Scopes¶
Scopes are used together with role-based security and ACL permissions. ACL lists control access to a single object, such as one folder, while scopes override or allow operations across all objects of a type. For example, a user may have access to a folder through ACL but still be blocked from a broader operation by scope.
Some scopes are granted by default to the Administrators group, while others are assigned to non-admin users so they can perform limited operational tasks without full administrative access.
Note: The currently documented scopes are defined through REST API service capabilities and group definitions. Your deployment may expose additional scopes through integrations or newer modules.
How to Use Scopes¶
Use this page as a reference when you are reviewing group permissions, troubleshooting missing features, or deciding whether a capability should be granted globally or controlled by ACL.
Scope Reference¶
| Scope | Description | Default Value |
|---|---|---|
| login | Log in to application or issue authentication tokens | Everyone |
| logoff | Logout from application | Everyone |
| event_trigger | Trigger events through API | Everyone |
| module_execute | Execute module scripts | Everyone |
| decision_execute | Execute decision models | Everyone |
| user_profile | View and update user profile | Everyone |
| process_read | View process and list versions | Everyone |
| process_write | Edit process and versions | Everyone |
| process_initiate | Initiate new process | Everyone |
| worklist_read | List work item list (Inbox, Sent, .. ) | Everyone |
| workitem_action | Take action on work item | Everyone |
| workitem_forward | Forward work item | Everyone |
| workitem_tag | Attach tags to work item | Everyone |
| workitem_history | View history of work item | Everyone |
| workitem_search | Search work item | Everyone |
| activity_read | View activity streams | Everyone |
| activity_write | Write new activity entries | Everyone |
| folder_read | View folder and dashboard | Everyone |
| folder_write | Edit folder properties | Everyone |
| folder_report | View reports in folders | Everyone |
| folder_root | Create root folders | Administrators |
| document_read | View document and profile | Everyone |
| document_write | Edit document and profile | Everyone |
| calendar_read | View calendar | Everyone |
| calendar_write | Write new calendar entries | Everyone |
| market_read | View market | Administrators |
| market_write | Publish to market | Administrators |
| jobs_write | List jobs and update state | Administrators |
| domain_write | View and update domain properties | Administrators |
| organization_read | View organization database | Everyone |
| organization_write | Update organization database | Administrators |
| groups_write | View and update user groups | Administrators |
| file_read | Download files | Everyone |
| file_write | Upload files | Everyone |
| database_read | Perform database query | Everyone |
| database_manage | Database schema management (edit, update, delete tables and rows) | Administrators |
| network | Allow network access (Web Requests, FTP..) | Everyone |
| notifications | List and read notifications | Everyone |
| help | Access help | Everyone |
| dashboard | View dashboards from navigation | Everyone |
| fulltext_search | Full text query | Everyone |
| channel_read | List channels | Everyone |
| channel_write | Edit channel properties | Everyone |
| case_tag | Edit tags on a case | Everyone |
| audit_search | View audit log records | Administrators |
| phone | Use Phone application | Everyone |
| wopi | Use document (.docx, .xls etc) editors | Everyone |
| meeting | Start meetings | Everyone |