What default roles and policies are provided with LUSID?

When you signed up for a trial and created your LUSID domain, it was automatically populated with:

  • A personal user account for you, the domain owner. Note you are automatically granted the LUSID admininstrator role. 

  • A service user account so you can write your own application or service that calls the LUSID API, and a client ID and secret to obtain the necessary API access token. 

  • A default set of roles and policies; see below. 

  • Demonstration data, consisting of a set of instruments, US and non-US equity and bond portfolios, transactions recorded against instruments in these portfolios, recipes for valuation purposes and more.

Each LUSID user must have at least one role, which itself must have at least one policy explicitly granting (or denying) access to a particular feature or dataset. Without a role and a policy, a user has no rights at all.

A default set of roles, and policies assigned to these roles, is provided for you to adopt or adapt. The following table lists the default roles in rank order, which is important because it determines which role takes precedence if policies conflict:

 

Role

A user with this role can...

1

lusid-administrator

View any data and perform any operation in LUSID.

2

iam-administrator

Perform any identity management or access control operation, including inviting new users, creating, editing and deleting roles and policies, and administering client secrets.

3

applications-adminstrator

View, create, edit and delete client secrets.

4

lusid-evaluator

View the example dataset and perform any non-administrative operation in LUSID except for creating, editing and deleting transaction types and instruments.

5

configuration-administrator 

View, create, edit and delete transaction types, which determine the economic impact of transactions in LUSID.

6

instrument-administrator

View, create, edit and delete instruments from the LUSID instrument master.

7

example-group-portfolio-manager

View any portfolio data in the example dataset, including portfolio properties.

8

example-rest-of-world-portfolio-manager

View any non-US portfolio data in the example dataset.

9

example-us-income-portfolio-manager

View any US portfolio data in the example dataset.

10

example-operations-manager

View any portfolio in the example dataset.

11

example-application-developer

View the default client secret provided with LUSID.

To find out more about the default roles and their assigned policies and users:

  1. Sign in to the LUSID web app using the credentials of a LUSID administrator.

  2. From the left-hand menu, select Identity and Access > Roles:
     

  1. On the Roles dashboard, select a role and:

  • Click the   Show users icon to see which users have this role assigned.

  • Click the   Menu icon and select Edit to see which policies are assigned to this role. You can look up individual policies on the Policies dashboard.