Skip to content

Runtime permissions

The main facts about runtime permissions are:

  • Only the owner of a runtime can delete it.
  • A user with the Owner role can make a public runtime private by changing its properties. By doing so, the user becomes the owner of the private runtime.
  • By default, a private runtime can be seen and managed only by its creator, who is also the initial owner. The creator can however share the runtime with others and decide what they can do. Permissions are set when sharing the runtime or when managing existing shares.

  • The permission to see a private runtime is implicitly given to whoever the runtime is shared with. The other permissions that can be given are Edit runtime and Publish and test, which correspond to the privileges listed in the table below.

    Permission →
    Privilege
    		 Edit runtime Publish and test
    Edit information, including making the runtime public if the operation is performed by a user with the Owner role YES NO
    Share runtime and set permissions on each share YES NO
    Delete a share (except the implicit share) YES NO
    Regenerate the connection token YES NO
    Publish a workflow NO YES
    Test a published workflow NO YES
    Unpublish a workflow NO YES

  • The owner of a private runtime can give the ownership to another user with whom he has shared the runtime.

  • A non-owner user who sees a runtime because it is shared with him can remove the share by "leaving" it.