Using the [SYSTEMOWNER] Expression in Message Flows for Permission Notifications
[SYSTEMOWNER] resolves to the email address of the person responsible for a collection or permission. Use it when access changes, so the right owner is notified instead of a fixed distribution list.
Common use cases
Notify the system owner when a user is granted, changed, or loses a permission.
Include the owner address in the message body or subject alongside other expressions.
Prerequisites
A System owner email must exist on the System role or its parent System (under System access).
Resolution order: System role → parent System → empty (no email sent).
When it is available
[SYSTEMOWNER] works only in history-based message flows. The connected ruleset must include EntryType with term equals (one of) and argument AddPermission, EditPermission, or DeletePermission.
Without one of these entry types, there is no permission history context to resolve the owner from.
Example: Permission granted
Ruleset:
EntryType equals (one of)
AddPermissionNewValue equals
5711(System role ID) — And
Message flow: Message type Custom, Add recipient [SYSTEMOWNER].
Example: Permission revoked
Same pattern, but EntryType = DeletePermission and filter on OldValue (not NewValue).
Where to use it
Add recipient — primary use; pair with message type Custom.
Message body and subject — expression is parsed like other variables.
How it resolves
Ruleset matches a permission history entry.
eADM reads the System role ID from NewValue (
AddPermission/EditPermission) or OldValue (DeletePermission).System owner is taken from the System role, or from the parent System if the role has none.
[SYSTEMOWNER]is replaced and the message is sent — one per matching history entry.
Tips
Set System owner before go-live; otherwise the expression resolves to empty.
Role-level System owner overrides system-level.
The System access wizard can generate the ruleset and set Add recipient to
[SYSTEMOWNER]when you choose System owner as recipient.