Permissions and User Roles
Users can have a platform role (Platform Admin), a site role (individual role on a site), or a group role (role inherited from a group). Platform admins can assign the platform admin role. Site admins can assign group and individual site roles. Non-admins can’t change or assign roles. A user must have a role to sign in to the platform or a site. If an admin removes all of a user’s roles, the user is automatically removed from sites.
There are 5 default roles available to assign to a user:
-
Consumer
- Files—view, share, and download as file permissions allow
- Workflows—Run workflows that have been shared with them, but not on a recurring schedule.
- Data Sources—Use data sources that have been shared with them.
- Connections—Own and share
-
Contributor
- Files—View, share, download, create, edit, and delete files on the site.
- Workflows—Run workflows and create recurring schedules.
- Data Sources, Connections, and Credentials—Create, manage and share, as permissions allow.
-
Data Steward
- Data Sources, Connections, and Credentials—Create, manage and share, as permissions allow.
- Data Sources and Credentials—View all and change ownership.
- Load metadata and associate data sources.
-
Platform Admin
- Create and edit sites
- Assign and remove licenses from users
- Add and remove users from Analytics Hub
- Create, Add and Remove Site and Platform Admins
- Add licenses Analytics Hub
- Configure LDAP, SSO and SMTP
- Set platform Base Address for emails and links
- Set Logging Level
- Configure default Run As account and Run Mode
- Create, manage and remove Job Tags
- Configure platform notifications
- Set platform-level restricted file types and size
- Configure engine worker settings
- View and cancel running jobs
- View disk usage
- Set platform-level sharing restriction
-
Site Admin
- Create users on the platform
- Add and remove users from site
- Add, remove and edit groups
- Manage roles of users and groups
- Set site-level sharing restriction
- Manage all files on the site
- Create, edit, delete or share data source*
- Create, edit, delete or share data connection*
- Create, edit or delete credential*
- Create, edit, delete or share Run As identities*
- Set default workflow priority
- Set site-level restricted file types and size
- Set data preview setting for Data Catalog
To see details about roles and permissions in the application, sign in as an admin and go to User Management > Roles.
Permissions Details
Files
Read – Users can view, share and download.
Write – Users can create, edit and delete.
Run – Users can run workflows and apps.
Schedule – Users can schedule workflows and apps.
Data Connection Manager
Read All – User can view and use data sources, connections and credentials.
Write Data Sources – User can create, edit and delete data sources.
Share Data Sources – User can share data sources.
Write Connections – User can create, edit and delete data connections and credentials.
Share Connections – User can share data connections.
View Objects – User can see all all data connections, credentials, and data sources.
Change Ownership – User can change ownership any data connection, credential, data source.
Load Metadata – User can run metadata loaders.
Associate Data Sources – User can associate data sources they don’t own.