Setup Actions and Error Descriptions

Setup actions grant users the privileges to view and maintain (create, edit, and delete) the object or task in question. These actions can be added to Action Sets, as defined in the Action Sets topic.

Important: At a minimum, all users must be granted the 'View context' privilege to log in to STEP.

All visible actions shown to users are for the global system. Some actions are related to licenses that may not be applicable to your system.

When a user is not privileged to perform an action, the BGP Execution Report includes an error like the following:

Attribute 1: User running import wasn't privileged to do a certain action on attribute with ID 'NUM' at position 29, Attribute 1: The user 'WUSER' is not privileged to add the Attribute 'NUM' to attribute group 'FABDISMedia'. User: WUSER is not permitted to do: ATTRIBUTE_GROUP_ADD_ATTRIBUTE(6210)

The action that is not permitted (ATTRIBUTE_GROUP_ADD_ATTRIBUTE in this example) is included in the following tables in the Privilege Error Text column and is related to the Action column ('Add attribute to attribute group' in this example). Choose one of the following options to resolve an error:

  1. In workbench, add the related privilege action from the Action column to the group of the user identified in the error.

  2. Have a user from a group with the required privilege run the action.

The error may also be included in the step logs, based on the selected level of logging set in the sharedconfig.properties file, as defined in the Logs topic in the Administration Portal documentation.

Additional information for import errors is included in the Import Error Messages topic of the Data Exchange documentation.

Note: It is important to note that the action sets work together. As an example, in addition to the actions listed below for Integration Endpoints, you also need the following actions described in other areas of this topic: Access Workbench, View Background Processes of Other Users, View context, and View setup group. Review the entire set to verify all privileges are set up if you or other users are not seeing what you expect in the system.

Action Sets

Action

Privileges Granted

Privilege Error Text

Maintain action sets (create, delete, add to, remove from)

  • Create action sets

  • Delete action sets

  • Add actions to action sets

  • Remove actions from action sets

MAINTAIN_ACTION_SETS

Administration

Action

Privileges Granted

Privilege Error Text
System Administration

Ability to maintain configuration properties, prepare and deploy Extension API extensions, retrieve the STEP system status, and restart the STEP system via the remote system administration REST API. This functionality is only allowed for Stibo Systems SaaS environments.

Important: The 'System Administration' privilege should only be given to trusted system administration users. 

System Administration

View Administration

Ability to access the System Administration pages from the Start Page.

VIEW_ADMINISTRATION

View System Setup Logs

Ability to view the System Setup Log and Workspace Log (available from View menu Logs option in the workbench) and the Log tab (available in the editor on most System Setup objects). Without this privilege, the System Setup Log option in the View menu Logs option menu is grayed out, and the Log tab is not visible on System Setup objects.

VIEW_SYSTEM_SETUP_LOGS

Assets

Action

Privileges Granted

Privilege Error Text

Modify dimension dependency of all assets

Set dimension dependency of asset object types:

  • Add dimension to asset

  • Remove dimension from asset

ASSET_MODIFY_DIMENSION_DEP

Push Asset

Ability to push assets from within the Tree.

ASSET_PUSH

Attributes

The actions concerning domains are also needed for LOV maintenance.

Action

Privileges Granted

Privilege Error Text

Add attribute to attribute group

Ability to add to and create attributes in attribute groups.

Note: The 'Create product attribute' action must also be added before users can add attributes to attribute groups.

ATTRIBUTE_GROUP_ADD_ATTRIBUTE

Create attribute group

Ability to create attribute groups.

Note: The action 'Modify name/description of attribute group (also translate)' must also be added before users can create attribute groups.

ATTRIBUTE_GROUP_CREATE

Create product attribute

Ability to create:

  • attributes, the actions 'Add attribute to attribute group' and 'Modify definition of product attribute (domain and default unit)' must also be added.

  • LOV attributes, the actions 'Create domain' and 'Modify definition of domain (validator, etc.)' must also be added.

NORMAL_ATTRIBUTE_CREATE

Delete attribute group

Ability to delete attribute groups.

ATTRIBUTE_GROUP_DELETE

Delete product attribute

Ability to delete:

  • attributes, 'Delete attribute' global privilege must be added.

  • LOV attributes, the action 'Delete domain' must also be added.

NORMAL_ATTRIBUTE_DELETE

Maintain validation templates

Create a validation template (validation base type) for attributes and LOVs.

MAINTAIN_VALIDATION_TEMPLATES

Remove attribute from attribute group

Ability to remove (unlink) attributes that are linked to other attribute groups as well as add attributes to a group.

ATTRIBUTE_GROUP_REMOVE_ATTRIBUTE

Merge product attributes

Ability to merge attributes.

NORMAL_ATTRIBUTE_MERGE

Modify definition of product attribute (domain and default unit)

  • Set and edit the validation base type of attributes

  • Edit the type of attributes (specification and description)

  • Modify filters on LOV attributes

Note: The 'Create product attribute' action must also be added to set validation of attributes.

NORMAL_ATTRIBUTE_MODIFY_DEFINITION

Modify dimension dependency of product attribute

Edit the dimension dependencies of attributes.

NORMAL_ATTRIBUTE_MODIFY_DIMENSION_DEP

Modify metadata for product attribute (property value) (also translate)

  • Edit values of description attributes linked to attributes

  • Translate description attribute values linked to attributes

NORMAL_ATTRIBUTE_MODIFY_METADATA

Modify name/description of attribute group (also translate)

  • Edit the name of attribute groups

  • Translate the name and values in attribute groups

ATTRIBUTE_GROUP_MODIFY_CONTEXT_NAME

Modify name/description of product attribute (also translate)

  • Edit names of attributes

  • Translate name and values in attributes

Note: The 'Modify name/description of domain (also translate)' action must also be added to create LOV attributes.

NORMAL_ATTRIBUTE_MODIFY_CONTEXT_NAME

Modify valid (node) types for product attribute

Set the object types for which the attributes should be valid.

NORMAL_ATTRIBUTE_MODIFY_VALID_TYPES

View attribute

Ability to view attributes.

VIEW_ATTRIBUTE

View attribute group

Ability to view attribute groups.

The 'View attribute group' action must be added for users to maintain attributes.

VIEW_ATTRIBUTE_GROUP

View metadata for attribute (property value)

View values of description attributes linked to an attribute.

VIEW_ATTRIBUTE_METADATA

Background Processes

Action

Privileges Granted

Privilege Error Text

Delete background-processes

Delete queued, started, and ended background processes.

DELETE_BACKGROUND_PROCESSES

View Background Processes of Other Users

In workbench, while displaying other users' processes via the show all button () , the user can view and download files from background processes started by any other user.

In Web UI, the user can view and download files from the background processes they started.

For users without this privilege:

  • in the workbench, the show all button () on the BG Processes tab is disabled. (For details, refer to the 'BG Processes Displayed' section in the BG Processes Tab topic of the Getting Started documentation.)

  • in the workbench and Web UI, processes started by other users are not visible

  • no IIEPs, OIEPs, and event queues are visible (Gateway integration endpoints are visible since they do not have associated background processes.)

VIEW_BACKGROUND_PROCESSES_OF_OTHER_USERS

Bulk Updates

Action

Privileges Granted

Privilege Error Text

Perform Bulk Update

Ability to run or schedule a Bulk Update from the File menu.

PERFORM_BULK_UPDATE

Business Modules

Action

Privileges Granted

Privilege Error Text

Install Business Modules

Activates the Business Module Manager option on the File menu and enables the ability to install business modules that have been activated by Stibo Systems.

Install Business Modules

Business Rules

Action

Privileges Granted

Privilege Error Text

Maintain business-rule

Create, maintain, and delete business rules.

Maintain business-rule

Change Packages

Action

Privileges Granted

Privilege Error Text

Maintain change package

Grants all privileges for change packages, including creation of a change package, deletion, Start Impact Analysis, Updates, and Seal Package.

MAINTAIN_CHANGE_PACKAGE

View change package

Grants the privilege to view change packages from the System Setup tab.

VIEW_CHANGE_PACKAGE

Contexts

Action

Privileges Granted

Privilege Error Text

Maintain dimensions and contexts

Create and delete dimensions, dimension points, and contexts.

MAINTAIN_DIMENSIONS_AND_CONTEXTS

Cryptographic Keys

Action

Privileges Granted

Privilege Error Text

Maintain cryptographic keys

Create or delete cryptographic keys and change their passwords.

MAINTAIN_CRYPTOGRAPHIC_KEYS

Data Quality

Action

Privileges Granted

Privilege Error Text

Maintain unique keys

  • Create new keys

  • Edit existing keys

  • Activate, deactivate, check, and delete keys

MAINTAIN_UNIQUE_KEYS

Maintain Value Generator

  • Create new value generator

  • Edit value generator

  • Run value generator

Maintain Value Generator

Modify unique key value

Update locked attribute values used in unique keys.

MODIFY_UNIQUE_KEY_VALUE

Deduplication

Action

Privileges Granted

Privilege Error Text

Maintain Deduplication Configurations

Create, maintain, and delete 'Match Codes and Matching Algorithms' and maintain deduplication configuration options.

Maintain Deduplication Configurations

Maintain Possible Duplicates

Maintain, merge, and delete possible duplicates.

Maintain Possible Duplicates

Events

Action

Privileges Granted

Privilege Error Text

Maintain Event Processor

  • Set up or delete an Event Processor

  • Enable an Event Processor

  • Disable an Event Processor

  • Purge events

  • Publish events

MAINTAIN_EVENT_PROCESSOR

Maintain event queues

Add, modify, or delete event queues. Removal of this action hides the Event Queues root in System Setup.

MAINTAIN_EVENTQUEUES

View Event Processor

View event processors.

VIEW_EVENT_PROCESSOR

Integration Endpoints

Action

Privileges Granted

Privilege Error Text

Maintain Derived Event Types

Configure and maintain derived events. If Maintain Derived Event Types is disabled, there is no option to add one.

MAINTAIN_DERIVED_EVENT

Maintain Integration Endpoint

Create, delete, enable, disable, and invoke integration endpoints. Users must also have the 'View Integration Endpoint' privilege to maintain an integration endpoint.

MAINTAIN_INTEGRATION_ENDPOINT

View Integration Endpoint

Ability to view integration endpoints.

VIEW_INTEGRATION_ENDPOINT

JavaScript

Action

Privileges Granted

Privilege Error Text

Test JavaScript

Allows the user to test JavaScript via the dedicated test endpoints. For more information, refer to the VCSI: Editable Business Rules Format topic in the Configuration Management documentation and the Technical Documentation accessible at [system]/sdk or from the system Start Page.

Test JavaScript

Link Types

Action

Privileges Granted

Privilege Error Text

Maintain Link Type

  • Create and delete reference types and product to classification link types

  • Modify reference types and product to classification link types

  • Apply description attributes to link types

  • Set dimension dependencies of link types

Note: To apply description attributes to link types, these actions are also needed:

  • View attribute

  • View attribute group

  • Modify valid (node) types for product attribute

MAINTAIN_LINK_TYPE

List of Values (LOVs)

Action

Privileges Granted

Privilege Error Text

Create domain

Ability to create LOVs.

Note: The actions 'Modify name/description of domain (also translate)' and 'Modify definition of domain (validator, etc.)' must also be included to create LOVs.

DOMAIN_CREATE

Create value in hard domain

Create values in LOVs where users are not allowed to add values ('hard' LOVs).

VALUE_CREATE_IN_H_DOMAIN

Create value in medium domain

Create values in LOVs where users are allowed to add values ('medium' LOVs).

VALUE_CREATE_IN_M_DOMAIN

Delete domain

Ability to delete LOVs.

DOMAIN_DELETE

Delete value in hard/medium domain

Delete values in both types of LOVs:

  • Where users are not allowed to add values ('hard' LOVs)

  • Where users are allowed to add values ('medium' LOVs)

VALUE_DELETE_IN_HM_DOMAIN

Maintain domain groups

Create and delete LOV groups.

MAINTAIN_DOMAIN_GROUPS

Merge entire domain

Ability to merge LOVs.

DOMAIN_MERGE_ENTIRE

Merge value in hard/medium domain

Merge values in both types of LOVs:

  • Where users are not allowed to add values ('hard' LOVs)

  • Where users are allowed to add values ('medium' LOVs)

VALUE_MERGE_IN_HM_DOMAIN

Modify definition of domain (validator, etc.)

Set and edit the validation base type of LOVs.

Note: The 'Create domain' action must also be added to set validation of LOVs.

DOMAIN_MODIFY_DEFINITION

Modify dimension dependency of domain

Edit the dimension dependencies of LOVs.

DOMAIN_MODIFY_DIMENSION_DEP

Modify name/description of domain (also translate)

  • Edit name of LOVs

  • Translate names and values in LOVs

DOMAIN_MODIFY_CONTEXT_NAME

Modify value in hard/medium domain (also translate)

Edit values in both types of LOVs (including the privilege to translate):

  • Where users are not allowed to add values ('hard' LOVs)

  • Where users are allowed to add values ('medium' LOVs)

VALUE_MODIFY_IN_HM_DOMAIN

View domain

Ability to view LOVs.

Note: The 'View domain' action must be added to maintain LOVs.

VIEW_DOMAIN

View metadata for domain (property value)

View values of description attributes linked to an LOV.

VIEW_DOMAIN_METADATA

Object Types

Action

Privileges Granted

Privilege Error Text

Maintain Data Container Type

Create a data container type.

MAINTAIN_DATA_CONTAINER_TYPE

Maintain Setup Entity

Create a configuration labeled as a 'Setup Entity'. Examples: Completeness Metric, Elasticsearch Configuration, Asset Importer Configuration Type. Refer to the 'Setup Entity' entry in the STEP Terminology topic of the Getting Started documentation.

MAINTAIN_SETUP_ENTITY

Maintain setup group

Create a Setup Group Root from the Maintain menu, Insert option, Setup Group Root... option.

MAINTAIN_SETUP_GROUP

Maintain system setups

Ability to maintain options under the System Setting tab located on the 'Users & Groups' node in System Setup.

MAINTAIN_SYSTEM_SETUP

Maintain type hierarchy (node types)

  • Create object types

  • Delete object types

  • 'Save export as template' privilege in Web UI

To link attributes to object types, these actions are also needed:

  • View attribute

  • View attribute group

  • Modify valid (node) types for product attribute

MAINTAIN_USER_TYPES

View Data Container Type

View a data container type.

VIEW_DATA_CONTAINER_TYPE

View Setup Entity

View an Entity Root and object type. Example: Completeness Metric.

VIEW_SETUP_ENTITY

Print Publication

Action

Privileges Granted

Privilege Error Text

Maintain promotional pricing

Deprecated

MAINTAIN_PROMOTIONAL_PRICING

Modify frozen publication

Modify a frozen publication. This action is only used with the 'Publishing - Freeze' component model.

MODIFY_FROZEN_PUBLICATION

Purging

Action

Privileges Granted

Privilege Error Text

Empty recycle bin

Ability to delete contents of the Recycle Bin. In case the Recycle Bin contains objects that exist in more than one workspace, users must also have the 'Force Delete and Purge' action enabled to remove those objects.

EMPTY_RECYCLE_BIN

Force Delete and Purge

Ability to force purge objects that exist in more than one workspace and objects with events triggered. The action enables the 'Force Purge' button in the Empty Recycle Bin background process and the 'Force Delete and Purge' action in the Maintain menu.

FORCE_DELETE_AND_PURGE

Purge revisions

Ability to delete obsolete revisions:

  • Single revisions

  • Specified range of revisions, global purging

PURGE_REVISIONS

Reports

Action

Privileges Granted

Privilege Error Text

Run Reports

Allows users to run reports (including starting a reports background process) from File > Reports in the workbench. Without this privilege, the Reports option in the workbench File menu is grayed out.

RUN_REPORTS

SDK / API Documentation

Action

Privileges Granted

Privilege Error Text

View SDK Documentation

Ability to view the SDK / API documentation from server/sdk and the Technical Documentation accessible at [system]/sdk or from the system Start Page.

VIEW_SDK_DOCUMENTATION

Tables

Action

Privileges Granted

Privilege Error Text

Modify table settings

Ability to maintain table settings on table types, row types, column types, rules / line styles, and colors.

MODIFY_TABLE_SETTINGS

View table types

Allows users to view tables and table types.

VIEW_TABLE_TYPES

Tags

Action

Privileges Granted

Privilege Error Text

Maintain Tags

  • Maintain style tags, special characters, character tags, footnotes, and hyperlinks

  • Maintain tag groups

MAINTAIN_TAGS

Use tag

Use tags in the rich text editor, table editor, and in table transformations.

To restrict certain users to using certain tags, you must create a tag group that contains these tags and link this tag group into an attribute group. In the User Group editor, the attribute group is applied together with the action set that contains the 'Use tag' action. Users belonging to the user group will only be allowed to use the tags in the tag group linked into the attribute group.

USE_TAG

Units

Action

Privileges Granted

Privilege Error Text

Maintain units

  • Create unit groups, units, and unit conversion rules

  • Edit unit groups, units, and unit conversion rules

  • Delete unit groups, units, and unit conversion rules

MAINTAIN_UNITS

View unit

Ability to view units. This is used when linking units to attributes.

Note: The 'View unit' action must be included to use the 'Maintain units' action

VIEW_UNIT

Users & Groups and Privilege Rules

Action

Privileges Granted

Privilege Error Text

Maintain privilege rules (create, delete, modify)

  • Create privilege rules for user groups

  • Edit privilege rules for user groups

  • Delete privilege rules for user groups

Note: To maintain privilege rules, the action 'Maintain action sets (create, delete, add to, and remove from)' is also needed.

MAINTAIN_PRIVILEGES

Maintain users and groups

  • Create users and user groups

  • Duplicate and copy users and user groups

  • Delete users and user groups

MAINTAIN_USERS_AND_GROUPS

Maintain user password

Ability to change and reset user passwords by displaying the Change User Password link on a User Editor in workbench. Refer to the Changing a User Password topic.

MAINTAIN_USER_PASSWORD

Share user settings

Limits whether or not a user can share their user configured views in Web UI.

SHARE_USER_SETTINGS

Value Search

Action

Privileges Granted

Privilege Error Text

Enable Value Search/Values in typeahead

Ability to search for attribute values within attributes

VIEW_VALUE_TYPEAHEAD_AND_SEARCH

Web UI

Action

Privileges Granted

Privilege Error Text

Access Web UI

Ability to access Web UIs on the system. Access to specific Web UI instances can be granted if a Setup Group is defined in the user (group) Setup Privileges, otherwise, this action allows access to ALL Web UI instances on the server.

ACCESS_WEB_UI

Maintain Impersonation

Ability to impersonate another user for Web UI support purposes

MAINTAIN_IMPERSONATION

Update Web UI configuration

Access to modify and configure any Web UI

PORTAL_UPDATE

View context

In addition to granting access to the workbench, 'View context' also grants the ability to access the Web UI.

VIEW_CONTEXT

Web UI Administration

Grants the ability to:

  • Revert / copy to front

  • Delete action context menu

  • Duplicate action context menu

  • Status tab

  • Edit Web UI through designer

  • Edit Web UI through Workbench

  • Change Web UI ID in the XML

PORTAL_ADMIN

Workbench

Action

Privileges Granted

Privilege Error Text

Access Workbench

Ability to access all the workbench links on the Start Page.

ACCESS_WORKBENCH

Workflows

Action

Privileges Granted

Privilege Error Text

Disable STEP Workflow Auto-initiation in Imports

Ability to disable auto-initiation when importing data

STEP_WORKFLOW_DISABLE_IMPORT_AUTO_INITIATION

Initiate Item in STEP Workflow

Ability to start workflows via the Object context menu and via bulk update. It does not have any impact on auto-initiation. The action can be applied to a setup group and will then only take effect for workflows in that setup group.

STEP_WORKFLOW_INITIATE_ITEM

Maintain STEP Workflow

Ability to create, delete, cut, copy, duplicate, export, and edit workflows. The action can be applied to a setup group and will then only take effect for workflows in that setup group.

Users must also have the 'View setup group' privilege to view and maintain workflows.

MAINTAIN_STEP_WORKFLOW

Maintain STEP Workflow Profile

Edit, create, and delete workflow profiles. The action can be applied to a setup group and will then only take effect for workflow profiles in that setup group.

Users must also have the 'View STEP Workflow Profile' privilege to access workflow profiles.

MAINTAIN_STEP_WORKFLOW_PROFILE

Remove Item from STEP Workflow

Ability to remove objects from workflows via the Object context menu or the workflow context menu. The action can be applied to a setup group and will then only take effect for workflows in that setup group.

STEP_WORKFLOW_REMOVE_ITEM

STEP Workflow Administrator

  • View other users' tasks

  • Complete / submit tasks not assigned to the current user

  • Reassign tasks

  • Edit task deadlines

The action can be applied to a setup group and will then only take effect for workflows in that setup group.

STEP_WORKFLOW_ADMINISTRATOR

View STEP Workflow Profile

View workflow profiles. If a user does not have this action, the STEP Workflow navigator tab sub tab 'Profile' will not be displayed. The action can be applied to a setup group and will then only take effect for workflow profiles in that setup group.

VIEW_STEP_WORKFLOW_PROFILE

View and use STEP Workflow

View and use workflows. The action can be applied to a setup group and will then only take effect for Workflows in that setup group.

It is required to also have the 'View setup group' privilege to view workflows.

VIEW_AND_USE_STEPWORKFLOW

View setup group

Necessary for users to view workflow tasks

VIEW_SETUP_GROUP

View STEP Workflow Advanced tab

This action grants the privilege to view the 'Advanced' STEP Workflow navigator tab sub tab.

It is required to also have the 'View setup group' privilege to view workflows.

STEP_WORKFLOW_VIEW_ADVANCED

View tasks assigned to other users in my group(s)

Allows users to view all assigned tasks in all groups in which they are a member.

This privilege differs from what is currently provided by the 'STEP Workflow Administrator' setup action in that the 'STEP Workflow Administrator' setup action allows users to view all tasks across all groups.

View tasks assigned to other users in my group(s)

Workspaces

Action

Privileges Granted

Privilege Error Text

Maintain workspaces

Create and delete workspaces

MAINTAIN_WORKSPACES