Roles and policies management


You must be given explicit access to be able to manage access.
Managed role having access: System admin


If you're new to Bluestone PIM, getting to know the permissions and access could be a good place to start. Access management enables you as an administrator to manage user/user group access and permissions through managed roles, custom roles and policies.

With access management, administrators can ensure that only authorized users can access sensitive data and functionalities, reducing the risk of data breaches and unauthorized activities.


Roles overview 

Create a custom role    Set/unset role as default    Delete a custom role   

    Policies overview

Add a policy    Rename a policy    Delete a policy


Go to Settings | Access management to manage your organization's roles and policies:




Roles overview


Bluestone PIM uses the following definitions:

  • Managed roles: Pre-established roles equipped with a definite set of permissions and constraints. See the following section for an overview.
  • Custom roles: Roles that can be created and customized according to specific organizational requirements.
  • Default role: Setting a role as default implies that all new users will automatically be assigned this role. 

For information on how to assign roles to a user or user group, please see User management and User groups management.

Managed roles

Managed roles are pre-defined and managed by Bluestone PIM. These are marked with a padlock icon.

Select a role to view its permissions within the different modules:

The following managed roles are defined:

  • SYSTEM ADMIN: This role allows complete access to manage the PIM platform, including access management and configuration of a PPE dashboard.
  • PLUGIN ADMIN: This role enables the user to access all available features in plugins assigned to the organization.
  • PIM ADMIN: This role provides access to PIM definitions such as attributes, catalog, categories, and relations, along with labels, tasks, and notifications.
  • PIM WRITE: This role allows users to create and edit product information such as attribute values, catalogs/categories, assets, relations and labels.
  • PIM READ: This role provides read-only access to product information such as attributes, catalogs/categories, assets, relations and labels.
  • PIM PERSONALIZED: This role gives users access to the PPE module which provides a simplified user interface for product management.
  • SUPPLIER: This role gives users access to the PPE module which provides a simplified user interface for product management. Typically assigned to supplier users where product updates need to be approved.

    Note: Both the PIM Personalized and Supplier roles give access to edit the product number and description. A new PPE role must be set up to disallow this.

  • DAM WRITE: This role allows the user to upload and edit assets.
  • DAM READ: This role provides read-only access to assets.
  • RULES ENGINE WRITE: This role provides access to create and edit rules from the Rules engine plugin and the Rules engine tab of Categories.
  • RULES ENGINE READ: This role allows read-only access to the Rules engine plugin and the Rules engine tab of Categories.
  • FTP: This role enables users to upload assets using an FTP client. Only one user in the organization can be assigned to this role.


Create a custom role

Custom roles in Bluestone PIM allow administrators to create roles tailored to specific organizational requirements. 

  • Navigate to Settings | Access Management.

  • Click the plus icon located in the Roles section to the left.
  • Specify the name of the new role and click the Confirm button.
  • Specify which permissions the role should have.

Please see Assign permissions to a role for more information.


Set/unset a role as default

Any type of role can be set as default. Do the following:

  • Navigate to Settings | Access Management.
  • Hover over the desired role and click the 3-dots menu.
  • Select Set role as default.



    When adding a new user, the default role will be assigned:


If you don't want any role to be added by default when assigning roles to users, do the following:

  • Navigate to Settings | Access Management.
  • Hover over the role set as default and click the 3-dots menu.
  • Select Unset role as default.

Delete a custom role

Follow these steps to delete a custom role:

  • Navigate to Settings | Access Management.
  • Hover over the desired role and click the 3-dots menu.
  • Select Delete.




Policies overview

Policies are used to explicitly specify which Bluestone PIM contents restricted users can access. A restricted user is linked to one/more policies. Each policy is given access to relevant attributes, catalogs, products in catalogs and/or relations.

For information on how to assign policies to a restricted user or user group, please see User management and User groups management.

Add a policy

  • Navigate to Settings | Access Management.
  • Open the Policies section.
  • Click the plus icon located on top.
  • Specify the name of the new policy and click the Confirm button.
  • Specify access to attributes, catalogs, products in catalogs and/or relations by adding the policy to each relevant element.

Please see Assign permissions to a policy for more information.

Delete a policy

  • Navigate to Settings | Access Management.
  • Open the Policies section.
  • Hover over the relevant role and click the 3-dots menu.
  • Select Delete.

    Rename a policy

    • Navigate to Settings | Access Management.
    • Hover over the relevant role and click the 3-dots menu.
    • Select Rename. The following window is presented:

    • Update the name.
    • Click Ok to confirm.

    Back to the top