View and act on Applications data and configuration

• Update application info, state, and owner
• Create and edit - Setting/Hidden application
• Create and edit - Setting/Application details
• Add custom applications
• Import application users manually

View only Application data and configuration

• View Application data 
• View Setting/applications details and Setting/hidden Applications

View user information and application usage 

• Review Users page
• Review Single user page
• Review the User tab in the Single Application view
• See data about users coming from HR systems
• Review Application usage of a single user
• Indications about user Offboarded badge, Notification
• Review reports: Inactive users and application end users
• Review details about Inactive users  

Can configure workflows and run them, Configure Offboarding and App Catalog automatic policies.

• Edit and update workflows
• Manual triggering of user actions on users:
  • Take action on Inactive users and in-app recommendation
  • Take action on bulk and single users through the Application page
• Configure and edit the "automatic" offboarding policy configuration
• Configure and revise App catalog policies. 
• Configure settings which trigger workflows or automatic actions, such as Employee definition, Automatically Reassign Stakeholders, etc. 

• View workflow configuration and logs.
• View offboarding automatic policy configuration and offboarding setting
• View App catalog request access policy configuration

Is not exposed to workflow data configuration or logs.

• Can not trigger manual action for users 
• Can not configure App catalog request policy 
• Can not configure Offboarding actions

Configure and take action over integrations 

• Connect, rename, reconnect, disconnect, and sync integrations.
• Read integration capabilities, See integration status, and Last synced info.

Configure the following tabs in settings:

• General
• Security
• API Access
• Browser extension

These settings include:
Company name, Displayed currency, User lifecycle, Inactivity period, Extension mode, Generate API Key, hide Geolocation data.

• Create Custom Roles 
• Invite Torii Members

• Setting - Application Details
• Setting - Custom Applications
• Setting - Hidden Applications

• Setting - Contract Details 

View public views 

Users with this permission are not exposed to the public view configuration.

Configure offboarding methods and take actions on offboarding users  

• Start, stop, skip and re-open employee offboarding
• Configure and edit offboarding policy per application
• Subscribe to the "Offboarding status" notification

Configure App catalog access and specific App request policies 

• Enable and disable Application Catalog access
• Configure Application Catalog settings

Note that in order to create and edit automated policies the user requires a Workflows take action scope in addition to this scope.

• Download user access review report
• View access reviews list

Configure and take action over license costs and chargebacks.

• View and configure chargebacks as long as both Contracts and Expenses scopes are at least "Read only"
• Update "Annual cost" on single user page/chargeback config
• Review Expected cost saving in the License/Recommendations tab

• View chargebacks as long as both Contracts and Expenses scopes are at least "Read only"

• View the Licenses page and recommendations without license cost and estimated savings.
• Chargeback is hidden

Can review and edit financial information related to expenses. 

• Review expenses page
• Review Expense Analysis report
• Review the Expense tab in a single application view
• Upload and delete expense files
• Archive and unarchive transactions
• Edit matching rules

• Expenses pages and reports are hidden
• Expenses columns and custom currency fields are hidden from application tables and reports
• Attached documents are hidden from the application page
• Chargeback is hidden

Review and create contracts

• Review Contracts tab in single app view
• Review Renewal page
• Review report Applications and Contracts
• Get Notified about the upcoming renewal date (in single app view)
• Add, edit and delete contracts
• Create and edit Setting/contract details
• Upload Documents

• Contracts and renewal pages including related reports are hidden
• Contract columns and custom currency fields hidden from application table and reports
• Attached documents are hidden from the application page
• Chargeback is hidden