Skip to main content

Permissions resources

This document contains a list of each unique resource type, with a description of each, and the permissions available for that resource.

Each resource type has up to three permissions available, which specify the actions that can be taken by the member for that resource. The acronym CRUD in the table below stands for Create, Read, Update and Delete permissions. Edit permissions include view permissions, and admin permissions include edit permissions.

See Permissions for how to configure these for your team.

Workbench resources

ResourceDescriptionView PermissionEdit PermissionAdmin Permission
API authentication controlsUsed to authenticate your requests to the Atomic APIList credentialsCRUDn/a
Analytics exporterAccess to view real-time analytics and download batched analytics setsDownload & view analyticsn/an/a
Audit logLog of workbench members’ actions within your organization
(org scoped)
View own audit log entriesn/aView others' audit log entries
Card instanceAn instance of a card template sent to a customerView log and analyticsSend cards from workbenchCancel sent cards (preview feature)
Card templateUsed to view, send, edit and publish card templatesView card templates and media, send test cardsEdit draft card templates and mediaPublish and archive card templates
(preview feature)
Configuration for incoming webhook connectorsViewCRUDn/a
ContainerConfigures card streams within your appViewCRUDn/a
CustomerA user of your web and mobile applicationsn/an/aCRUD
EnvironmentEach environment within an organization is a separate space, with separate configurationView environment nameCreate and edit nameDeactivate and edit custom fields
NotificationsPush notification configuration details for each SDK platformView config detailsCRUDn/a
OrganizationAtomic customers are typically given one organization. Each organization contains multiple environments
(org scoped)
View name and preferencesEdit name and preferencesn/a
Override card approvalEnables a member to approve on behalf of any approval groupn/an/aApprove on behalf of any approval group
Request debuggerLog of the last 100 failed client API requests
(org scoped)
View logn/an/a
RoleAn identity with specific permissions. A role can be assigned to 1 or more groups, giving a set of permissions to all members of that group
(org scoped)
View all roles and their permissionsCreate and edit rolesn/a
SDK API keyNeeded for SDK integrations, and to configure allowed JWT issuersView API keyCRUDn/a
SegmentSubset of customers with common characteristicsView which filters are appliedCreate and edit segmentsn/a
StreamA collection of cards which can be assigned to 1 or more stream containers in your appsViewCRUDn/a
TagTags are available when filtering customersViewCRUD (inc user tags)n/a
ThemeTheming configuration for stream containersViewCRUDn/a
Webhook credentialsAuthentication credentials for webhook requestsViewCRUDn/a
Webhook request logStatus and metadata for outgoing webhook requestsView metadatan/an/a
Webhook subscriptionRequests made from Atomic to external servicesViewCRUDn/a
Workbench memberA member of the workbench
(org scoped)
Workbench member groupControls workbench member groups and their associated roles
(org scoped)
Workbench member group assignmentControls assignment of workbench members to groups
(org scoped)

Example permission sets

Card approval

People who only need to approve cards can be given a view permission on the card template resource - no other permissions are needed.

Insights dashboard

People who need access to the insights dashboard need view permissions on the card instance as well as the card template resources.

Organization-scoped workbench resources

Some resources are scoped to the organization level as opposed to the environment level. This means that permissions to these resources can't be limited to an environment.

These resources are:

  • audit log
  • organization
  • request debugger
  • role
  • workbench member
  • workbench member group
  • workbench member group assignment

See the Scoping of resources section for a further explanation and a worked example of how to create a group with environment-level scoped resource permissions as well as organization-level scoped resource permissions.

Permissions for default roles

By default your Atomic account comes with three groups: Owner, Admin, and Editor.

This table describes the default permissions each of these roles has:

API authentication controlsEditEdit
Analytics exporterViewView
Card instanceEditEditView
Card templateAdminAdminAdmin
Override card approvalAdminAdminn/a
Request debuggerEditEdit
SDK API keyEditEdit
Webhook credentialEditEdit
Webhook request logViewView
Webhook subscriptionEditEdit
Workbench memberEditEdit
Workbench member groupEditEdit
Workbench member group assignmentEditEdit