User Roles

Roles are a group of authorizations that are assigned to a user. The ability to create and modify users and contents is only restricted to authorized users. Same with assigning Users and Groups, assigning User Roles is modified within User Management.

Roles can be combined to create a group. Multiple users can be assigned to a group.

The Role ID, which is used to assign specific role/s via API, is displayed under the role name labeled ID. The copy-to-clipboard icon to its right allows convenient copying.

User Type	Capabilities	Limitations
User Administrator	The User Administrator manages who can access Strato's features by assigning groups and granting roles to specific users. They also have access to the fields manager and is the POC for license requests	They cannot change the set rules and parameters set in Strato and would need to contact a Strato Administrator for any change in requirements and request for licenses.
Editor	The Editor can create, modify, and delete Document Templates, Text and Table Sections, and Photos. They can access the global album and can make changes as necessary.	They have no control over User Management and Field Settings.
Publisher	This is the default access for all employees in Strato.	They cannot create or modify their own templates or change their details unless it is changed in the data source.
Translator	The Translator can view and translate Document Templates, Sections, and images into a specific language.	They can only view Document Templates, Sections, and images but will not be able to apply changes to its overall structure or content.
Workflow Admin	A Workflow Admin can create, modify, view, publish, can act on behalf of a workflow actor, can	(TBA)
File Management Admin	A user with super admin access to stored files and folders will have full access to all files and folders under File Management regardless of the authorizations configured to those files and folders. This includes viewing and modifying folders and stored files. A super admin can also delete files.	For non-super admin users, files and folders that have specific authorizations where the current user is not part of will be hidden. Non-super admin users cannot delete folders and files.
External User Viewer	Enables users to perform the following actions: View external users in the User Management's External Users tab Utilize Source in advanced searches in Strato Storage and access the external user list in Storage Management.	If additional actions are required other than viewing, additional specific-based authorizations are needed.

Authorizations per Role:

Role	Authorizations
System Admin	Can manage users Can manage roles Can manage groups Has access to the fields settings Has access to the widgets settings Can create document templates Can modify document templates Can publish document templates Can create sections in document templates Can modify sections in documents templates Can publish sections in document templates Has access to the pictures library Can modify global pictures album Has access to the license manager Has access to the translation components Can create workflows Can modify workflows Can publish workflows Can only view workflows Can act on behalf of a workflow actor Can stop a workflow Can restart workflow in error Can Unlock Template Super Admin access to Strato Storage Can view File Management Can modify File Management Can view Storage Management Can perform modifications in Storage Management Can re-assign files between users in Storage Management Can create and modify Rules, Categories and Metadata Can change validity dates/document Can perform mass update of validity dates and category of documents Can add and remove Legal Hold Package Manager Import - can overwrite all conflicts Package Manager - can create/modify packages Package Manager - can import packages Package Manager - can export packages Has debugging access Can view external users Can change proxy user Can access upgrade center Can install and uninstall alpha Can install and uninstall beta
Admin	Can manage users (see: Introduction to User Management) Can manage roles (see: Creating User Role) Can manage groups (see: Creating User Groups) Has access to the field settings (see: Field Settings - Overview) Has access to the license manager
Publisher	Has access to the widget settings (see: Introduction to Widget Settings) Can publish document templates Can publish sections in document templates
Editor	Can create and modify document templates (see: Creating a Document Template) Can create and modify sections in document templates (see: Creating and Using Reusable Sections [Sub-templates]) Has access to the picture library (see: Introduction to Picture Library)
Translator	Has access to the translation component
Workflow Admin	Can create and modify workflows (see: Workflow Template Editor [Creating Strato Automate]) Can view workflow (can also just View Workflow and none of the rest depending on the requirement) Can publish workflow Can act on behalf a workflow actor Has debugging access Reminder: The debugging feature will give access to confidential information
File Management Admin (Super Admin role)	Super admin access to the File Management (includes folders and files not assigned to the super admin via "Include All Files" function) Can view File Management (see: File Management - Overview) Can modify File Management (see: Move Folders and Files [File Management]) Can view Storage Management (see: Storage Management - Overview) Can perform modifications in Storage Management Can re-assign files between users in Storage Management Can create rules for validity dates (see: Rule Definition to Set Validity Rules and Assign Metadata to Documents) Can change validity dates of documents (see: Setting Validity Dates) Can perform mass update of validity dates of documents (see: Mass Application of Validity Rules [File and Storage Management]) Note: This is a sample role and doesn't come as standard.
File Management Admin (HR Admin role)	Can view File Management Can modify File Management Can view Storage Management Can perform modifications in Storage Management Can re-assign files between users in Storage Management (see: Reassign Files to Employees [Storage Management]) Note: This is a sample role and doesn't come as standard.
File Management Admin (Manager role)	Can view Storage Management Can perform modifications in Storage Management Note: This is a sample role and doesn't come as standard.
File Management Admin (Recruiter role)	Can view Storage Management Can perform modifications in Storage Management Can re-assign files between users in Storage Management Note: This is a sample role and doesn't come as standard.
Legal Hold	Can add and remove Legal Hold (see: Applying Legal Hold to Employee Documents and Removing Legal Hold to Employee Documents) Note: This is a sample role and doesn't come as standard.
Package Manager	Package Manager Import - can overwrite all conflicts Package Manager Import - can delete packages Package Manager Import - can create/modify packages Package Manager Import - can import packages Package Manager Import - can export packages Note: This is a sample role and doesn't come as standard.
External User Viewer	Can view external users
Upgrade Center Access	Can access upgrade center
Upgrade Center (Alpha Access)	Can install and uninstall new software features in alpha version
Upgrade Center (Beta Access)	Can install and uninstall new software features in beta version
Upgrade Center (All Access)	Can access upgrade center Can install and uninstall new software features in alpha version Can install and uninstall new software features in beta version

💡

For more information on setting up system workflow administrators, read Creating a User Role for a Workflow Administrators.