Integration Permissions

Integration connections can have permission rules that limit who can view or access them when building. By default, any team member can use a connection. If necessary, individual permission settings can be assigned per-connection.

screen readers look here
Individual permission settings affect all users, and specify which users, if any, have explicit permission to use the connection.

Only the original creator can access and edit a connection. Integration permissions do not affect who can edit the connection, it just specifies which users can explicitly view or use the connection when building.

See Understanding permission levels in Catalytic for more information on permission roles, individual permission settings, and more examples.

How to change Integration permissions

A connection is only editable by the connection creator. Integration permission levels can be changed at any time from the integration page.

  1. Open the menu in the top navigation bar, and select Admin.
  2. Select Integrations at the bottom of the page.
  3. Select the integration you wish to edit.
  4. Select for the connection you wish to modify.
  5. At the bottom of the page, toggle Enforce integration permissions on or off. If enabled, only specific users have access to use the connection in a process. This does not affect which users can run the Workflow in general.

    screen readers look here
  6. Select when completed.

Understanding how permissions work between Catalytic and your apps

When your Catalytic processes integrate with your apps or services, the permissions in the app affect permissions in Catalytic. Catalytic will “inherit” the permissions from your app—when setting up permissions in Catalytic and your apps, take this inheritance into account.

In the following diagram, the outer most boxes affect all boxes inside of them. For example, the “Integration App” box affects all other levels inside of it. In other words, the permissions you set in your Integration App affect how permissions work through the integration and Catalytic.

screen readers look here
If something is more granular, it inherits the permissions from something less granular

For example, say you integrate with a file storage service “Orange Cart”.

  • In Orange Cart, you create a private folder, and a public folder—these are at the “Integration App” level.
  • In Orange Cart you have two users, an Admin and a Regular user—these are at the “Integration App User” level.
  • And when you create a connection to Orange Cart in Catalytic, you log in with an Orange Cart user—this is the “Catalytic Integration Connection”.

If you want to use Catalytic to automate work in Orange Cart, but you don’t want regular users accessing private data, you must set up permissions across all of these levels. Here’s an example of this:

screen readers look here

The lower levels (Catalytic Users and Workflows) inherit permissions from the higher levels (Integration App and App Users). This means when you create a connection in Catalytic using the Admin User account, anyone using that connection in Catalytic has access to everything the Admin User can access.

If you create a second connection and log in with Regular User, then that connection and anyone who uses it can only interact with regular data. Then in this way, when you set up integration permissions you can choose which Catalytic users can access the Admin or Regular data.