Roles - Anaplan Technical Documentation

The Roles tab in the Access Control section of the Administration console enables you to review the roles in your tenant.

You must have either the Tenant Admin or View Admin role to access the Roles tab.

To view the roles in your tenant:

In the Administration console, navigate to Access Control > Roles.
View the list of roles.

The Roles tab in Administration console. The Tenant Admin role is selected. The policy details display on the bottom half of the screen.

The Roles tab displays:

the roles in your tenant
the policy associated with each role
the description of each role
the number of users assigned to the role

Click on the entry in the Users Assigned column to navigate to the Assignments tab and view a list of users assigned to that role.

Select an entry to view the policy details of the individual role. For more information, see Policies.

Access Control Roles

Role	Policy	Description
View Admin	View Admin	View administrators can view the configuration of a tenant, but cannot update anything.
Tenant Admin	Tenant Admin	Tenant administrators manage the configurations and settings at the tenant level. Tenant administrators: Cannot access other tenants Cannot access tenant data Can access metadata Tenant administrators have the Read permissions that the view administrator has. In addition, they can: Assign process owners, tenant auditors, and other tenant admins Create Role Membership for other tenant roles Update Model Categories Update Users Note: The Assignments feature cannot remove this role if you're the only user in your tenant assigned to the Tenant Admin role.
Tenant Security Admin	Tenant Security Admin	Tenant security administrators manage the tenant’s security settings. They can: access the Self Service SAML feature in the Administration Console (via the SSO tab) create a new identity provider (IdP) connection modify an existing IdP connection disable an existing IdP connection
Encryption Admin	Encryption Admin Policy	Encryption administrators manage the BYOK encryption keys for their organization and handle the encryption of their workspaces. Encryption administrators can only see the workspaces and keys for the tenant to which they belong. Encryption administrators can: create, read, and update encryption keys assign the Encryption Admin role remove the Encryption Admin role Note: To unassign yourself from the encryption administrator role, have another encryption administrator unassign you. Encryption administrators cannot unassign themselves from the Encryption Admin role.
Integration Admin	Integration Admin	The Integration Admin role enables you to access the Integration Framework feature to: create, edit, and delete a connection create, edit, and delete an integration
Page Builder	Page Builder	A Page Builder can: create, edit, and delete apps that represent business processes set up data views from Anaplan models configure boards and worksheets use cards to build interactive pages with graphics populate the card template library
Process Owner	Process Owner	In a future release, process owners can create, edit, update, and delete Workflow processes for their tenant. Workflow processes consist of several tasks that the process owner assigns to users. For example, viewing and modifying information on dashboards and approving or rejecting those changes. In addition, process owners can start cycles of their workflow processes and can complete their own workflow tasks. Notes: Administrators who have the Process Owner role can run tasks in any workflow process. Your organization must be licensed for the Workflow feature to make use of the Process Owner role. If you do not have Workflow enabled, you can view and assign the Process Owner role. Process owners have no authorizations until Workflow is enabled.
Tenant Auditor	Tenant Auditor	Tenant Auditors can view audit information for their tenant. See Security - Audit. Note: Your organization must be licensed for the Audit feature to make use of the tenant auditor role. If you do not have Audit enabled, you can view and assign the tenant auditor role. Tenant auditors have no authorizations until Audit is enabled.