Skip to content

Security and Permissions

Use this page when the main question is not "where is the screen?" but "which permission model controls this behavior?"

Emakin security is spread across several related surfaces:

  • groups and feature permissions decide which capabilities a user can access
  • scopes allow or block broad operations such as API usage, work-item search, or job management
  • security profiles and ACLs control access to folders, processes, documents, and other secured objects
  • API keys expose selected capabilities to integrations
  • process permissions combine folder rules and process-level rules

Choose the Right Page

How the Models Fit Together

1. Group and Scope Layer

Groups define who belongs together. Feature permissions and scopes attached to those groups decide whether users can see or use broad Emakin capabilities at all.

2. Domain Security Layer

Domain administration defines security profiles, API keys, login behavior, and domain-wide restrictions such as IP rules. This layer sets the available security building blocks for the domain.

3. Object-Level Access Layer

Folders, processes, documents, and similar secured objects then apply ACL or security-profile rules to decide who can read, execute, write, or fully administer a specific object.

Typical Questions