Page tree
Skip to end of metadata
Go to start of metadata


With product version 4.7.2, we added the ability to generate three separate reports to assess the systems users, groups, permissions & authorizations. The reports can be extracted in xlsx or csv format.




User and group report

The new user and group report enables our customers to effortlessly export a list of the current users, groups, and group memberships. Therefore, this functionality targets audits, system assessments, and migrations to the Celonis EMS!


To create the export in xlsx or csv format, simply navigate to:

  • <celonis_url>/api/user_group_roles_report/xlsx
  • <celonis_url>/api/user_group_roles_report/csv


Note: The user generating the export requires the following three roles (e.g., the initial sysadmin user): 

  • System Administrator
  • Global Content Administrator
  • User Administrator

Content of the user and group report:

  • All users (incl. user information such as ID, name, e-mail, roles)
  • Groups the users are a member of (incl. group information such as ID, name, roles)
  • Effective roles of the users (taking into consideration the roles directly assigned to the users and the ones assigned to the users via group memberships)

Note: Any user can appear multiple times in the report if they are part of multiple groups.


Example (including selected columns):

User IDUser NameSystem AdminUser AdminContent AdminGroup IDGroup NameG. System AdminG. User AdminG. Content AdminEf. System AdminEf. User AdminEf. Content Admin
1sysadmintruetruetrue




truetruetrue
2analystfalsefalsefalse12analyststruefalsefalsetruefalsetrue
2analystfalsefalsetrue14analysts_EMEAfalsefalsefalsetruefalsetrue




Permission report

In addition to the user report, a permission report can be generated. This report lists the content permissions (folder, analysis, data model) of every user and if access was granted on a user- or group level.


To create the export in xlsx or csv format, simply navigate to:

  • <celonis_url>/api/user_permissions_report/xlsx
  • <celonis_url>/api/user_permissions_report/csv


Note: The user generating the export requires the following three roles (e.g., the initial sysadmin user): 

  • System Administrator
  • Global Content Administrator
  • User Administrator

Content of the permission report:

  • All content objects (incl. object information such as ID, name, type)
  • All users permitted to the content objects (incl. user information such as ID, name, e-mail)
  • In case the access is granted on group level: ID and name of the group that provides the permission to the respective user
  • The effective permissions on the content (Administrate, Create Document, Edit Document, View Document, Create Data Model, Edit Data Model, Use Data Model)
  • Further information about the project the content object is located in (ID, name)
  • The effective roles of the respective user (taking into consideration the roles directly assigned to the user and the ones assigned to the user via group memberships)

Note: Any given content object will appear multiple times in the report if more than one user can access it.


Example (including selected columns):

Entry IDEntry NameEntry TypeUser IDUser NameGroup IDGroup NameCreateEdit ViewProject IDProject NameEf. Content Admin
22P2P AnalysisDocument2analyst12analyststruetruetrue1P2Pfalse
23P2P_EMEAFolder2analyst

falsefalsetrue1P2Pfalse
24P2P DMData Model4engineer

truetruetrue1P2Pfalse




Authorization report

Lastly, an authorization report can be generated. This report lists authorization objects that have a manual value mapping (authorization objects querying databases are not taken into consideration here)



To create the export in xlsx or csv format, simply navigate to:

  • <celonis_url>/api/user_authorizations_report/xlsx
  • <celonis_url>/api/user_authorizations_report/csv


Note: The user generating the export requires the following three roles (e.g., the initial sysadmin user): 

  • System Administrator
  • Global Content Administrator
  • User Administrator

Content of the authorization report:

  • All data models with authorization objects assigned to them (incl. information such as ID, name)
  • All users the objects are assigned to (incl. information such as ID, name, e-mail)
  • All authorization objects with manual value mapping (incl. information such as name, authorized table, authorized column, and authorized values)
  • The projects the respective data models are located in (incl. information such as ID, name)


Note: Any authorization object will appear multiple times in the report, if

  • it is assigned to more than one user or data model
  • multiple values are permitted to the user


Example (including selected columns):

Data Model IDData Model NameUser IDUsernameAuthorization NameTableColumnValueProject NameProject ID
24P2P DM2analystP2P_EMEAEKKOMANDTM11P2P
24P2P DM2analystP2P_EMEAEKKOMANDTM21P2P
25P2P DM4engineerP2P_EMEAEKKOMANDTM21P2P
26AP DM4engineerAP_APACEKKOMANDTM22AP
  • No labels