH
TM_STORE
TM_ANALYSIS
TM_ANALYSIS_WITH_ANALYSIS_TM
TM_PRETRANASLATE
TM_ADD_TO_TM
GLOSS_LIST
GLOSS_SEARCH
GLOSS_PROPOSE
REVIEW_LIST
REVIEW_READ
REVIEW_WRITE

These permissions enable the Translator to do the fundamental translation tasks. However, you might want to create a more powerful role, like Power Translator, that has added object permissions like TM_ALIAS_SUBSCRIBE (so they can accept tokens sent from other tenancies to work on their projects) and TM_CREATE (so they can create working TMs).

The Project Manager role has the following system permissions, by default:

USER_LIST
USER_SHOW
ROLE_LIST
ROLE_SHOW
PERMISSION_LIST
ASSET_SEARCH
ASSET_CONFIDENTIAL_LIST
ALIAS_IMPORTED_LIST
ALIAS_EXPORTED_LIST
TASK_LIST

These system permissions give the Project Manager the ability to view users and roles, but not the ability to create or delete them.

The Project Manager role has the all of the object permissions, by default. These permissions enable the Project Manager perform every operation on workgroups and linguistic assets.

For a list of the permissions assigned by default to each default role, see Permissions in Default Roles.

Role Management

The role management function allows system user with “Role management permission” to define new Role by grouping permissions into a Role in their tenancy.

See the List of Roles and Permissions

If you have enough system permissions you can see the list of existing roles and associated permissions in your tenancy.

To see the list of roles:

Select Administration > Role Management.
The Role Management tab displays.
Select a Role (for example, TM Manager).
1. System Permissions Tab: Shows user system permissions defined for the role. This will apply only for the role defined at the user record level. These are related to administrative or non-object specific function.
2. Object Permissions: Shows user object permissions. These will apply at the object level (that is, for the member role) and are specific to object functions.

Create a New Role

Open the Role Management dialog.
Click Add New Role.
Provide a role Name.
Click OK.

Edit a Role

Open the Role Management dialog.
Select a role.
In the System Permission or Object Permissions tab:
1. Use the Add button to assign permission from the Available Permissions list to the Assigned Permissions list
2. Use the Remove button to remove permission from the Assigned Permissions list.

Note: When you edit the permission of a role it immediately applies to all users having this role.

Remove Role

Open the Role Management dialog.
Select a role.
Click Remove.

Note: All users assigned with the removed role will no longer have access to any of the system actions. At the object level they will miss all permissions granted “only” by the removed role.