System groups
Spotfire comes with a set of system groups that correspond to common user roles, such as Library Administrator and Script Author. System groups are created at installation and cannot be removed.
Users who require the permissions that are granted by one or more of these groups must either be added to the appropriate group, or to a subgroup of that group.
Group name | Description | Notes |
---|---|---|
Administrator | Membership grants administrator privileges on
Spotfire Server, including the ability to manage users and groups. Members are
given most permissions described below, in addition to administration of
preferences in the Administration Manager tool in Spotfire Analyst.
Note: The Administrator group does not include the permissions
from the Script Author and Custom Query Author groups.
|
The Spotfire Administration license is automatically assigned to this group and cannot be removed. |
Anonymous User | This group is used for anonymous authentication. It contains the guest@ANONYMOUS user. | |
API User (obsolete) | Only appears on upgraded systems. | |
Automation Services Users | Membership grants permission to schedule
Automation Services jobs in the Spotfire Server administration interface, and
to execute Automation Services jobs on the server by using the administration
interface, the Job Builder, or the Client Job Sender.
To use the Job Builder, users must also have the "TIBCO Spotfire Extensions" license or the "Automation Services Job Builder Tool" feature, which is part of the TIBCO Spotfire Extensions license. |
By default, the user account Automation
Services System Account is a member of this group.
Warning: Do not remove this account
unless you are sure of what you are doing.
Note: It is also
possible to configure Automation Services to use a Kerberos account or a custom
Spotfire account.
|
Custom Query Author | Membership grants permission to save custom
queries as trusted to the library. Only trusted custom queries will run in web
clients.
Important: An authorized custom query
author MUST ALSO have the Custom Query in Connections feature, which is part of
the TIBCO Spotfire Analyst license.
|
|
Deployment Administrator | Membership grants permission to deploy packages to the server by using the Deployments & Packages area. Members can deploy to any area on the server, as well as delete any existing deployment. | |
Diagnostics Administrator | Membership grants permission to view logs and diagnostics, set logging configurations, download troubleshooting bundles, and so on. Members of this group can access the Monitoring & Diagnostics area of the server. | |
Everyone | This group always contains all users in the Spotfire implementation except for the Anonymous users (guests). | No users can be removed from this group, but you can set licenses for the group if you want to. |
Impersonator (obsolete) | Only appears on upgraded systems. | |
Library Administrator | Membership grants full permission to the
library, including the ability to create new top level folders. It overrides
all folder permissions set in the library, granting full control over content.
Important: Library administrators must also
have the "Library Administrator" license.
|
Users and groups that require administrative privileges in the library must belong to this group or the Administrator group. |
Scheduled Updates Users | The user account that executes scheduled updates must be a member of this group. | By default, the user account
scheduledupdates@SPOTFIRESYSTEM is a member of this group.
Note: It is also
possible to configure scheduled updates to use a Kerberos account or a custom
Spotfire account.
|
Scheduling and Routing Administrator | Membership grants full permission to manage scheduled updates and routing rules. Members of this group have full access to the Scheduling & Routing area of the server. | |
Script Author | Membership grants permission to save scripts
and data functions as trusted in the Spotfire library.
Important: Script authors also need the
"Access to extensions" feature or the "Author scripts" feature, which are part
of the Spotfire Extensions license.
|
Scripts and data functions that are executed
by the Web Player or Spotfire Analyst can essentially do anything that deployed
packages can do. Therefore, only trusted users should be granted this
permission.
Important: Because scripts can introduce errors or
even cause the Spotfire applications to fail, only users that have sufficient
competence to develop and deploy scripts should be allowed in this group.
|
System Account | This group contains the system accounts that are used internally in the Spotfire environment. | This group cannot be edited. |
Web Player Administrator | Legacy group included for Spotfire implementations that have a long upgrade history. |
Parent topic: Groups and licenses
Related concepts
Related tasks
Related reference
Related information