Related resources:



How-to guides

When you signed up for a trial and created your LUSID domain, it was automatically populated with:

  • A personal user account for you, the domain owner. Note you are automatically granted the LUSID admininstrator role. 
  • A service user account so you can write your own application or service that calls the LUSID API, and a client ID and secret to obtain the necessary API access token. 
  • A default set of roles and policies; see below. 
  • An example dataset, consisting of a set of instruments, US and non-US equity and bond portfolios, transactions recorded against instruments in these portfolios, recipes for valuation purposes and more.

Each LUSID user must have at least one role, which itself must have at least one policy explicitly granting (or denying) access to a particular feature or dataset. Without a role and a policy, a user has no rights at all.

A default set of roles, and policies assigned to these roles, is provided for you to adopt or adapt. The following table lists the default roles in rank order, which is important because it determines which role takes precedence if policies conflict:

  Role A user with this role can...
1 lusid-administrator View any data and perform any operation in LUSID.
2 iam-administrator Perform any identity management or access control operation, including inviting new users, creating, editing and deleting roles and policies, and administering client secrets.
3 applications-adminstrator View, create, edit and delete client secrets.
4 lusid-evaluator View the example dataset and perform any non-administrative operation in LUSID except for creating, editing and deleting transaction types and instruments.
5 configuration-administrator  View, create, edit and delete transaction types, which determine the economic impact of transactions in LUSID.
6 instrument-administrator View, create, edit and delete instruments from the LUSID instrument master.
7 example-group-portfolio-manager View any portfolio data in the example dataset, including portfolio properties.
8 example-rest-of-world-portfolio-manager View any non-US portfolio data in the example dataset.
9 example-us-income-portfolio-manager View any US portfolio data in the example dataset.
10 example-operations-manager View any portfolio in the example dataset.
11 example-application-developer View the default client secret provided with LUSID.

To find out more about the default roles and their assigned policies and users:

  1. Sign in to the LUSID web app using the credentials of a LUSID administrator.
  2. From the left-hand menu, select Identity and Access > Roles:
  1. On the Roles dashboard, select a role and:
  • Click the  Show users icon to see which users have this role assigned.
  • Click the  Menu icon and select Edit to see which policies are assigned to this role. You can look up individual policies on the Policies dashboard.