Skip to main content

Permissions resources

This document contains a list of each unique resource type, with a description of each, and the permissions available for that resource.

Each resource type has up to three permissions available, which specify the actions that can be taken by the member for that resource. The acronym CRUD in the table below stands for Create, Read, Update and Delete permissions. Edit permissions include view permissions, and admin permissions include edit permissions.

See Permissions for how to configure these for your team.

Workbench resources

ResourceDescriptionView PermissionEdit PermissionAdmin Permission
API authentication controlsUsed to authenticate your requests to the Atomic APIList credentialsCRUDn/a
Analytics exporterAccess to view real-time analytics and download batched analytics setsDownload & view analyticsn/an/a
Audit logLog of workbench members’ actions within your organizationView own audit log entriesn/aView others' audit log entries
Card instanceAn instance of a card template sent to a customerView log and analyticsSend cards from workbenchn/a
Card templateUsed to view, send, edit and publish card templatesView card templates and media, send test cardsEdit draft card templates and mediaPublish and archive card templates
ConnectorsConfiguration for incoming webhook connectorsViewCRUDn/a
ContainerConfigures card streams within your appViewCRUDn/a
CustomerA user of your web and mobile applicationsn/an/aCRUD
EnvironmentEach environment within an organization is a separate space, with separate configurationView environment nameCreate and edit nameDeactivate and edit custom fields
NotificationsPush notification configuration details for each SDK platformView config detailsCRUDn/a
OrganizationAtomic customers are typically given one organization. Each organization contains multiple environmentsView name and preferencesEdit name and preferencesn/a
Override card approvalEnables a member to approve on behalf of any approval groupn/an/aApprove on behalf of any approval group
Request debuggerLog of the last 100 failed client API requestsView logn/an/a
RoleAn identity with specific permissions. A role can be assigned to 1 or more groups, giving a set of permissions to all members of that groupView all roles and their permissionsCreate and edit rolesn/a
SDK API keyNeeded for SDK integrations, and to configure allowed JWT issuersView API keyCRUDn/a
SegmentSubset of customers with common characteristicsView which filters are appliedCreate and edit segmentsn/a
StreamA collection of cards which can be assigned to 1 or more stream containers in your appsViewCRUDn/a
TagTags are available when filtering customersViewCRUD (inc user tags)n/a
ThemeTheming configuration for stream containersViewCRUDn/a
Webhook credentialsAuthentication credentials for webhook requestsViewCRUDn/a
Webhook request logStatus and metadata for outgoing webhook requestsView metadatan/an/a
Webhook subscriptionRequests made from Atomic to external servicesViewCRUDn/a
Workbench memberA member of the workbenchViewCRUDn/a
Workbench member groupControls workbench member groups and their associated rolesViewCRUDn/a
Workbench member group assignmentControls assignment of workbench members to groupsViewCRUDn/a

Organization-scoped workbench resources

Some resources are scoped to the organization level as opposed to the environment level. This means that permissions to these resources can't be limited to an environment.

These resources are:

  • audit log
  • organization
  • request debugger
  • role
  • workbench member
  • workbench member group
  • workbench member group assignment

See the Scoping of resources section for a further explanation and a worked example of how to create a group with environment-level scoped resource permissions as well as organization-level scoped resource permissions.

Permissions for default roles

By default your Atomic account comes with three groups: Owner, Admin, and Editor.

This table describes the default permissions each of these roles has:

ResourceOwnerAdminEditor
API authentication controlsEditEdit
Analytics exporterViewView
Card instanceEditEditView
Card templateAdminAdminAdmin
ContainerEditEditView
CustomerAdminAdmin
EnvironmentAdminAdminView
NotificationsEditEdit
OrganizationEditEditView
Override card approvalAdminAdminn/a
Request debuggerEditEdit
RoleEditEdit
SDK API keyEditEdit
SegmentEditEdit
StreamEditEditView
TagEditEditView
ThemeEditEdit
Webhook credentialEditEdit
Webhook request logViewView
Webhook subscriptionEditEdit
Workbench memberEditEdit
Workbench member groupEditEdit
Workbench member group assignmentEditEdit