When you signed up for a trial and created your LUSID domain, it was automatically populated with:
- A personal user account for you, the domain owner. Note you are automatically granted the LUSID admininstrator role.
- A service user account so you can write your own application or service that calls the LUSID API, and a client ID and secret to obtain the necessary API access token.
- A default set of roles and policies; see below.
- Demonstration data, consisting of a set of instruments, US and non-US equity and bond portfolios, transactions recorded against instruments in these portfolios, recipes for valuation purposes and more.
Each LUSID user must have at least one role, which itself must have at least one policy explicitly granting (or denying) access to a particular feature or dataset. Without a role and a policy, a user has no rights at all.
A default set of roles, and policies assigned to these roles, is provided for you to adopt or adapt. The following table lists the default roles in rank order, which is important because it determines which role takes precedence if policies conflict:
| Role | A user with this role can... | |
| 1 | lusid-administrator | View any data and perform any operation in LUSID. |
| 2 | iam-administrator | Perform any identity management or access control operation, including inviting new users, creating, editing and deleting roles and policies, and administering client secrets. |
| 3 | applications-adminstrator | View, create, edit and delete client secrets. |
| 4 | lusid-evaluator | View the example dataset and perform any non-administrative operation in LUSID except for creating, editing and deleting transaction types and instruments. |
| 5 | configuration-administrator | View, create, edit and delete transaction types, which determine the economic impact of transactions in LUSID. |
| 6 | instrument-administrator | View, create, edit and delete instruments from the LUSID instrument master. |
| 7 | example-group-portfolio-manager | View any portfolio data in the example dataset, including portfolio properties. |
| 8 | example-rest-of-world-portfolio-manager | View any non-US portfolio data in the example dataset. |
| 9 | example-us-income-portfolio-manager | View any US portfolio data in the example dataset. |
| 10 | example-operations-manager | View any portfolio in the example dataset. |
| 11 | example-application-developer | View the default client secret provided with LUSID. |
To find out more about the default roles and their assigned policies and users:
- Sign in to the LUSID web app using the credentials of a LUSID administrator.
- From the left-hand menu, select Identity and Access > Roles:
- On the Roles dashboard, select a role and:
- Click the
Show users icon to see which users have this role assigned.
- Click the
Menu icon and select Edit to see which policies are assigned to this role. You can look up individual policies on the Policies dashboard.