If a plugin’s minimum view role is set to an out‑of‑the‑box role such as Viewer, users with a custom role will only be able to see that plugin if their custom role includes all of the permissions that Viewer has, not just the plugin-specific permissions.
Behavior
When a plugin is configured with a minimum user role (for example, Viewer), Cortex checks the user’s effective permissions against that role:
- Our backend validates that the user’s permissions contain every permission included in the plugin’s minimum required role.
- If any permission from that minimum role is missing, the user will not see the plugin in the list, even if they:
- Have all plugin edit permissions, or
- Have “most” of the Viewer permissions.
Example
To meet a plugin’s minimum role requirement with a custom role for the Viewer role, that role must include all of the following Viewer permissions:
- View CQL reports
- View initiatives
- View onboarding management
- View scorecards
- View catalogs
- View relationship graphs
- View reports
If any of these are missing, users with that custom role will not see plugins whose minimum role is set to Viewer.
How to fix when a user can’t see a plugin
If a user can register or edit plugins but does not see them in the plugins list:
- Check the plugin’s minimum user role. If it’s set to Viewer, continue below.
- Compare the user’s custom role to the Viewer permissions. Ensure the custom role contains all Viewer permissions listed above.
- Add any missing Viewer permissions to the custom role. After updating (for example, adding
View Onboarding Management), the user should be able to see and load plugins that require the Viewer role.
As an alternative, you can also:
- Change the plugin’s minimum user role to the custom role itself, so that users with that role can see it without needing Viewer, or
- Assign the user both the Viewer role and the custom role, if that fits your permission model.