Help Center>Foundation Help

Applies to:

Winshuttle Central roles, permissions, and privileges

The following page provides an overview and description of all the roles and associated privileges in Winshuttle Central groups.

Winshuttle Central respects the inherent SharePoint security model and only displays access to the sites, document libraries, and folders to which users have permission. This also applies to the configuration views within the Winshuttle Central Administration pages.

On this page

Note: If you add a user to the Site Owners group, they can then give themselves membership to any group on the site. This is a standard SharePoint privilege of the Owner's group. If you need to restrict a user to a single Winshuttle Administrative role, ensure they are not a member of the Owner's group.

Normally, any given SharePoint site comes with three built-in groups:

  • <Site name> Owners
  • <Site name> Members
  • <Site name> Visitors

<Site name> = the actual name of the site. A site named "Vendor Management", for example, would have 3 groups: Vendor Management Owners, Vendor Management Members, and Vendor Management Visitors.

When creating a Winshuttle Central site, there are many additional groups created in order to delegate Winshuttle roles to applicable team members.

Prior to assigning a Winshuttle license, a user needs to be a member of one of three built-in SharePoint groups and at least one of the custom Winshuttle Central Groups.

Typically, you will want to assign the average Winshuttle user to the Site Visitors group. Also:

  • If a team member participates in a non-Winshuttle list or library (such as a discussion board, custom list, or document library), then add that user to the Contributors group.
  • In the case where a team member needs to manage users within the groups, enable SharePoint auditing, or create lists or libraries, add the user to the Owners group.

Winshuttle Central administrator groups overview

Back to top

There are two categories of groups unique to a Winshuttle Central site: Administrators and Winshuttle users.

The following table lists the menu links displayed to users based upon their SharePoint Group Membership.

Winshuttle Central Administrator groups

Permission group and description

Site menu

Server menu

Audit & Reports menu

Transaction menu

Query menu

Central Functional Groups

This group includes Transaction Runners, Query Developers, etc. See Winshuttle User Groups (below) for additional information.

Manage SAP Credentials

Manage Scheduled Jobs

Scheduled Job History

Published Web Services




Central License Administrators

Members of this group govern the activation and delegation of Winshuttle licenses. Licenses are purchased in a group, referred to collectively as an 'activation', which a Winshuttle Central Administrator applies to a single SharePoint farm hosting Winshuttle. Once activated, each individual license can be assigned to a user that is already a member of at least 1 default site group and at least 1 Winshuttle group.

Activate Licenses

Manage Licenses





Central Reports Viewers

Members of this group can enable a SharePoint audit for actions that are run on files. Members of this group can also review web services that are used, review actions taken in Winshuttle Central Administration, and run reports on user activity and usage.



SharePoint Audit Report

Active Users

CLIENT Log Viewers

Web Services Log Viewer

CENTRAL Roles by Users

CENTRAL Administration Audit

Workflow Admin Site



Central Site Administrators

Members of this group get access to a wide array of configuration options, and are expected to manage things such as SAP application servers (including credentials and configuration), backups/restorations, and policies, restrictions and preferences for Transaction and Query usage.

Manage LDAP Connection

Log Settings

Manage Application Settings

Manage master pages

Email Templates

Back Up/Restore

Database connection

Workflow Configurations

TRANSACTION Services Configuration

QUERY Services Configuration

Published Web Services

Audit Configuration

SharePoint Audit Report

Active Users

CLIENT Log Viewers

Web Services Log Viewer

CENTRAL Roles by Users

CENTRAL Administration Audit

Workflow Admin Site



Application Servers

Manage Client Features

TRANSACTION Developer Scenarios

ROI Chart



Application Servers

System Usage Level Settings

Developer Proficiency Level Settings

Authorization Fields Settings

QUERY Developer Scenarios

Winshuttle user groups overview

Back to top

Winshuttle Users are groups that enable users to run a Winshuttle Studio application and use Winshuttle Central libraries and functions.

Note: These roles do not share overlapping privileges; for example, if a Transaction script developer also needs to run the scripts they develop for testing, they will need membership to both Transaction Developers and Transaction Runners.

Transaction Reviewers

Members of this group can approve or reject Transaction script files assigned to them by an approval process.

Transaction Developers

Members of this group can upload scripts with associated data templates to Central.

Transaction Runners

Members of this group can run data files in Transaction Runner and the Excel Add-In.

Query Reviewers

Members of this group can approve and reject Query scripts assigned to them by an approval process, and run scripts against Winshuttle Central.

Query Developers

Members of this group can upload Query scripts.

Query Runners

Members of this group can run Query scripts against Central and use additional Winshuttle Central functions.

Data Reviewers

Members of this group can approve and reject data files submitted by members of the Query Runners and Transaction Runner groups (see above) if an approval process is required.

System Web Service Developer

Members of this group can run Transaction and Query scripts that are mapped to XML for use as a Web service.

Transaction Access Developer

Members of this group can publish Transaction scripts that have Microsoft Access as the mapped destination.

Script development guidelines and best practices

Back to top

One of the most critical components to the Winshuttle environment is the .TXR or script file. The file contains the proper mapping and pointers to columns and data points.


  • Use capitalization carefully and consistently to improve readability for Transaction and/or Query Scripts. Some organizations use a standard of all-lowercase URLs; however, mixed-case URLs, such as ‘HumanResources’ provide improved readability for multi-word URLs.
  • Keep URLs short. A shorter URL is easier to remember and type. URLs are limited to 260 characters. Short URLs reduce the risk of overrunning that limit for content nested in a list or library.
  • Avoid spaces. Spaces in URLs are escaped by browsers and become %20, for example, Shared%20Documents. The escaped space is difficult to read and interpret and can be problematic in certain access scenarios. Avoid spaces in your URLs.

In addition to the recommendations above, consider the following parameters for SharePoint file names:

  • File names cannot use any of the following invalid characters: “ # % & * : < > ? \ / { | } ~
  • File names cannot contain more than 128 characters
  • File names cannot contain a period (.) in the middle of a file name
  • File names cannot begin or end with a period (.) 

Migrating users with activated Connect licenses to Winshuttle Central

Back to top

The following information only applies to users who have already activated Connect Licenses on their PCs.

  • Winshuttle recommends the users be on the same software version as the Winshuttle Central site. If the version for Connect is higher or lower, then please ensure the current version is removed and the correct one installed.
  • Any scripts / templates users should be uploaded to the site and to production to avoid downtime.
  • Users should be added to the necessary roles and groups for the license they are assigned.
  • Depending on your environment, users may need to be added to the production/non-production policies that the groups themselves may be assigned to.

Preparing applications for migration

Back to top

Showing hidden folders

Note: The folders might be hidden so you might have to unhide them using the process below:

  1. Click StartControl PanelAppearance and PersonalizationFolder Options.
  2. Click the View tab.
  3. Under Advanced settings, click Show hidden files and folders, and then click OK.

If you do not have the permissions required to unhide hidden folders on your PC, you will need to contact your IT department for assistance.

Once users have been created fully set up in Winshuttle Central, they must locate the AppOptions.xml for each application, and then delete the file.

The AppOptions.xml file should be located in the AppData folders at the following path:


Note: Users with multiple applications will need to repeat this for each application; for example, in the Winshuttle Transaction folder and the Winshuttle Query folder.

Once deleted, the user will be prompted to reactivate the application the next time it is run. At this point they must select Enterprise for the license type, and then provide the URL for the Winshuttle Central Site to complete activation.

Understanding script interaction

Back to top

Open the scripts directly from the Transaction/Query client or the Microsoft Excel Add-in. Not all files can be opened directly from Winshuttle Central (SharePoint) due to various SharePoint and/or Internet Explorer security settings. (You may need to work with your SharePoint administrator or IT staff to determine which limitations apply to your environment.)

Publish Scripts

When Transaction scripts are initially developed, they can only run in test mode, against non-production SAP systems. In order to promote the file for use in the production environment, you need to submit it for approval.

Advanced Run Options

When creating a script and publishing it, advanced run options can be saved together with the script and will be carried on to the production (final) version of the script.

At this point the recommended advanced run options settings are:

  • Append Timestamp to SAP log Messages
  • Skip Field indicator: \
  • Backup SAP Data
  • Run not posted

Additional settings can be added by the script creator or reviewer provided they maintain recommended settings.