Skip to main content


The tenant file allows you to define permissions for your members inside your tenant. Permissions are used to restrict access to certain features of your tenant on the different services.

A permission is represented by a string. You can find them in the Permissions Reference.

How to add permissions

As you saw in the previous section, the tenant file contains a groups property. This property is an array of groups. Each group contains a permissions property which is an array of permissions.

# ...
- slug: group-A
members: [xavier.login]

You can simply add a permission to a group by adding it to the permissions array. You can also create a new group and add permissions to it.

Permissions Reference


Permission nameDescription
INTRA_TRACE_READAllows the user to read traces on Operator.
INTRA_TRACE_RETRYAllows the user to retry traces on Operator.
INTRA_TRACE_PUBLISHAllows the user to publish traces on Operator (i.e. make traces visible for students).
INTRA_IMPERSONATEAllows the user to impersonate other users on the Forge Intranet.
INTRA_REPO_CLONEAllows the user to clone student repositories on the Forge Intranet.
INTRA_NODE_READAllows the user to access all nodes where they are registered without having to validate previous nodes.

To impersonate a user, you need to add ?login=<login> in the URL. (e.g., ?login=xavier.login)


Impersonation does not work on the home page of the intranet because no tenant is selected yet on this page.


This permission does not allow the user to make a submission on a node.


Permission nameDescription
FORMS_CREATEAllows the user to create forms.
FORMS_PUBLISHAllows the user to publish forms.
FORMS_REGISTRATIONAllows the user to add surveyed people to forms.
FORMS_EXPORTAllows the user to access the result page


Permission nameDescription
SYLLABUS_READAllows the user to read existing syllabus.
SYLLABUS_CREATEAllows the user to create syllabus.