What default roles and policies exist in LUSID?

To help you get started, we have set up several default roles and policies which you can use to assign permissions to your users, or use as examples to create your own set of roles and policies

When you sign up to a LUSID domain, we will automatically populate it with a set of default roles and policies. To learn more about roles and policies, please click here.

LUSID comes preconfigured with the following default and example roles.

DEFAULT ROLES

1. LUSID Administrator (lusid-administrator)

This is the default role that is automatically assigned to owner of the account (i.e. the user who claimed and created your LUSID domain). The LUSID administrator role has full access to all data and functionality within your LUSID domain including all Identity and Access Management related data and capabilities. This is a special system role and therefore has no policies attached to it. 

2. Identity Admin Role (iam-administrator)

Provides administrative access to the Identity and Access Management features of LUSID. This includes policies which provide:

  • Full access to all identity resources e.g. Applications, Users, Roles etc.
  • The ability to invoke all LUSID Identity related functionality 
  • Full access to all Access Management resources e.g. Roles, Policies, PolicyCollections etc.
  • The ability to invoke all LUSID Access Management related functionality
  • Full access to all identity and access management capabilities on the LUSID website

Users who have been assigned this role will be able to add or remove users from your LUSID instance. They will also be able to manage access to your LUSID instance for other users. 

3. Application Administrator (applications-administrator)

Provides administrative access to LUSID Applications. This includes policies which provide:

  • The ability to invoke all LUSID Identity related functionality
  • View and modify access to all Application related capabilities on the LUSID website
  • Full access to the Application identity resource 

Users who have been assigned this role will be able to view, create and delete any LUSID application

4. Lusid Evaluator (lusid-evaluator)

Provides access to all non-administrative LUSID features as well as FINBOURNE provided example data. This includes policies which provide:

  • The ability to invoke all LUSID features except for the Instruments and System Configuration features in which only the get and list features can be invoked e.g. Get Instruments, List Configuration Transaction Types etc.
  • Full access to all LUSID resources e.g. Portfolios, Portfolio Groups, Quotes etc. in the Scope "Finbourne-Examples".

5. Lusid Configuration Administrator (configuration-administrator)

Provides administrative access to account-wide configuration across LUSID. This includes policies which provide:

Users with this role will be able to edit the global system configuration for LUSID. 

6. Lusid Instrument Administrator (instrument-administrator)

Provides the user with the ability to administer Instruments across LUSID. This includes policies which provide:

EXAMPLE ROLES

1. Example Group Portfolio Manager (example-group-portfolio-manager)

Provides full access to all of the FINBOURNE provided example data. This includes policies which provide:

  • Full access to the Portfolio, TransactionPortfolio and PropertyDefinition LUSID resources in the Scope "Finbourne-Examples"

2. Example Rest Of World Portfolio Manager (example-rest-of-world-portfolio-manager)

Provides access to the non-US based Portfolios in the FINBOURNE provided example data. This includes policies which provide:

  • Full access to the Portfolio and TransactionPortfolio LUSID resources with the Code "UK-Equities" or "Global-Equity" in the Scope "Finbourne-Examples"

3. Example US Income Portfolio Manager (example-us-income-portfolio-manager)

Provides access to the US based Portfolios in the FINBOURNE provided example data. This includes policies which provide:

  • Full access to the Portfolio and TransactionPortfolio LUSID resources with the Code "US-Treasury-Bond" or "US-Corporate-Bond" in the Scope "Finbourne-Examples"

4. Example Operations Manager (example-operations-manager)

Provides read only access to the FINBOURNE provided Portfolio example data. This includes policies which provide:

  • Access to List or Read the Portfolio LUSID resource in the Scope "Finbourne-Examples"

5. Example Single Application Read Only Access (example-application-developer)

Provides read only access for a developer to a single example SDK application. This includes policies which provide:

  • The ability to invoke the List Applications and Get Application features from the LUSID Identity related functionality
  • Access to List or Read the Application LUSID Identity resource with the Code "example-sdk-app"
  • View access to Application related capabilities on the LUSID website