Permissions for Automatic Lifecycle Stage Progression and Status Updates

To work with the Automatic Lifecycle Stage Progression and Status Updates feature, users must have required permissions on the following two entities:

  • Lifecycle Progression Mapping

  • Entity Relationship Path

There are two types of user personas who will be working on the Automatic Lifecycle Stage Progression and Status Updates feature:

  • System Admin - The users who are responsible for configuring the mappings between Lifecycle and its related entities.

  • Reach Power Users - The credentials of this user will be used for all the actions related to the Lifecycle stage movement.

Permissions for System Admin Users

The system admin users should be assigned the CMC - Business Unit Administrator and CMC - Global Business Administrator roles.

The following tables provide information on the permissions assigned to the two roles for the Lifecycle Progression Mapping and Entity Relationship Path entities.

CMC - Business Unit Administrator Role
Entity Name Create Read Write Delete Append Append To Assign Share
Lifecycle Progression Mapping PBU PBU PBU PBU None None None None
Entity Relationship Path PBU PBU PBU PBU None None None None
CMC - Global Business Administrator Role
Entity Name Create Read Write Delete Append Append To Assign Share
Lifecycle Progression Mapping Global Global Global None None None None None
Entity Relationship Path Global Global Global None None None None None

Permissions for Reach Power Users

Reach Power Users should be assigned the following permissions for the entities of the Automatic Lifecycle Stage Progression and Status Updates feature.

Entity Name Create Read Write Delete Append Append To Assign Share
Lifecycle Progression Mapping None Global Global None Global Global None None
Entity Relationship Path None Global Global None Global Global None None
Lifecycle None Global Global None Global Global None None
BPF None Global Global None Global Global None None
On all the related entities configured                
Application None Global None None None None None None
ApplicationDecision None Global None None None None None None
Enrollment None Global None None None None None None
ApplicationRecommendation None Global None None None None None None
Custom Entity None Global None None None None None None
Customization                
plug-in assembly Global Global Global Global Global None None None
plug-in Tracelog Global Global Global Global Global None None None
plug-in type Global Global Global Global Global None None None
sdk message Global Global Global Global Global None None None
sdk message processing step Global Global Global Global Global None None None
sdk message processing step image Global Global Global Global Global None None None
sdk message processing step secure configuration Global Global Global Global Global None None None
Note: If you add a new Lifecycle BPF, ensure that the Reach Power User and the Azure Function User have Read and Write permissions for the new BPF.