Although the ApplicationGroup and their content is quite dynamic, we will quickly dive into the most important subpanels.


On this page admins can manage User accounts and permission related data.

Access requests

AccessRequest: related to User. Access requests can be requested by a user and must be approved by a handler that has at least the requested permissions to the requested object.

ApplicationToken authorizations

ApplicationToken: an application token can be generated and given appropriate permissions so that application consumers can request information.

ApplicationToken authorization profiles

ApplicationTokenAuthorizationProfile: used to relate an ApplicationToken to an AuthorizationProfile.

Atomic permissions

AtomicPermission: related to User. Atomic permissions can be given to a user to grant them specific access to specific objects.

Blueprint permissions

BlueprintPermission: related to Role. Blueprint permissions pertain to the objects:

  • zaak,

  • document.

They hold policies that specify:



  • maximum confidentiality level.


User: users should be automatically generated when they try to login through SSO.


Group: related to User. Groups can host multiple users and users can be part of multiple groups.


Role: holds a set of BlueprintPermission.


Token: a token generated for a specific User. Should not normally be used, rather use the ApplicationToken.

User authorization profiles

UserAuthorizationProfile: used to relate a User to a specific AuthorizationProfile.



Activity: ad-hoc activities can be created in a ZAAK and are tasks that are not part of the business process. Activities can be assigned to User or Group.


Event: a notable log-worthy event pertaining to a specific Activity.

Admin index

Application groups

ApplicationGroup: used to manage the appearance of the admin panel.


Access attempts

AccessAttempt: manage failed access attempts to the ZAC. Here you can clear the attempts if users are locked out.

Access logs

AccessLog: monitor failed access attempts.



Board: manage boards, AKA dashboards. Boards hold BoardColumn s. Board columns hold board items, which currently hold ZAAK or OBJECT URL-references.

Board columns

BoardColumn: manage board columns. Related to Board. A board column holds BoardItem.

Board items

BoardItem: manage board items. Related to BoardColumn.


Camunda configuration

CamundaConfig: manage camunda configuration. Here you can configure the required credentials to connect with Camunda.

Camunda tasks

KillableTask: manage which camunda tasks are killable and which aren’t. I.e., can be cancelled by users.

Django auth adfs db

ADFS configuration (legacy)

ADFSConfig: manage the ADFS config. You can switch the ADFS on or off, configure the settings, secrets and username claims.

Elasticsearch configuration

Search reports

SearchReport: manage saved search queries related to elasticsearch. A search report can be used to quickly requery complex searches. These are not results but merely the query.


Registed subscriptions

Subscription: manage subscriptions to Open Notificaties channel subscriptions. Used to automatically set the required notifications.


OrganisatieOnderdeel: manage “organisatieonderdelen”. Not currently used.



Site: manage host site. There should be only one row and its domain should point to public URL of application.


BRP configuration

BRPConfig: manage which Service points to the BRP.

DoWC configuration

DowcConfig: manage which Service points to the DoWC.

Forms configuration

FormsConfig: manage which Service points to the Open Forms. Not currently used.

Global configuration

CoreConfig: manage the core configuration of the ZAC. In here you configure the primary services, authorization ID of the BPTL and whether or not you allow non-ADFS login. The names of the fields are designed to be self-explanatory.

Kadaster configuration

KadasterConfig: manage which Service points to the Kadaster. Also configures the locatieserver to be used.

Kownsl configuration

KownslConfig: manage which Service points to the Kownsl.

Meta objecttype configuration

MetaObjectTypesConfig: manage the URL-references of meta objecttypes. The fields and the dropdown values are designed to be self self-explanatory. Required for checklist functionality, storing historic ZAAK behandelaren, providing basic information to kick start business processes in camunda and dropdown values for ZAAKEIGENSCHAPpen.

ZGW consumers

NLX configuration

NLXConfig: manage NLX configuration. Not currently used.


Service: manage services. Please refer to config for instructions.


Landing page configuration

LandingPageConfiguration: manage landing page configuration. This is where you construct the sections, titles, links and images of the landing page.

Mozilla django oidc db

OpenIDConnectConfig: manage OIDC/SSO configuration. Supercedes ADFS configuration.