Assign roles to user and group accounts to grant them permissions (access rights and privileges). For more information, see User Management at a glance.

ROLE_ADMIN_CUSTOMER is a critical high-privilege system role for customer-scoped administration. It grants administrative access to all tenants registered for a customer and to customer user management operations. For a definition of customer in this context, see Terminology).

In the role hierarchy, lower roles are those assigned below ROLE_ADMIN_CUSTOMER.

Role assignment limits

ROLE_ADMIN_CUSTOMER is the highest customer-scoped administrative role. A user with ROLE_ADMIN_CUSTOMER can assign ROLE_ADMIN_CUSTOMER, ROLE_ADMIN_USER, ROLE_ADMIN_TENANT, and lower roles only for the customer object or customer objects for which that role is granted. For example, a user with ROLE_ADMIN_CUSTOMER assigned for CustomerA can assign ROLE_ADMIN_CUSTOMER, ROLE_ADMIN_USER, and ROLE_ADMIN_TENANT to other users within CustomerA. The same user cannot assign roles for CustomerB unless they also have ROLE_ADMIN_CUSTOMER for CustomerB.

Users with the ROLE_ADMIN_CUSTOMER system role automatically receive the ROLE_ADMIN_TENANT system role for every tenant registered to that customer.

Access permissions

You can grant this system role for each customer object that your organization has registered in Auth.

Use ROLE_ADMIN_CUSTOMER when the role applies to the customer under which the user is registered.

To grant the role for multiple customer objects, append the customer ID to the role name: ROLE_ADMIN_CUSTOMER_<customer-id>.

For example:

• ROLE_ADMIN_CUSTOMER_CustomerUSEmployees
• ROLE_ADMIN_CUSTOMER_CustomerAsiaEmployees

This table identifies the Reltio access permissions for Reltio services, resources, and sub resources defined for the ROLE_ADMIN_CUSTOMER system role.