Wyn Enterprise Administration Guide

Wyn Enterprise: Roles

Wyn Enterprise employs role-based security which means that the permissions are assigned to roles, rather than to individual users. Roles give specific rights to users to perform certain actions or access certain areas. A user must be included in a role group to have the proper set of permissions. If you need to grant the permissions of a report or a model to the entire department, you can modify the role permissions without having to set it for everyone individually.

Roles Interface in the Admin Portal

Predefined Roles

Wyn Enterprise provides four predefined roles: administrator, organization administrator, approver, and everyone. Each role has its own set of permissions that lets you perform specific actions on the portal(s). However, if these roles do not meet the company's requirements, you can create custom roles. Visit this article for more information about custom roles.

Note: You cannot delete the predefined roles in Wyn Enterprise.


A user with the Administrator role has the highest set of privileges. It is the only role that can manage the overall system level settings in Wyn Enterprise, like configuration, account, security, system, and document, and has the access to the Admin Portal. Other prominent tasks of an administrator are adding or deleting organizations (or sub-organizations), designating an organization administrator, creating custom roles, assigning members and permissions to the roles, deleting roles, and more.

A user with this role can create documents and further share them with the roles belonging to different organizations (or sub-organizations). Note that the Everyone role on the Roles page is only visible to the Administrator role. This means, that only an administrator can share the document with everyone in the organization.

Organization Administrator

A user with the Organization Administrator role can add a role, assign members and give permission to the roles, and delete roles, but only in his organizations or sub-organizations. An organization administrator can access the Admin Portal to manage the UI settings, email settings, account settings (including organizations, roles, and users), and document settings for his organizations or sub-organizations. Note that each organization (or sub-organization) has an organization administrator except for the 'Global' organization.

A user with this role can designate administrators for his current organization and sub-organizations. Furthermore, he can create documents and share them with the roles in his organizations (or sub-organizations).

Note: A user with the Organization Administrator role cannot create or delete users.


A user with the Approver role is responsible for approving and rejecting the draft document in his current organization. If a document is shared with the roles belonging to different organizations, the publish requests of the documents will still be sent to the approvers belonging to that organization where the document was initially created. For more information on managing draft approvals, see this article.

In Wyn enterprise, there is one Approver role per organization. The users with this role are granted read permissions on the draft documents by default. Moreover, roles like Administrator and the Organization Administrator also have the ability to approve or reject the publish request for a document. Note that these options to approve or reject draft documents are only available if the Enable Document Draft option in the Portal Setting is set to 'True'.


The Everyone role is not granted any permission (except sharing permissions) by default. This is because if a user who is not assigned any role accesses Wyn Enterprise, will not be able to access any documents or resources. This role is only visible in the 'Global' organization which means only the administrator role can manage its user members and permissions.