On this page:



Permission in Teamwork Cloud is an approval to perform a particular task or access one or more data or resource objects in the system. Permissions are associated with roles. A role contains a set of permissions allowing a user with that role to perform specific tasks or work on a resource. For example, a Resource Contributor role has permission to edit and read resources or edit resource properties. The permissions enable that role to perform specific operations that are forbidden to other users.

Assigning permissions

You cannot directly assign permissions to a user. You must assign permissions to a role first and then assign the role to a user. 

When you select a role in the Roles application, you can see its details and the permissions assigned to it. The figure below shows the permissions of the Server Administrator role. 

The details of the selected role are displayed on the right-hand pane of the Roles application.

Default roles and their permissions 

The table below describes all default roles and their permissions. 

RolePermissionsDescriptionScope
Index ManagerAdminister Resources

The user must also have the Edit Resources and Edit Resource Properties permissions to enable listed actions; otherwise, the resources will be read-only.

The user with these three permissions can:

  • Use local and server resources
  • Stop using resources in the resource (including Standard/System Profiles)
  • Lock/Unlock usages. Change versions of used resources
  • Update resources from a local file
  • Reload usages from a local file
  • Import usage to a resource
  • Migrate resources to a newer version
  • Upgrade resources to new versions of Standard/System Profiles
  • Set a resource as the latest
  • Export packages to a new resource
  • Reset element IDs (reset resource IDs)
  • Create a branch
  • Remove a branch
  • Rename a branch
Global/Resource specific
List All ResourcesThe user with this permission can see all resources and access them.Global/Resource specific
Data Markings ManagerMark DataThe user with this role can mark or unmark Users, User Groups, Resources, and Categories with predefined clearance and classification levels.Global
Resource Contributor

Edit Resources

The user with this permission can edit the resource contents. This includes the ability to change or augment the model.Global/Resource specific
Edit Resource PropertiesThe user with this permission can edit resource properties, or change the name or description of the resource.Global/Resource specific
Read ResourcesThe user with this permission can read the resource contents. This includes the ability to open and review models.Global/Resource specific
Resource Creator

Create Resource

The user with this permission can create resources. This also includes the ability to add resources to the server.Global/Category specific
Manage CategoriesThe user with this permission can categorize resources, including the ability to create, delete, or edit existing categories.Global/Category specific
Resource Locks Administrator

Read Resources

The user with this permission can read the resource contents. This includes the ability to open and review models.Global/Resource specific

Release Resource Locks

The user with this permission can release other users' locks in a resource. Global/Resource specific
Resource Manager 

Administer Resources

The user is required to also have the Edit Resources and Edit Resource Properties permissions to enable listed actions, otherwise, the resources will be read-only.

The user with these three permissions can:

  • Use local and server resources
  • Stop using resources in the resource (including Standard/System Profiles)
  • Lock/Unlock usages. Change versions of used resources
  • Update resources from a local file
  • Reload usages from a local file
  • Import usage to a resource
  • Migrate resources to a newer version
  • Upgrade resources to new versions of Standard/System Profiles
  • Set a resource as the latest
  • Export packages to a new resource
  • Reset element IDs (reset resource IDs)
  • Create a branch
  • Remove a branch
Global/Resource specific
Edit ResourcesThe user with this permission can edit the resource contents. This includes the ability to change or augment the model.Global/Resource specific
Edit Resource PropertiesThe user with this permission can edit resource properties, or change the name or description of the resource.Global/Resource specific

List All Users

The user with this permission can see all users.Global
Manage Model PermissionsThe user with this permission can manage model-level permissions. This permission automatically includes the List All Users permission. Global/Resource specific
Manage Owned Resource Access RightThe user with this permission can manage resource-specific access rights, including the ability to grant or revoke user roles in the limited resource scope. This permission automatically includes the List All Users permission. Global/Resource specific
Read ResourcesThe user with this permission can read the resource contents. This includes the ability to open and review models.Global/Resource specific
Remove ResourceThe user with this permission can delete resources.Global/Resource specific
Resource Synchronization Manager

Create Resource

The user with this permission can create resources. This also includes the ability to add resources to the server.Category-specific
Manage CategoriesThe user with this permission can categorize resources, including the ability to create, delete, or edit existing categories.Category-specific
Administer Resources

The user is required to also have the Edit Resources and Edit Resource Properties permissions to enable listed actions, otherwise, the resources will be read-only.

The user with these permissions can:

  • Use local and server resources
  • Stop using resources in the resource (including Standard/System Profiles)
  • Lock/Unlock usages. Change versions of used resources
  • Update resources from a local file
  • Reload usages from a local file
  • Import usage to a resource
  • Migrate resources to a newer version
  • Upgrade resources to new versions of Standard/System Profiles
  • Set a resource as the latest
  • Export packages to a new resource
  • Reset element IDs (reset resource IDs)
  • Create a branch
  • Remove a branch
Category-specific
Resource Reviewer

Read Resources

The user with this permission can read the resource contents. This includes the ability to open and review models.Global/Resource specific
Security Audit Manager (global role)Access ReportsUsers with this permission can access the Reports application.Global
Security Manager (global role)Configure Data MarkingsThe user with this permission can see the Data markings menu item in the Settings application.Global

List All Resources

The user with this permission can see all resources and access them.Global
List All UsersThe user with this permission can see all users.Global
Manage Security RolesThe user with this permission can manage roles, including the ability to create, edit, or delete roles.Global
Manage User PermissionsThe user with this permission can manage user-level permissions, including the ability to grant or revoke roles in unlimited scope.Global
Server Administrator (global role)

Configure Server

The user with this permission can configure server settings, including the ability to configure a secured connection, LDAP connection, and manage server licenses.Global
User Manager (global role)

Create User

The user with this permission can create new server users.Global
Edit User PropertiesThe user with this permission can edit user details.Global
List All UsersThe user with this permission can see all users.Global
Manage User GroupsThe user with this permission can manage user groups, including the ability to create, edit, or delete user groups.Global
Remove UserThe user with this permission can delete users.Global
  • If a user with the Resource Creator role creates a resource, that user will be assigned as the Resource Manager for that particular resource.
  • To be able to read-write resources, the user must have the Read Resources, Edit Resources, and Edit Resource Properties permissions. Otherwise, the user will see resources as read-only.
  • To work with webhooks, a user needs the following permissions: Read Resources (global or resource-specific), Configure Server, and Administer Resources (global or resource-specific). With resource-specific permissions, the user can create and/or see the webhooks created for the resources that this user can read.

Downloading permissions report

You can download a user's permission report and view the permissions they were assigned in Excel format.

To download the permissions report, you must have the following permissions: List All Resources, Manage Security Roles, and Manage User Permissions.

To download the permissions report


Do one of the following:

  • In the Users application, click next to the user and select Generate permissions report.



  • In the My account application, click at the bottom left corner to download the report.