User roles and privileges
This table defines the user roles and the default privileges assigned to each role.
- A Boomi Enterprise Platform user corresponds to a unique email address that can be given direct access to one or more Boomi accounts.
- A role is assigned to a user to enable a list of privileges.
- A privilege is a right reserved to a role that allows a user to access or perform actions in a specific area of the Boomi Enterprise Platform.
Boomi Enterprise Platform includes several user roles and many privileges. The Boomi Enterprise Platform roles are: Administrator, Standard User, Production Support, and Support. If these roles do not meet your needs, your administrator can create custom roles for your account.
| Privilege | Description | Administrator Role | Standard User Role | Production Support Role | Support Role |
|---|---|---|---|---|---|
| API Access | Use the Platform API to access account data. |  Included |  Excluded | Excluded | Excluded |
| API Management - Access | Access to API Management. See API Management Roles and Privileges for API Management-specific details. | Included | Excluded | Excluded | Excluded |
| API Management - Roles | Manage roles for an account. Note: This is a deprecated privilege that should not be used. | Included | Excluded | Excluded | Excluded |
| Account Administration | Account configuration and administration. | Included | Excluded | Excluded | Excluded |
| Account Group Management | Manage all account groups and access restrictions. | Included | Excluded | Excluded | Excluded |
| Runtime Management | Runtime configuration and administration. Provides read and write access to runtime properties and settings, and allows you to download the basic runtime and cluster installers on the Build page. | Included | Included | Included | Excluded |
| Runtime Management Read Access | View runtime properties and settings. | Included | Included | Included | Excluded |
| Boomi Assure | Administer Boomi Assure data. | Included | Included | Excluded | Included |
| Branch Create & Modify Access | Create and update branches using Branch Management and the Branch object. Create hotfix branches from the Packaged Deployments page or Deployments page. | Included | Included | Excluded | Excluded |
| Branch Delete Access | Delete branches using Branch Management and the Branch object. | Included | Included | Excluded | Excluded |
| Branch Read and Write Access | Read access to processes and components on all branches. Write and modify permissions on all branches except main. | Excluded | Excluded | Excluded | Excluded |
| Build Read Access | View processes and components. Read access to Branch Management, all branches, and all components and processes within branches. | Included | Excluded | Excluded | Excluded |
| Build Read and Write Access | Design, build, and modify processes and components. | Included | Included | Excluded | Excluded |
| Dashboard | Access to the Account, HTML Status, and Real-time Dashboards. | Included | Excluded | Excluded | Excluded |
| Dedicated Clouds Management | Dedicated cloud configuration and administration. | Included | Excluded | Excluded | Excluded |
| Developer | Create and publish new components using the Integration SDKs. | Included | Included | Included | Included |
| Environment Management | Management of all environments. Ability to add role(s) to environments so that only users with the role(s) have access to the environments. (Environments are available from the Runtime Management page so you also need the Runtime Management privilege.) Note: Users can use the Environment Management Read Access and Environment Management Full Access privileges to create a custom role to manage read and write access for specific environments. | Included | Included | Excluded | Excluded |
| Execute | Execute or retry available processes. | Included | Included | Included | Included |
| Integration Pack | Integration pack release and management of integration pack versions. | Included | Included | Excluded | Excluded |
| Licensing | View currently deployed connections and runtime cloud usage. | Included | Included | Included | Included |
| Packaged Component Management | Create and manage deployable packaged components. Packaged components can also be shared in the Process Library and integration packs. | Included | Included | Excluded | Excluded |
| Packaged Component Deployment | Deploy a packaged component to environments.(Legacy deployment) Deploy a process or component to environments. | Included | Included | Included | Excluded |
| Persisted Process Property Read and Write Access | You can view and edit the persisted process properties. | Included | Included | Included | Excluded |
| Process Library | Process publishing and management of published process versions. | Included | Included | Excluded | Excluded |
| Private Cloud Management | Private Cloud configuration and administration. | Included | Excluded | Excluded | Excluded |
| Scheduling | Manage configured process schedules. | Included | Included | Included | Excluded |
| Trading Partner Management | Create and edit trading partner and group information. | Included | Included | Excluded | Excluded |
| User Management | Users can assign any role to other users. | Included | Excluded | Excluded | Excluded |
| User Management - Limited | Users can only assign roles that they have. Boomi recommends customers use this variant over the unlimited one above. | Included | Excluded | Excluded | Excluded |
| View Audit Logs | View audit logs. | Included | Excluded | Excluded | Excluded |
| View Data | View execution data in process reporting. | Included | Included | Included | Included |
| View Results | View and monitor process execution activity and logs, but not execution data. | Included | Included | Included | Included |
| Data Detective Read Access | Read access to view PII details such as process, data fields, category, connectors, and countries. Note: This privilege is available only if piiDataInsights is enabled on your account. | Included | Included | Excluded | Excluded |
| Data Detective Read & Write Access | Read access to view PII details and write access to suggest new data fields and changes to existing data fields. Note: This privilege is available only if piiDataInsights is enabled on your account. | Included | Excluded | Excluded | Excluded |
The Production Support and Support roles are part of Advanced User Security, which is available in the Enterprise and Enterprise Plus Editions, and as an add-on to the Professional and Professional Plus Editions. To have this functionality enabled, contact your Boomi sales representative.
By default, the user who registered the account is granted the Administrator role which has all privileges. This is the primary, default role that allows full access to Integration. The key privilege differences are in user management and account administration. If a user is not enabled as an administrator, they will not be able to:
- Change the account name
- Add, edit or remove users
- Grant or disable support access
- Add or remove tracked fields
- Manage environments
- Publish connectors via the Connector SDK
Boomi DataHub roles and privileges
To configure roles and privileges specific to Boomi DataHub, navigate to the Hub User Entitlements and Hub Role Entitlements tabs on the User Management page in Settings. These tabs are visible only to users of accounts who have been assigned the MDM - Stewardship Management privilege.
For information about Boomi DataHub roles, privileges and entitlements, see the Boomi DataHub User Management topic. To enable in your account, contact your Boomi representative.
Agentstudio roles and privileges
User Management includes three Agent Garden roles:
- User
- Developer
- Administrator
As an administrator, you can give your users controlled access to the Agent Garden. For example, a developer can create, edit, and test agents, while another user can only use deployed agents in the conversational interface and see a list of all the deployed agents.
For a detailed table on Agent Garden and Agent Designer roles and privileges, refer to Agent Garden. With an Administrator role or a developer role, you can access and utilize the Agent Control Tower. However, the Agent Control Tower works with providers and connecting to providers to manage your agents. Each provider has their own prerequisites that need to be met to utilize the service. For more information, refer to Connecting to providers.
By default, all Platform Standard role users have the Agent Garden User role, which allows them to interact with installed agents in the conversational interface. All Platform administrators have the Agent Garden administrator role.
You can assign additional privileges to a user, such as agent development capabilities through the Agent Developer role or create a custom role with granular permissions.
