This article describes the [permissions](/docs/settings/identity-access-management/permissions) needed to use the [Automation Hub](/docs/automation).

To set the permissions, you need to create a user role or edit an existing one and open the Permissions matrix. In the matrix, the permissions are collected into groups. Some of these groups can be expanded to set more granular permissions.

## How to read this list

In this article, each heading describes an action. The permissions for that action are described in the form of breadcrumbs.

**For example**, if the required permissions are:
- **Profiles** > **Client list**: `read`
- **Search engine**: `create`, `edit`

The permission matrix needs to look like this:
<figure><img src="/api/docs/image/54176ad07f146575310749eba44b7c2f42c1b327/docs/settings/_gfx/permissions-example.png" class="large" alt="Permissions example"><figcaption>Permission example, see description above figure.</figcaption></figure>

The `read` permission is not explicitly listed when any higher permission is required - the portal enables it automatically.

## I want to...

### access the Automation Hub
**Automation** (any): `read`

### see workflows
**Automation** > **Journeys**: `read`

### see Control Center
- **Automation** (any): `read`
- **Audit Log**: `read`

### see workflow details
- **Assets** > **Tags**: `read`
- **Communication** > **_communication type_**: `read` - to see the statistics of a communication type used in the workflow
- `read` permissions to other Synerise elements, depending on the node - see the list in ["Create and edit workflows"](#create-and-edit-workflows).

### create and edit workflows
- **Automation** > **Journeys**: `create`, `edit`
- To view notes added to nodes in a workflow: **Automation > Notes**: `preview`
- To add notes to nodes and/or edit notes: **Automation > Notes**: `create`, `edit`
- To use incoming/outgoing integration nodes: **Automation** > **Custom blocks**: `read`
- To use Email Alert/SMS Alert Nodes: 
    - **Automation** > **Email Alert/SMS Alert**: `create`, `edit`
    - **Templates**: `read`
    - **Settings** > **Integrations**: `read`
    - **Profiles** > **Client list**: `read`
- Permissions to other Synerise elements, depending on the node:
    - **Analytics** > **Segmentations**, **Expressions**, **Aggregates**: `read` - to use profile filters
    - **Analytics** > **_analysis type_**: `read` - for other analyses used in nodes
    - **Profiles** > **Client list**: `read` - to see client attribute suggestions when entering a filter value
    - **Profiles** > **Client details** > **Client activities**: `read` - to see event attribute suggestions when entering a filter value
    - **Assets** > **Catalogs**: `read` - to access catalog lists
    - **Assets** > **Voucher pools**: `read` - to access voucher pool lists
    - **Settings** > **Connections** - `read` (to use existing connections), `create` and `edit` (to create new connections)
    - **Settings** > **API key**: `read` - to access the list of API keys in connections which require them
    - **Data export** > **_data type_**: `create`, `edit`. The data types are:
        - **Data export list** - required to see export jobs and download files
        - **Export analytics report** - "Get Analytics Report" node
        - **Export brickworks** - "Get Brickworks Schema Records" node
        - **Export campaign statistics** - "Get Statistics" node
        - **Export catalog data** - "Get Catalog Data" node
        - **Export metrics result** - "Get Metrics" node
        - **Export profiles** - "Get Profiles" node
        - **Save file** - "Save file" node
    - **Templates**: `read` - for nodes which require a template
    - **Settings** > **Integrations**: `read` - to access providers in communication nodes
    - **Settings** > **Global Control Group**: `read` - to see data in communication nodes

### start, pause, resume, and stop workflows
- **Automation** > **Journeys**: `execute`
- Additional permissions are required when the Automation contains any of the following nodes:
    - Email Alert node: **Automation** > **Email Alert**: `execute`
    - SMS Alert node: **Automation** > **SMS Alert**: `execute`
    - Nodes which require a permission from the **Data export** category: require the `execute` permission in that category to change the workflow status (see node list in ["Create and edit workflows"](#create-and-edit-workflows))

### save changes in an active workflow
- **Automation** > **Journeys**: `execute`

### delete workflows
- **Automation** > **Journeys**: `delete`

### clone workflows to another workspace
In the source and target workspace, you need:
- **Cloning**: `create` 
- `create` and `edit` permissions for the cloned workflow and all nested objects that will also be cloned in the process

To learn more about cloning, see [Cloning objects to other workspaces](/docs/settings/workspace/cloning-objects).

### see Data Transformation rules
**Automation** > **Journeys**: `read`

### create, edit, publish, and unpublish data transformation rules
- **Automation** > **Journeys**: `execute`, `create`, `edit`

### delete data transformation rules
- **Automation** > **Journeys**: `delete`

### see incoming/outgoing integrations
- **Automation** > **Journeys**: `read`
- **Automation** > **Custom blocks**: `read`

### create and edit incoming/outgoing integrations
- **Automation** > **Custom blocks**: `create`, `edit`
- **Assets** > **File explorer**: `create` - to upload an icon
- **Outgoing only**:
    -  **Assets** > **Schema builder**: `read`
    -  **Settings** > **Connections**: `create`, `edit`

### publish incoming/outgoing integrations
**Automation** > **Custom blocks**: `execute`

### delete incoming/outgoing integrations
**Automation** > **Custom blocks**: `delete`