• Documentation
    • Search documentation
    karat

    +

    K

    API Reference ↗
    Use case developmentAutomateSecurity and permissionsPermissions

    Permissions

    Automate is governed by the same security and permissions model as the rest of the platform. Users can only see and interact with the automations to which they have access. This ensures condition evaluations and effects always reflect the appropriate data access at the time when the automation is evaluated.

    Permissions for executions

    • Condition evaluation: Uses automation owner's permissions
    • Action and Logic effects: Execute as the automation owner. This means:
      • Action submission criteria are evaluated against the owner (for example, if an action requires the user to be in group Y, the owner must be in group Y)
      • Function executions in compute modules receive authentication tokens from the owner
      • Ontology edit history shows the owner in the Edited by field
      • Audit logs record Ontology edits as performed by the automation owner
    • Notification effects: Use each recipient's individual permissions. Because notification effects use recipient permissions, an automation may:
      • Trigger for some recipients but not others (based on their access)
      • Send different notification content to different recipients (for function-backed notifications)
      • Render different attachments for each recipient

    When you edit and save an automation, you may have the option to become the automation owner (taking ownership from the previous owner) or to keep the original owner. You must take ownership of the automation to make edits to the condition or effects.

    Future actions effects will execute on behalf of the new owner.

    Change of ownership

    Example use case permissions

    A Sales Opportunity object type uses a restricted view. Users have different permissions: some can access sales opportunities from Europe, others from the US.

    You can configure an automation to notify users when new Sales Opportunity objects are added by using an Objects added to set condition. When a new opportunity from Europe arrives, the condition will be evaluated per recipient.

    • Users without access to sales opportunities from Europe will not see any activity on the automation; no condition event appears, no notification sent.
    • Users with access to opportunities from Europe will be notified as expected.