Suggested roles
| Role | Profile | Typical permissions |
|---|
| Admin | System administrator | All permissions |
| Architect | Solutions architect | applications.*, assessments.*, migration-plans.view+create+update+approve, risks.*, reports.* |
| Platform Engineer | Platform engineer | applications.view+update, assessments.view, migration-plans.view+execute, risks.view |
| Developer | Application developer | applications.view+update, assessments.view+create+update, risks.view+create |
| DBA | Database administrator | applications.view, assessments.view, migration-plans.view+execute, risks.view |
| Analyst | Analyst / consultant | applications.view, assessments.view+create+update+review, reports.view+create+export |
| Viewer | Read-only | applications.view, assessments.view, migration-plans.view, reports.view |
Available permissions
Applications
| Permission | What it allows |
|---|
applications.view | View application list and details |
applications.create | Create new applications and import via JSON |
applications.update | Edit existing applications |
applications.delete | Delete applications |
applications.export | Export application list |
Assessments
| Permission | What it allows |
|---|
assessments.view | View assessments |
assessments.create | Create new assessments |
assessments.update | Answer the wizard and edit answers |
assessments.review | Mark as reviewed |
assessments.approve | Approve the migration strategy |
assessments.delete | Delete assessments |
assessments.export | Export assessment data |
Migration Plans
| Permission | What it allows |
|---|
migration-plans.view | View migration plans |
migration-plans.create | Create and generate plans |
migration-plans.update | Edit and regenerate plans |
migration-plans.approve | Approve plans for execution |
migration-plans.execute | Update step and checklist status |
migration-plans.delete | Delete plans |
Other modules
| Permission | What it allows |
|---|
risks.view / create / update / delete | Manage risks |
reports.view / create / export / delete | Manage reports |
users.view / create / update / delete | Manage users |
roles.view / manage | View and edit roles |
catalog.view / manage | Manage technology catalog |
audit.view | View audit logs |
api.access | REST API access |
User fields
| Field | Description |
|---|
name | Full name |
email | Email (used for login) |
job_title | Job title |
department | Department |
is_active | Whether the user can log in |
force_password_change | Force password change on next login |
locale | Preferred interface language |
Deactivating a user
A deactivated user (is_active = false) cannot log in. This does not delete the user or their data — it only suspends access. Use "Toggle Active" on the user page.