> ## Documentation Index > Fetch the complete documentation index at: https://docs.flowx.ai/llms.txt > Use this file to discover all available pages before exploring further. # Application manager access rights > Granular access rights can be configured for restricting access to the Application-manager component. The **Application Manager** component provides granular access rights, allowing users to perform various actions depending on their assigned roles and the configured scopes. These access rights are also used by to the runtime-manager microservice. In order for users to view resources within the Application Manager, they must have, in addition to the appropriate `role_apps_manage_` role, at least **read access** on each [**resource**](../../docs/projects/resources). ### Available access scopes 1. **manage-applications** * **Scopes**: * **read** * **Roles**: * `ROLE_APPS_MANAGE_READ` * `ROLE_APPS_MANAGE_IMPORT` * `ROLE_APPS_MANAGE_EDIT` * `ROLE_APPS_MANAGE_ADMIN` * **edit** * **Roles**: * `ROLE_APPS_MANAGE_EDIT` * `ROLE_APPS_MANAGE_ADMIN` * **import** * **Roles**: * `ROLE_APPS_MANAGE_IMPORT` * `ROLE_APPS_MANAGE_EDIT` * `ROLE_APPS_MANAGE_ADMIN` * **admin** * **Roles**: * `ROLE_APPS_MANAGE_ADMIN` 2. **manage-app-dependencies** * **Scopes**: * **read** * **Roles**: * `ROLE_APP_DEPENDENCIES_MANAGE_READ` * `ROLE_APP_DEPENDENCIES_MANAGE_EDIT` * `ROLE_APP_DEPENDENCIES_MANAGE_ADMIN` * **edit** * **Roles**: * `ROLE_APP_DEPENDENCIES_MANAGE_EDIT` * `ROLE_APP_DEPENDENCIES_MANAGE_ADMIN` * **admin** * **Roles**: * `ROLE_APP_DEPENDENCIES_MANAGE_ADMIN` 3. **manage-builds** * **Scopes**: * **read** * **Roles**: * `ROLE_BUILDS_MANAGE_READ` * `ROLE_BUILDS_MANAGE_EDIT` * `ROLE_BUILDS_MANAGE_IMPORT` * `ROLE_BUILDS_MANAGE_ADMIN` * **edit** * **Roles**: * `ROLE_BUILDS_MANAGE_EDIT` * `ROLE_BUILDS_MANAGE_ADMIN` * **import** * **Roles**: * `ROLE_BUILDS_MANAGE_IMPORT` * `ROLE_BUILDS_MANAGE_EDIT` * `ROLE_BUILDS_MANAGE_ADMIN` * **admin** * **Roles**: * `ROLE_BUILDS_MANAGE_ADMIN` 4. **manage-active-policy** * **Scopes**: * **read** * **Roles**: * `ROLE_ACTIVE_POLICY_MANAGE_READ` * `ROLE_ACTIVE_POLICY_MANAGE_EDIT` * **edit** * **Roles**: * `ROLE_ACTIVE_POLICY_MANAGE_EDIT` 5. **manage-app-configs** * **Scopes**: * **read** * **Roles**: * `ROLE_APP_CONFIG_MANAGE_READ` * `ROLE_APP_CONFIG_MANAGE_IMPORT` * `ROLE_APP_CONFIG_MANAGE_EDIT` * `ROLE_APP_CONFIG_MANAGE_ADMIN` * **edit** * **Roles**: * `ROLE_APP_CONFIG_MANAGE_EDIT` * `ROLE_APP_CONFIG_MANAGE_ADMIN` * **import** * **Roles**: * `ROLE_APP_CONFIG_MANAGE_IMPORT` * `ROLE_APP_CONFIG_MANAGE_EDIT` * `ROLE_APP_CONFIG_MANAGE_ADMIN` * **admin** * **Roles**: * `ROLE_APP_CONFIG_MANAGE_ADMIN` 6. **manage-app-configs-overrides** * **Scopes**: * **read** * **Roles**: * `ROLE_APP_CONFIG_OVERRIDES_MANAGE_READ` * `ROLE_APP_CONFIG_OVERRIDES_MANAGE_IMPORT` * `ROLE_APP_CONFIG_OVERRIDES_MANAGE_EDIT` * `ROLE_APP_CONFIG_OVERRIDES_MANAGE_ADMIN` * **import** * **Roles**: * `ROLE_APP_CONFIG_OVERRIDES_MANAGE_IMPORT` * `ROLE_APP_CONFIG_OVERRIDES_MANAGE_EDIT` * `ROLE_APP_CONFIG_OVERRIDES_MANAGE_ADMIN` * **edit** * **Roles**: * `ROLE_APP_CONFIG_OVERRIDES_MANAGE_EDIT` * `ROLE_APP_CONFIG_OVERRIDES_MANAGE_ADMIN` * **admin** * **Roles**: * `ROLE_APP_CONFIG_OVERRIDES_MANAGE_ADMIN` ### Permissions explained * **Permissions**: * Can view Projects entry in main menu * Add icon for Applications and Libraries sections is hidden - cannot add application or library * Can view application or library Config view in read-only mode (for draft application versions) with action buttons hidden * Can export application version * **Restrictions**: * Cannot start a draft application version * Cannot discard changes * Cannot create build * Cannot create new branch * Cannot import application version * Cannot commit a draft application version * Cannot merge branches * Can view draft application version in read-only mode with buttons hidden * **Roles allowed**: * `ROLE_APPS_MANAGE_READ` * `ROLE_APPS_MANAGE_IMPORT` * `ROLE_APPS_MANAGE_EDIT` * `ROLE_APPS_MANAGE_ADMIN` * **Permissions**: * Can view Projects entry in main menu * Can create new application or library * Can merge branches * Can create new branch * Can start new application version * Can submit application version * Cannot delete application - Delete icon in contextual menu is hidden * **Roles allowed**: * `ROLE_APPS_MANAGE_EDIT` * `ROLE_APPS_MANAGE_ADMIN` * **Permissions**: * Can view Import Version entry on: * Projects page * Application versioning overlay * Can view Export version button on application versioning overlay * **Roles allowed**: * `ROLE_APPS_MANAGE_IMPORT` * `ROLE_APPS_MANAGE_EDIT` * `ROLE_APPS_MANAGE_ADMIN` * **Permissions**: * All permissions under read, edit, import * Can delete application or library * **Roles allowed**: `ROLE_APPS_MANAGE_ADMIN` * **Permissions**: * Can view Builds entry in application Runtime tab menu * Can view Builds page * Can view Builds content (contextual menu > Build contents) * Cannot import build * Projects page > Import icon > Import build is not shown * **Roles allowed**: `ROLE_BUILDS_MANAGE_READ` * `ROLE_BUILDS_MANAGE_EDIT` * `ROLE_BUILDS_MANAGE_IMPORT` * `ROLE_BUILDS_MANAGE_ADMIN` * **Permissions**: * Can see Create build button on Application Versioning overlay for a committed application version * **Roles allowed**: * `ROLE_BUILDS_MANAGE_EDIT` * `ROLE_BUILDS_MANAGE_ADMIN` * **Permissions**: * Can view Builds entry in application Runtime tab menu * Can import builds * **Roles allowed**: * `ROLE_BUILDS_MANAGE_EDIT` * `ROLE_BUILDS_MANAGE_IMPORT` * `ROLE_BUILDS_MANAGE_ADMIN` * **Permissions**: * Can do all of the above * **Roles allowed**: * `ROLE_BUILDS_MANAGE_ADMIN` * **Permissions**: * Can view Active policy entry in application Runtime tab menu * Can view Active policy page in read-only mode - Fields and Save button are hidden * **Roles allowed**: * `ROLE_ACTIVE_POLICY_MANAGE_READ` * `ROLE_ACTIVE_POLICY_MANAGE_EDIT` * **Permissions**: * All permissions under read * Can update active policy settings - fields and save button are enabled * **Roles allowed**: `ROLE_ACTIVE_POLICY_MANAGE_EDIT` * **Permissions**: * Can view Configuration parameters in Application Config View menu * Can view Configuration parameters page in read-only mode * **Roles allowed**: * `ROLE_APP_CONFIG_MANAGE_READ` * `ROLE_APP_CONFIG_MANAGE_IMPORT` * `ROLE_APP_CONFIG_MANAGE_EDIT` * `ROLE_APP_CONFIG_MANAGE_ADMIN` * **Permissions**: * All permissions under read * Can import configuration parameters * **Roles allowed**: * `ROLE_APP_CONFIG_MANAGE_IMPORT` * `ROLE_APP_CONFIG_MANAGE_EDIT` * `ROLE_APP_CONFIG_MANAGE_ADMIN` * **Permissions**: * All permissions under read * Can add/edit/delete configuration parameters * Cannot import configuration parameters * **Roles allowed**: * `ROLE_APP_CONFIG_MANAGE_EDIT` * `ROLE_APP_CONFIG_MANAGE_ADMIN` * **Permissions**: * All permissions for read, edit, import * **Roles allowed**: `ROLE_APP_CONFIG_MANAGE_ADMIN` * **Permissions**: * Can view Configuration parameters overrides in Application Runtime View menu * Can view Configuration parameters overrides page in read-only mode: * cannot add configuration param override * cannot edit a configuration param override * cannot delete a configuration param override * **Roles allowed**: * `ROLE_APP_CONFIG_OVERRIDES_MANAGE_READ` * `ROLE_APP_CONFIG_OVERRIDES_MANAGE_IMPORT` * `ROLE_APP_CONFIG_OVERRIDES_MANAGE_EDIT` * `ROLE_APP_CONFIG_OVERRIDES_MANAGE_ADMIN` * **Permissions**: * All permissions under read * Can import configuration parameters * **Roles allowed**: * `ROLE_APP_CONFIG_OVERRIDES_MANAGE_IMPORT` * `ROLE_APP_CONFIG_OVERRIDES_MANAGE_EDIT` * `ROLE_APP_CONFIG_OVERRIDES_MANAGE_ADMIN` * **Permissions**: * All permissions under read * Can add/edit configuration parameters overrides * **Roles allowed**: * `ROLE_APP_CONFIG_OVERRIDES_MANAGE_EDIT` * `ROLE_APP_CONFIG_OVERRIDES_MANAGE_ADMIN` * **Permissions**: * All permissions under read, edit, import * Can delete app config overrides * **Roles allowed**: `ROLE_APP_CONFIG_OVERRIDES_MANAGE_ADMIN` * **Permissions**: * Can view Dependencies entry in Application Config view menu * Can view Dependencies page in read-only mode * **Roles allowed**: * `ROLE_APP_DEPENDENCIES_MANAGE_READ` * `ROLE_APP_DEPENDENCIES_MANAGE_EDIT` * `ROLE_APP_DEPENDENCIES_MANAGE_ADMIN` * **Permissions**: * All permissions under read * Can add/edit dependencies * **Roles allowed**: * `ROLE_APP_DEPENDENCIES_MANAGE_EDIT` * `ROLE_APP_DEPENDENCIES_MANAGE_ADMIN` * **Permissions**: * All permissions under read, edit * Can delete dependency * **Roles allowed**: `ROLE_APP_DEPENDENCIES_MANAGE_ADMIN` ### Configuring access To define or adjust access for these roles, use the following format in your environment variables: ```plaintext theme={"system"} SECURITY_ACCESSAUTHORIZATIONS__SCOPES__ROLESALLOWED: NEEDED_ROLE_NAMES ``` Roles must be defined in your identity provider (e.g., Keycloak, RH-SSO, Entra or any compatible provider). Custom roles can be configured as needed, and multiple roles can be assigned to each scope.