Permissions
Boolean security permissions that may be granted to Funnelback users and roles.
These may be set to either yes
or no
in the user and role ini
files.
Boolean Security Permissions
cp.change.passwd
Controls whether the user may change the password of other users
See the 'Modify Funnelback users' section in the API UI.
cp.diagnostics
Controls whether or not the user may see the Perl Admin UI's 'View Diagnostics' page
cp.ip.tracker.viewing
Controls whether or not the user may see the Perl Admin UI's IP address tracking screen (iptracker-check.cgi)
⚠ Deprecated as it does not work with the modern-ui.
cp.license.key
Controls whether or not the user may see and change the Funnelback license key in the Perl Admin UI.
On upgrade this permission will be removed and if it was set to yes the user will be
granted: sec.license.view-usage
,
sec.license.install
,
sec.license.delete
.
⚠ Deprecated as it is replaced with sec.license.view-usage
,
sec.license.install
,
sec.license.delete
.
cp.status
Controls whether or not the user may see the Perl Admin UI's Collection status box
plugin.build.report.db
Controls whether the user can Update the search analytics and trend alert reports.
plugin.show.fm.rules
Controls whether the user is allowed to see the "Edit File-Manager Rules" link in the System drop down menu. Does not control whether the user is allowed to edit File-Manager rules.
sec.accessibility-auditor
Controls whether the user may access the Accessibility Auditor reports
Also controls whether the user may audit documents and modify/view Accessibility Auditor Acknowledgements.
sec.accounts.create-roles
Controls whether the user may create new roles
See the 'Modify Funnelback roles' section in the API UI.
sec.accounts.create-users
Controls whether the user may create new users.
See the 'Modify Funnelback users' section in the API UI.
sec.accounts.delete-roles
Controls whether the user may delete roles
See the 'Modify Funnelback roles' section in the API UI.
sec.accounts.delete-users
Controls whether the user may delete users
See the 'Modify Funnelback users' section in the API UI.
sec.administer.read
Controls whether the user may view some administrative data on the server.
Required:
- to be able to download the support package.
- to show the System Logs in the system menu
- if the user does not have
sec.administer.system
to be able to view some files that do not belong to a collection for example System logs.
sec.administer.system
Controls whether the user may complete some administrative tasks.
Controls if the user may prepare Funnelback for upgrade using the API as well as via the classic Admin UI. Also controls by default displaying of the 'Prepare Funnelback for upgrade' link in the system drop down menu in the class Admin UI.
Controls if the user may ignore the collection parameter white-list and set any
setting within collection.cfg
.
Controls whether the user may edit and view file manager rules.
Controls whether the user may run mediator commands via the classic Admin UI. The user may also need other permissions such as access to the collection the command is running on.
Controls whether the user may trigger the upgrade of indexes after an upgrade.
sec.api.link
Controls whether the link to the API UI is displayed in the system drop down menu.
sec.application-token.non-expiring.create
Controls whether the user can create and revoke non-expiring tokens.
sec.best-bet
Controls whether the user may edit a service's best-bet style curator rules.
sec.blending
Controls whether a user may edit a service's query blending synonyms.
sec.can-edit-all-unknown-config-keys
Controls whether a user is automatically granted permission to edit unknown configuration options.
Unknown configuration options are keys which are not included in Funnelback
and not declared as a custom configuration key in custom-keys.cfg
.
In the case this permission is not granted, a user may still have access to edit an unknown configuration option if they are explicitly granted access to edit the key or are granted access to edit all keys.
sec.can-read-all-unknown-config-keys
Controls whether a user is automatically granted permission to read unknown configuration options.
Unknown configuration options are keys which are not included in Funnelback
and not declared as a custom configuration key in custom-keys.cfg
.
In the case this permission is not granted, a user may still have access to read an unknown configuration option if they are explicitly granted access to read the key or are granted access to read all keys.
sec.collection-start-urls
Controls whether or not the user can edit a collection's collection.cfg.start.urls
file
Note: start URLs can still be modified in other ways. See crawler.start_url
and the individual
permissions surrounding collection configuration keys which are unaffected by this permission.
sec.content-auditor
Controls whether the user may access Content Auditor.
sec.continuous.rest
Controls whether the user may access the Push API calls.
This controls access to all Push API calls including add/delete/get documents, snapshots, health APIs and APIs used in multi-server replication.
sec.contract.view-all
Controls whether the user is permitted to view all contracts on the server.
When not granted the user will only be able to view their own contracts.
sec.cookie-config
Controls whether the user can edit a collection's cookies.txt
sec.curator
Controls whether the user may edit a service's curator rules.
Not required for editing curator rules with the best bet label.
sec.custom-gather
Controls whether the user can edit a collection's custom_gather.groovy
sec.data.reporter
Controls whether the user may view the broken links reports and the collection update history link. Required:
- to display the 'View Data Reports Dashboard' link in the classic Admin UI.
- to view the broken links reports.
- to display the 'View Collection Update History' link in the classic Admin UI.
sec.delete.collection
Controls whether the user may delete collections.
The user must have permission to the collection being deleted. This also controls if the link to delete a collection is clickable in the classic Admin UI.
sec.edit.collection
Controlled whether the user could access the old 'Edit collection settings' administration page which was removed in Funnelback 15.22.0.
Unused since: 15.22
sec.faceted-navigation
Controls whether the user may edit faceted navigation configuration.
The user will also need access to the collection and service the faceted navigation configuration belongs to.
sec.file.manager
Controls whether the user is allowed to list and publish files in the classic Admin UI.
This controls:
- Viewing collection log file listing page, but not viewing of those log files.
- If the 'Browse Collection Configuration Files' link is clickable in the classic Admin UI (by default).
- If the 'Browse Collection Configuration Files' page is accessible but does not control if editing, viewing, downloading, creating of collection configuration files is possible.
- If publishing of collection configuration files in the classic Admin UI, other permissions may also be required.
sec.file.manager.edit
Controls whether the user can edit tuning queries, view proposed queries, view some URL data. This controls:
- If the user can get information about a URL from the
/collection-info/v1/collections/{collection}/url
API and the/data
below that API. - If the 'Design Results Page' page link is shown in the classic Admin UI (by default). Does not control if editing of the forms is allowed or not
sec.group.manager
Reserved for future use.
sec.halt.manual
Controls whether the user may stop an update.
sec.hook-script
Controls whether the user can edit the public-ui groovy hook scripts in a collection.
This includes access to edit hook_extra_searches.groovy
, hook_post_datafetch.groovy
,
hook_post_process.groovy
, hook_pre_datafetch.groovy
, hook_pre_process.groovy
and hook_pre_cache.groovy
.
sec.instant.update
Controls whether the user may run instant updates, and other "instant" tasks.
Controls whether the user may run the following tasks via the API:
- INSTANT_UPDATE
- REMOVE_URLS_BY_PREFIX_FROM_LIVE_VIEW
- ADD_URLS_TO_LIVE_VIEW
- REMOVE_URLS_FROM_LIVE_VIEW
See the 'Queued Tasks' under the API UI for more details.
sec.knowledge-graph-labels
Controls whether the user may edit knowledge graph public UI labels.
sec.knowledge-graph-relationships
Controls whether the user may edit knowledge graph relationships.
sec.knowledge-graph-templates
Controls whether the user may edit knowledge graph public UI templates.
sec.knowledge-graph-update
Controls whether the user may run knowledge graph updates.
sec.license.delete
Controls whether the user may delete a license.
See the 'Manage licenses for this installation' section in the API UI.
sec.license.install
Controls whether the user may install a license.
See the 'Manage licenses for this installation' section in the API UI.
sec.license.view-usage
Controls whether the user has access to the document usage per license API.
Controls access to the '/v2/document-usage-per-license' API, see the 'License limits and usage' section of the Admin API UI for further details.
sec.meta-name
Controls whether the user can read or edit a collection's meta-names.xml
sec.metadata-mapping
Controls whether the user is allowed to modify metadata mappings.
The user must have access to the collection on which the metadata mappings are being modified. Users do not need this permission to view metadata mappings.
sec.predictive-segmentation
Controls whether the user may access the predictive segmentation API
sec.profile.manage
Controls whether the user is allowed to create and delete profiles.
Also controls, by default, if the 'Manage Profiles' link is shown in the classic Admin UI.
Also controls if the user may use the classic Admin UI to set a profile to be a service as well as decommissioning a service. Also controls if the links to do these operations are visible.
sec.queue.delete-other-users-tasks
Controls whether the user may delete tasks of other users.
See the 'Queued tasks' section in the API UI.
sec.queue.priority
Controls whether the user may change or set the priority of tasks.
See the 'Queued tasks' section in the API UI.
sec.reporter
Controls whether the user should be able to view the search analytics with the UI.
In the classic Admin UI controls whether the 'View Query Reports Dashboard' should be shown.
In the modern Admin UI controls whether the 'Search Analytics' can be viewed.
Does not control access to the search analytic APIs.
sec.reporter.email
Controls, by default, if the 'Edit Analytics Email Settings' link is shown in the classic Admin UI.
Does not control if the analytics email report settings can be modified or not.
sec.reporting-exclusion
Controls whether a user may edit the IPs and queries excluded from a collection's analytics
sec.sched.cron
Controls whether a user may schedule regular updates.
Also controls whether the 'Schedule Automatic Updates' link will be shown in the system drop down menu and if it is clickable in the tabs section of the classic Admin UI.
sec.sched.manual
Controls whether a user may start or restart an update on most collection types.
This includes most normal update types as well as restarting updates on web collections, this does not include instant updates. This does not apply to Push collections.
See the 'Queued Tasks' under the API UI for more details.
sec.seo-auditor
Controls whether the user may access SEO Auditor (previously known as Content Optimiser).
This was previously called sec.content.optimiser
.
sec.server-alias
Controls whether the user may edit a collection's server alias configuration.
sec.server.config
Controls whether the user is allowed to edit or read server configuration.
This controls whether the user is allowed to edit or read any setting from server configuration (global.cfg), provided they also have access to read/edit the key. The 'environment-name' key is exempt from this setting as all users are permitted to read that setting.
Since: 15.22
sec.service.mediator
Controls whether the user can run tasks using the mediator API.
sec.service.webdav
Controls whether the user can view and manipulate files under SEARCH_HOME
sec.site-profile
Controls whether the user may edit a collection's site profiles configuration.
sec.spelling
Controls whether the user can read or edit preferred and excluded spelling suggestions.
sec.synonym
Controls whether the user may edit a service's synonyms.
sec.template
Controls whether the user may edit template.xsl or a service's template files to affect search result presentation.
sec.tuning
Controls whether the user may edit a service's tuning data and view past tuning runs.
sec.tuning.run
Controls whether the user may start or stop a new tuning run for a service.
sec.url-kill-list
Controls whether the user may read or edit kills lists in the API.
Does not control access to kill list files in the classic Admin UI, that is controlled by file manager rules.
sec.view.logs
Controls whether the user can view some collection analysis tools and click some collection log links.
Controls, by default, whether the 'Browse Log Files' and the 'Collection Tools' link is shown in the classic Admin UI.
Controls whether the user may call APIs under
/collection-info/v1/{collection}/update-history/
. See
the 'Update History' section in API UI for more details.
Controls whether the user may use the collection tools page and the
analysis-tools.cgi
API, used by the collection tools page.
sec.web-resources
Controls whether the user may edit web-resource files within a profile.
Currently not used, reserved for future use.
sec.workflow-config
Controls whether the user can read or edit a collection's workflow.cfg
sec.xml-index
Controls whether the user may edit a collections XML indexing configuration.