Roles and Permissions

User roles determine which UI, command line, and web service features you can access in Determination. They also determine what, if any, access you have to Reporting and Certificate Manager.

A single user may have multiple roles associated with one or more companies. For example, a user may use the Sabrix System DBA and License Manager roles for one company, and the Certificate Manager and User Administrator roles for another company. The pages and actions they can view and run depend on the current company context.

The ^dba user, a default user included with ONESOURCE Indirect Tax Determination, includes both the Sabrix System DBA and User Administrator roles. This user has access to all pages and functionality needed to administer ONESOURCE Indirect Tax Determination, including assigning the other roles listed here to your company's users. The ^dba user can also create new roles for assignment.

The following tables provide a high-level description of each role.

Internal and External Company Roles
Tenant Company Roles
RESTful Service Roles

Internal and External Company Roles

These roles have access to Internal and External companies only. If a user accesses Tenant companies, be sure to assign the appropriate role from Tenant Company Roles.

Role	Description
Auditor	Provides view-only access to Tax and TransEditor data in order to determine how or why a particular result was received.
Certificate Manager	Enables access to Exemption Certificate data only. This user can create, modify, and delete Customers, Certificates, Certificate Authorities, and Product Exempt Authorities.
Certificate Manager Admin	Full access to Certificate Manager and required Determination web services.
Certificate Manager Super User	Full access to Certificate Manager and required Determination web services—with the exception of Certificate Manager system configuration
Certificate Manager User	Partial access to Certificate Manager for adding or editing customers and certificates and for running reports.
Certificate Manager View Only	Partial access to Certificate Manager for searching customers, contacts, or certificates and for running reports.
Company Administration	Allows you to delete Determination companies. We do not recommend deleting companies in production environments; however, if you must remove companies, use extreme caution because these changes are irreversible. When you delete companies with this role, you remove the company, all of its children, and related data. If there are users that only had access to one of the deleted companies, they will not be able to log on to Determination.
Custom Authority Manager	Enables access to all actions required to configure a custom authority, including specified actions on the Zone Authorities, Authorities, Rates, Cascading Rates, Rules, Cascading Rules, Authority Messages, Authority Options, Date Determination, Unit of Measure, and Delivery Terms pages.
License Manager	Enables access to all actions required to manage customer licenses, including the ability to configure license types.
Report Console User	Enables access to Reporting. Provides view-only access to Tax and TransEditor data in order to determine how or why a particular result was received.
Determination Administrator	A special role used by Consulting Services to modify data when troubleshooting or updating ONESOURCE Indirect Tax Determination.
Sabrix DBA	Enables access to Reporting and all pages and functionality needed to administer ONESOURCE Indirect Tax Determination except the following: Authority Options management. If this capability is desired, attach the Tax Data Administrator or Custom Authority Manager role as well. See the descriptions of these roles to determine which is appropriate in your environment. User and role management capabilities; if these are desired, attach the User Administrator role to the user as well.
Source System	Enables Determination tax calculation for one or more companies using a secure method. This role is not required for Workbench calculations. For more information, see Security Measures.
Super User Super User for Testing	Enables create, modify, and delete access to various company-specific Tax Settings (Product Mappings, Custom Rules, Exemption Certificates, etc.), Unit of Measure settings, XML Output and the TransEditor, Company tools, and the Workbench. View access is provided to other Tax Settings. The Super User does not have access to: Audit capabilities on the Workbench; the Super User for Testing does. Please see the note below. User and role management capabilities; if these are desired, attach the User Administrator role to the user as well. Custom Authority management capabilities, including Authority Options and Date Determination; if this capability is desired, attach the Tax Data Administrator or Custom Authority Manager role as well. See the descriptions of these roles to determine which is appropriate in your environment. Use of the Super User for Testing role is not recommended in production environments due to the ability to write data to Audit. Thomson Reuters suggests that you limit this role to test instances only.
Tax Data Administrator	Enables access to the Authority Options page, which stores tax calculation logic settings and overrides. Contact Customer Support before using this role or modifying data on this page, as changes to authority options may cause unintended tax results.
Tax Data Provider	Enables full access to shared Tax Settings (Zones, Authorities, Product Exceptions, Exempt Reasons, and Unit of Measure), Delivery Terms, and the TransEditor. Provides view-only access to Companies and Users tools. Prohibits all access, including view, to company-specific Tax Settings, the Workbench, Reports, and most System tools.
User Administrator	Enables the ability to add, modify, attach roles to, and delete users, as well as manage roles themselves. This role is often assigned in conjunction with one or more other roles (such as Super User). May exempt other users from password expiration policy, if active.
View Only	Super User with view-only capability and no access to some pages.

Tenant Company Roles

The following roles have access to Tenant companies only. These roles are specifically designed for multi-tenant implementations of Determination. Users assigned to these roles should be associated with a top level tenant company and its children.

Role	Description
Company Administrator	Provides the ability to add, modify, and delete child companies only. This role should be assigned at the tenant company level to allow the user to administer child companies only. This role cannot delete the tenant level company.
Company Certificate Admin	Ability to add, edit, and delete customers and exemption certificates as well as manage exempt reason codes. This role does not have access to Licenses.
Company Research User	Ability to access the Workbench, Reporting, and Rate Finder only.
Company Super User	Ability to manage Company Data and Custom Tax Data excluding the Date Determination and Authority Advanced menu options, Workbench Audit, Import/Export, System, TransEditors, Allocations, Locations, Materials, Currency Management, and more.
Company Super User View Only	Ability to view only configurations supported by Company Super User (e.g., Company Data and Custom Tax Data).
Company Tenant Administration	Ability to create, modify and delete a tenant type of company.
Company User Administrator	Enables full access to administer Users and Roles for a company and its child companies. This role is required to manage users and user roles for a given company and its child companies.

RESTful Service Roles

The following roles allow access to various RESTful web services used by external systems, such as the ONESOURCE Platform.

Role	Description
Administrator	Ability to view Users And Roles and manager Companies with few more.
Administrator User	Ability to manage Users And Roles.
Certificate Admin	Ability to manage Exemption Certificates.
Certificate User	Ability to manage Customers and Certificates of Exemption Certificates.
Certificate View Only	Ability to view Exemption Certificates.
External User System	Ability for Determination to manage permissions for requesting and providing user data with the ONESOURCE Platform user synch service.
Power User	Ability to view Users And Roles, Companies and manage Tax Jurisdictions, Product And Services, ERP Code Mappings, Custom Fields, Lookup Lists, Rate Search, Model Scenarios, ONESOURCE Content, Exemption Certificates and more.
Reporting User	Ability to manage Reporting.
Research User	Ability to manage Rate Search, Model Scenarios and view ONESOURCE Content and more.
Standard User	Ability to view Users And Roles, Companies, ERP Code Mappings, Custom Fields, Lookup Lists and manage Tax Jurisdictions, Product And Services, Rate Search, Model Scenarios, ONESOURCE Content, Exemption Certificates and more.
Tenant Access System	Ability for Determination to manage permissions for requesting tenant company data with the ONESOURCE Platform user synch service.
View Only User	View only access to those pages visible to the Power User.

View the specific permissions for each role

Select Menu > System > Roles.
Click the role you want to view.
Click the Edit tab.