System groups
Spotfire comes with a set of system groups that correspond to common user roles, such as Library Administrator and Script Author. System groups are created at installation and cannot be removed.
Users who require the permissions that are granted by one or more of these groups must either be added to the appropriate group, or to a subgroup of that group.
| Group name | Description | Notes |
|---|---|---|
| Administrator | Membership grants administrator privileges on Spotfire Server, including the ability to manage users and groups. Members are given all permissions described below, in addition to administration of preferences in the Administration Manager tool in Spotfire Analyst. | The Spotfire Administration license is automatically assigned to this group and cannot be removed. |
| Anonymous User | This group is used for anonymous authentication. It contains the guest@ANONYMOUS user. | |
| API User (obsolete) | Only appears on upgraded systems. | |
| Automation Services Users | Membership grants permission to schedule Automation Services jobs in the Spotfire Server administration interface, and to execute Automation Services jobs on the server by using the administration interface, the Job Builder, or the Client Job Sender.
To use the Job Builder, users must also have the "Tibco Spotfire Extensions" license or the "Automation Services Job Builder Tool" feature, which is part of the TIBCO Spotfire Extensions license. |
By default, the user account Automation Services System Account is a member of this group.
Warning: Do not remove this account unless you are sure of what you are doing.
Note: It is also possible to configure Automation Services to use a Kerberos account or a custom Spotfire account.
|
| Custom Query Author | Membership grants permission to save custom queries as trusted to the library. Only trusted custom queries will run in web clients.
Important: An authorized custom query author MUST ALSO have the Custom Query in Connections feature, which is part of the TIBCO Spotfire Analyst license.
|
|
| Deployment Administrator | Membership grants permission to deploy packages to the server by using the Deployments & Packages area. Members can deploy to any area on the server, as well as delete any existing deployment. | |
| Diagnostics Administrator | Membership grants permission to view logs and diagnostics, set logging configurations, download troubleshooting bundles, and so on. Members of this group can access the Monitoring & Diagnostics area of the server. | |
| Everyone | This group always contains all users in the Spotfire implementation except for the Anonymous users (guests). | No users can be removed from this group, but you can set licenses for the group if you want to. |
| Impersonator (obsolete) | Only appears on upgraded systems. | |
| Library Administrator | Membership grants full permission to the library, including the ability to create new top level folders. It overrides all folder permissions set in the library, granting full control over content.
Important: Library administrators must also have the "Library Administrator" license.
|
Users and groups that require administrative privileges in the library must belong to this group or the Administrator group. |
| Scheduled Updates Users | The user account that executes scheduled updates must be a member of this group. | By default, the user account scheduledupdates@SPOTFIRESYSTEM is a member of this group.
Note: It is also possible to configure scheduled updates to use a Kerberos account or a custom Spotfire account.
|
| Scheduling and Routing Administrator | Membership grants permission to create scheduled updates and routing rules. Members of this group can access the Scheduling & Routing area of the server. | For Spotfire implementations that are upgrading to version 7.5, the old "WebPlayer Administrator" group has been added as a subgroup to the Scheduling and Routing Administrator group to facilitate migration. However, in all new implementations, only the Scheduling and Routing Administrator role is required for creating scheduled updates and routing rules. |
| Script Author | Membership grants permission to save scripts and data functions as trusted in the Spotfire library.
Important: Script authors also need the "Access to extensions" feature or the "Author scripts" feature, which are part of the Spotfire Extensions license.
|
Scripts and data functions that are executed by the Web Player or Spotfire Analyst can essentially do anything that deployed packages can do. Therefore, only trusted users should be granted this permission. |
| System Account | This group contains the system accounts that are used internally in the Spotfire environment. | This group cannot be edited. |
| Web Player Administrator | Legacy group included for Spotfire implementations that are upgrading to version 7.5. See the "Scheduling and Routing Administrator" notes, above. |