A permission group is a group of users who share the same set of permissions. You can see a list of your permission groups by going to Users > Permission Groups.
Clicking on a permission group shows you its properties, which are categorized into sections on page:
Linked Authentication Groups — If you are using an LDAP authentication provider, these authentication group’s users are automatically added to the permission group.
Users — This section shows the users who have been added to the permission group.
Access Permissions — A list of the permissions assigned to the permission group appears in this section.
Assign Group Access to Specific Flows — If this permission group has been assigned access to particular live flows, they are listed in this section. Users in this permission group, along with any other groups that have been assigned access to these flows, can access these flows and their submissions, documents, releases, layouts, and models.
To learn more about changing these properties, see Managing Permission Groups.
Default permission groups
Hyperscience comes with a set of built-in permission groups. You cannot delete these groups or change their permissions.
System Admin
The default active permission group, System Admins effectively have full access to the instance and production data. They are uniquely able to change advanced system settings, manage field data types and the field dictionary, review the jobs queue and restart halted jobs, modify user access and permissions, and more. System Admins are typically engineers and the most senior business users. There must be at least one System Admin user upon installation.
Business Admin
Business Admins are primarily responsible for the management of layouts. By default, they have most permissions, except some reserved for System Admins. They are able to see all system reporting and make and delete submissions.
Data Keyer Admin
Data Keyer Admins are able to see and manage the work queue, as well as view reporting related to all individual keyers. They are also able to complete Supervision and Quality Assurance Tasks.
Data Keyer
Data Keyers by default have very limited permissions. They can see and complete Supervision tasks, and they can view the outstanding queue.
Knowledge Worker
Knowledge Workers have the same default permissions as Data Keyers, except that they can also view submissions. This added permission allows Knowledge Workers to complete all tasks associated with a submission.
API User
By default, API Users only have the permission that allows them to send API requests. To learn more about our APIs, see our API documentation.
Trainer API User
Trainer API Users have permission that allows them to send API requests to trainer-specific endpoints.
By default, the system includes all users who have API access in this permission group. We recommend editing this group so that it contains only the user you have created for the trainer.
Permissions
The table below lists the available permissions, along with the default permission groups they are included in.
While you cannot edit default permission groups, you can duplicate them and customize those duplicates to meet you needs. To learn more about creating permission groups, see Managing Permission Groups.
Administration
Permission | Description | Sys Admin | Business Admin | Data Keyer Admin | Data Keyer Staff | Knowledge Worker | API User | Trainer API User |
|---|---|---|---|---|---|---|---|---|
Access Advanced Administration and Debug Tools | Allows a user read-only access to /admin. Used for reviewing additional debugging information about the system's underlying processing. | Yes | Yes | No | No | No | No | No |
Edit Settings | Allows user to edit all of the system settings. | Yes | Yes | No | No | No | No | No |
Edit Translations | Allows the user to import CSV files used to provide a translated user interface (Administration > Import/Export). | Yes | No | No | No | No | No | No |
Edit VM Affinity | Allows the user to edit the Memory Management page (Administration > System & Health, then click Review how machines are managed). | Yes | Yes | No | No | No | No | No |
Export Settings | Allows user to export system settings. | Yes | No | No | No | No | No | No |
Fail Halted Jobs | Allows user to fail halted jobs via the Jobs table. Should be reserved for System Admins only. | Yes | No | No | No | No | No | No |
Import Settings | Allows user to import system settings. | Yes | No | No | No | No | No | No |
Retry Halted Jobs | Allows user to trigger a retry of halted jobs via the Jobs table or failed flows in the Flow Runs table. If the user does not have the View Jobs permission, this permission only applies to the Flow Runs table (Flows > Flow Funs). | Yes | Yes | No | No | No | No | No |
View Jobs | Allows user to see the Jobs page. | Yes | No | No | No | No | No | No |
View Models | Gives user access to all actions related to Semi-structured and Classification models: 1) View Models page and models, 2) Run a training job, 3) Download, upload, and deploy a model, 4) View Trainer page, 5) Cancel trainer tasks. To access the Library section of the application, a user must have either the View Layouts or View Models permission. | Yes | No | No | No | No | No | No |
View System Health and Settings | Allows user to view the System Health (Administration > System & Health) and Settings (Administration > Settings) pages. | Yes | No | No | No | No | No | No |
View Translations | Allows the user to export CSV files used to provide a translated user interface (Administration > Import/Export). | Yes | No | No | No | No | No | No |
Flows
Permission | Description | Sys Admin | Business Admin | Data Keyer Admin | Data Keyer Staff | Knowledge Worker | API User | Trainer API User |
|---|---|---|---|---|---|---|---|---|
Edit Connections | Allows user to upload connectors and set up and edit connections to input and output endpoints, such as a folder, an email, or a message queue, through which documents come into the system and extracted data is output. | Yes | No | No | No | No | No | No |
Edit Flows | Allows user to edit flows. If assigning this permission to a custom permission group, see Additional permission requirements for custom permission groups. | Yes | Yes | No | No | No | No | No |
Edit Secrets | Allows user to enter and update client secrets (e.g., passwords) in Input Blocks and Output Blocks. | Yes | No | No | No | No | No | No |
Import Flows | Allows user to import flows to the application. | Yes | No | No | No | No | No | No |
Run Flows | Allows user to send requests to the Flow Actions API endpoints. | Yes | Yes | No | No | No | No | No |
View Flow Executions | Allows user to see the Flow Runs page (Flows > Flow Runs). | Yes | Yes | No | No | No | No | No |
View Flows | Allows user to view flows. If assigning this permission to a custom permission group, see Additional permission requirements for custom permission groups. | Yes | Yes | No | No | No | No | No |
Library
Permission | Description | Sys Admin | Business Admin | Data Keyer Admin | Data Keyer Staff | Knowledge Worker | API User | Trainer API User |
|---|---|---|---|---|---|---|---|---|
Assign Layout Tags | Allow the user to assign tags to layouts on the Layouts page or on the details page for an individual layout. | Yes | Yes | Yes | No | No | No | No |
Edit Contents Of Data Types | Allows user to edit the lists of values in the definitions of field data types. | Yes | No | No | No | No | No | No |
Edit Data Types | Allows user to edit system data types. | Yes | No | No | No | No | No | No |
Edit Field Dictionary | Allows user to edit fields in the field dictionary. | Yes | No | No | No | No | No | No |
Edit Releases | Allows user to create and edit layout releases. | Yes | Yes | No | No | No | No | No |
Edit Layouts | Allows user to make changes to drafts of layouts. | Yes | Yes | No | No | No | No | No |
Edit Training Data | Allows user to edit data in the Training Documents card of the Model Details page. If assigning this permission to a custom permission group, see Additional permission requirements for custom permission groups. | Yes | Yes | No | No | No | No | No |
View Data Types | Gives user read-only access to the Data Types Library and allows them to view data types. | Yes | Yes | No | No | No | No | No |
View Field Dictionary | Gives user read-only access to the Field Dictionary tab in the Library. | Yes | Yes | No | No | No | No | No |
View Layout Variation Performance | Allows user to view the Layout Variation Performance section of Reporting. | Yes | Yes | No | No | No | No | No |
View Releases | Gives user read-only access to the Releases Library and allows them to view releases. | Yes | Yes | Yes | No | No | No | No |
View Layouts | Gives user read-only access to the Layouts Library and allows them to download layouts. To access the Library section of the application, a user must have either the View Layouts or Manage Trainer Jobs permission. | Yes | Yes | Yes | No | No | No | No |
View Training Data | Allows user to view data in the Training Documents card of the Model Details page. If assigning this permission to a custom permission group, see Additional permission requirements for custom permission groups. | Yes | Yes | No | No | No | No | No |
Reporting
Permission | Description | Sys Admin | Business Admin | Data Keyer Admin | Data Keyer Staff | Knowledge Worker | API User | Trainer API User |
|---|---|---|---|---|---|---|---|---|
Export Measurements | Allows the user to export custom business metrics via API. For more information, see our API documentation. | Yes | Yes | No | No | No | Yes | No |
Track Business Metrics and Publish Measurements | Allows the user to create and publish custom business metrics via the Flows SDK. To learn more, see our Flows SDK documentation about creating Measurements and publishing Measurements. | Yes | Yes | No | No | No | Yes | No |
View Business Metrics | Allows the user to view custom business metrics via API. For more information, see our API documentation. | Yes | Yes | No | No | No | Yes | No |
View Processing Time Reports | Allows user to view Processing Time reports. | Yes | Yes | Yes | No | No | No | No |
View User Performance Reports | Allows user to view the User Performance tab, specifically the Supervision Volume, Performance Distribution, and All Users Performance Summary charts. | Yes | Yes | Yes | No | No | No | No |
View Overview and Accuracy Reports | Allows user to view throughput and data quality reports, specifically the Automation, Field Output Accuracy, System Throughput, Automation with Accuracy Training, Manual vs. Machine Accuracy, and System Transcription Sampled Errors. | Yes | Yes | No | No | No | No | No |
View Usage Reports | Allows user to view the Usage section of Reporting. | Yes | Yes | No | No | No | No | No |
Submissions
Permission | Description | Sys Admin | Business Admin | Data Keyer Admin | Data Keyer Staff | Knowledge Worker | API User | Trainer API User |
|---|---|---|---|---|---|---|---|---|
Delete Cases | Allows user to delete cases via the Cases table. | Yes | Yes | No | No | No | No | No |
Delete Submissions | Allows user to delete submissions via the Submission table. | Yes | Yes | No | No | No | No | No |
Download Layout Triage Clustering Results | Allows a user to download a ZIP file with the results of a Layout Triage Clustering job. | Yes | No | No | No | No | No | No |
Edit Knowledge Store | Allows the user to edit the contents of the Knowledge Store in the Storage section of the application. | Yes | Yes | No | No | No | Yes | No |
Upload Submissions | Allows user to upload submissions via the UI. Not recommended for use in production environments. | Yes | Yes | No | No | Yes | No | No |
Run Layout Triage Clustering Jobs | Allows user to create and run a Layout Triage Clustering job. | Yes | No | No | No | No | No | No |
View Cases | Allows user to view the Cases page. | Yes | Yes | No | No | Yes | No | No |
View Layout Triage Clustering Jobs | Allows user to view the Layout Triage Clustering jobs table. | Yes | Yes | No | No | No | No | No |
View Knowledge Store | Allows the user to view the contents of the Knowledge Store in the Storage section of the application. | Yes | Yes | No | No | Yes | Yes | No |
View No Layout Found | Allows user to view "No Layout Found" submissions. | Yes | Yes | No | No | No | No | No |
View Submissions | Allows user to view the Submissions table and Document output pages. | Yes | Yes | No | No | Yes | No | No |
Tasks
Permission | Description | Sys Admin | Business Admin | Data Keyer Admin | Data Keyer Staff | Knowledge Worker | API User | Trainer API User |
|---|---|---|---|---|---|---|---|---|
Adjust Task Queue Processing Deadlines | Allows user to escalate/deprioritize tasks in the Task Queue. | Yes | Yes | Yes | No | No | No | No |
Clear QA Tasks | Allows user to clear Quality Assurance tasks. | Yes | Yes | Yes | No | No | No | No |
Complete Classification Model Validation | Allows user to view and complete Classification Model Validation tasks. | Yes | Yes | Yes | Yes | Yes | No | No |
Complete Classification QA | Allows user to complete Document Classification QA tasks from the Perform Tasks tab (Tasks > Perform Tasks). | Yes | Yes | Yes | Yes | Yes | No | No |
Complete Classification Supervision | Allows user to complete Document Classification Supervision tasks. | Yes | Yes | Yes | Yes | Yes | No | No |
Complete Custom Supervision | Allows user to complete Custom Supervision tasks. | Yes | Yes | Yes | No | Yes | No | No |
Complete Flexible Extraction Supervision | Allows user to complete Flexible Extraction tasks. | Yes | Yes | Yes | Yes | Yes | No | No |
Complete Full Page Transcription QA Tasks | Allows the user to complete Full Page Transcription QA tasks. | Yes | Yes | Yes | Yes | Yes | No | No |
Complete Identification Model Validation | Allows user to complete Model Validation tasks for Field and Table Locator models. | Yes | Yes | Yes | Yes | Yes | No | No |
Complete Identification QA | Allows user to complete Identification QA tasks from the Perform Tasks tab (Tasks > Perform Tasks). | Yes | Yes | Yes | Yes | Yes | No | No |
Complete Identification Supervision | Allows user to complete Field ID Supervision and Table ID Supervision tasks. | Yes | Yes | Yes | Yes | Yes | No | No |
Complete Transcription QA | Allows users to complete Transcription QA tasks from the Perform Tasks tab (Tasks > Perform Tasks). | Yes | Yes | Yes | Yes | Yes | No | No |
Complete Transcription Supervision | Allows user to complete Transcription Supervision tasks. Does not include Flexible Extraction. | Yes | Yes | Yes | Yes | Yes | No | No |
Complete Vision Language Model QA Tasks | Allows the user to complete Vision Language Model QA tasks. | Yes | Yes | Yes | Yes | Yes | No | No |
View SLA Rules | Allows the user to view the SLA Rules page (Tasks > SLA Rules). | Yes | Yes | Yes | No | Yes | No | No |
View Supervision and QA Cards | Allows user to view the Perform Tasks tab (Tasks > Perform Tasks). If a user doesn’t have this permission, they can access the page, but the content will be hidden. | Yes | Yes | Yes | Yes | Yes | No | No |
View Task Overview | Allows user to view the Overview tab (Tasks > Overview). If a user doesn’t have this permission, the Overview tab is hidden. | Yes | Yes | Yes | Yes | Yes | No | No |
View Task Queue | Allows user to view the Task Queue (Tasks > Task Queue). If a user doesn’t have this permission, the Task Queue tab will be hidden. | Yes | Yes | Yes | Yes | Yes | No | No |
Users
Permission | Description | Sys Admin | Business Admin | Data Keyer Admin | Data Keyer Staff | Knowledge Worker | API User | Trainer API User |
|---|---|---|---|---|---|---|---|---|
API Access | Allows user to make API calls with their auth token. | Yes | Yes | No | No | No | Yes | No |
Edit API Accounts | Allows user to create and edit API Accounts (SaaS instances only). | Yes | No | No | No | No | No | No |
Edit Layout Task Restrictions | Allows user to edit document restrictions. | Yes | Yes | No | No | No | No | No |
Edit Permission Groups | Allows user to edit permission and authentication groups. | Yes | No | No | No | No | No | No |
Edit Users | Allows user to force log out any user. Only recommended for System Admins. | Yes | No | No | No | No | No | No |
Full Object Access | Allows the user to access all flows and layouts in the instance, regardless of any flow- or layout-specific restrictions. | Yes | No | No | No | No | No | No |
Trainer API Access | Allows user to send API requests to trainer-specific endpoints. | Yes | Yes | No | No | No | No | Yes |
View API Accounts | Gives user read-only access to the API Accounts page (SaaS instances only). | Yes | No | No | No | No | No | No |
View Layout Task Restrictions | Allows user to view document restrictions. | Yes | Yes | Yes | No | No | No | No |
View User API Tokens | Allows user to view API authentication tokens for any user. | Yes | No | No | No | No | No | No |
View Users and Permission Groups | This is the single-view permission for all user and group settings. | Yes | Yes | No | No | No | No | No |
Additional permission requirements for custom permission groups
Due to security measures, some permissions require that additional permissions be given in order for them to work as intended for users in custom permission groups.
Permission | Additional requirements |
|---|---|
View Flows | In order for a user in a custom permission group to view the Flows page, the group must have both the View Flows and Edit VM Affinity permissions. |
Edit Flows | In order for a user in a custom permission group to edit flows, the group must have the View Flows, Edit Flows, and Edit VM Affinity permissions. |
View Training Data | In order for a user in a custom permission group to view training data, the group must have both the View Training Data and Trainer API Access permissions. |
Edit Training Data | In order for a user in a custom permission group to edit training data, the group must have the View Training Data, Edit Training Data, and Trainer API Access permissions. |