User Roles & Permissions
When OpenFn Users are invited to work on your Project as Collaborators, they
are assigned a Role that determines their permissions. The four available
Roles are: Owner (only 1 per project), Admin, Editor & Viewer. Check out the
table below for the permissions available to each role.
| Context | Action | Owner | Admin | Editor | Viewer |
|---|---|---|---|---|---|
| Workflows | Create a Workflow | ✔️ | ✔️ | ✔️ | ❌ |
| Workflows | Edit a Job in a Workflow | ✔️ | ✔️ | ✔️ | ❌ |
| Workflows | Add/remove webhook authentication method for Workflow | ✔️ | ✔️ | ❌ | ❌ |
| Workflows | Delete a Workflow | ✔️ | ✔️ | ✔️ | ❌ |
| Workflows | Run from the Inspector | ✔️ | ✔️ | ✔️ | ❌ |
| Workflows | Select the 5 latest Inputs for a Job in a Workflow | ��✔️ | ✔️ | ✔️ | ❌ |
| History | View/search/filter on the History page | ✔️ | ✔️ | ✔️ | ✔️ |
| History | View a Run from the Work Order history | ✔️ | ✔️ | ✔️ | ✔️ |
| History | View a Input from a Work Order history | ✔️ | ✔️ | ✔️ | ✔️ |
| History | Run from the Work Order history | ✔️ | ✔️ | ✔️ | ❌ |
| Settings | View Project name | ✔️ | ✔️ | ✔️ | ✔️ |
| Settings | Edit Project name | ✔️ | ✔️ | ❌ | ❌ |
| Settings | View Project description | ✔️ | ✔️ | ✔️ | ✔️ |
| Settings | Edit Project description | ✔️ | ✔️ | ❌ | ❌ |
| Settings | Export Project | ✔️ | ✔️ | ✔️ | ✔️ |
| Settings | Delete a Project | ✔️ | ❌ | ❌ | ❌ |
| Settings | View Project Credentials, type, and owner | ✔️ | ✔️ | ✔️ | ✔️ |
| Settings | Add/remove webhook authentication method for Project | ✔️ | ✔️ | ❌ | ❌ |
| Settings | Change MFA requirement for Project | ✔️ | ✔️ | ❌ | ❌ |
| Settings | Add/remove Project Collaborator | ✔️ | ✔️ | ❌ | ❌ |
| Settings | View Project Collaborators (project_users, role, digest and alerts) | ✔️ | ✔️ | ✔️ | ✔️ |
| Settings | Edit digest and alerts for themselves | ✔️ | ✔️ | ✔️ | ✔️ |
| Settings | Edit digest and alerts for others | ❌ | ❌ | ❌ | ❌ |
| Settings | Change Input/Output Dataclip storage policy | ✔️ | ✔️ | ❌ | ❌ |
| Settings | Change History retention period | ✔️ | ✔️ | ❌ | ❌ |
| Settings | Update GitHub project/repo connection | ✔️ | ✔️ | ❌ | ❌ |
| Settings | Initiate GitHub sync | ✔️ | ✔️ | ❌ | ❌ |
Super User privileges
Every OpenFn instance has a user with a Super User role that enables them to have full administrative control of the platform. This includes management of users, projects, audit trail, and third-party authentication, with the below Super User privileges:
| Aspect | Description | Features/Permissions |
|---|---|---|
| User Management | The management of users on an OpenFn instance | Creating, editing, removing users |
| Project Management | How projects are created and managed on the instance | Create, delete, edit a project, assign users |
| Authentication | Third-party access management for users on the instance | Set up OpenID Auth for the instance |
| Audit Trailing | Auditability and change management | View history of relevant user actions on the instance for audits |
If you're using the hosted OpenFn platform (e.g., app.openfn.org), contact support@openfn.org if you need to get in touch with the super user to request new projects or configuration changes.