Permissions and User Roles

Last modified: February 10, 2021

Users can have a platform role (Platform Admin), a site role (individual role on a site), or a group role (role inherited from a group). Platform admins can assign the platform admin role. Site admins can assign group and individual site roles. Non-admins can’t change or assign roles. A user must have a role to sign in to the platform or a site. If an admin removes all of a user’s roles, the user is automatically removed from sites.

There are 5 default roles available to assign to a user:

  • Consumer

    • Files—view, share, and download as file permissions allow
    • Workflows—Run workflows that have been shared with them, but not on a recurring schedule.
    • Data Sources—Use data sources that have been shared with them.
    • Connections—Own and share
  • Contributor

    • Files—View, share, download, create, edit, and delete files on the site. 
    • Workflows—Run workflows and create recurring schedules. 
    • Data Sources, Connections, and Credentials—Create, manage and share, as permissions allow. 
  • Data Steward

    • Data Sources, Connections, and Credentials—Create, manage and share, as permissions allow.  
    • Data Sources and Credentials—View all and change ownership.
    • Load metadata and associate data sources.
  • Platform Admin

    • Create and edit sites
    • Assign and remove licenses from users
    • Add and remove users from Analytics Hub
    • Create, Add and Remove Site and Platform Admins
    • Add licenses Analytics Hub
    • Configure LDAP, SSO and SMTP
    • Set platform Base Address for emails and links
    • Set Logging Level
    • Configure default Run As account and Run Mode
    • Create, manage and remove Job Tags
    • Configure platform notifications
    • Set platform-level restricted file types and size
    • Configure engine worker settings
    • View and cancel running jobs
    • View disk usage
    • Set platform-level sharing restriction
  • Site Admin

    • Create users on the platform
    • Add and remove users from site
    • Add, remove and edit groups
    • Manage roles of users and groups
    • Set site-level sharing restriction
    • Manage all files on the site
    • Create, edit, delete or share data source*
    • Create, edit, delete or share data connection*
    • Create, edit or delete credential*
    • Create, edit, delete or share Run As identities*
    • Set default workflow priority
    • Set site-level restricted file types and size
    • Set data preview setting for Data Catalog

To see details about roles and permissions in the application, sign in as an admin and go to User Management > Roles.

Screenshot of User Roles table

Permissions Details

Read – Users can view, share and download.
Write – Users can create, edit and delete.
Run – Users can run workflows and apps.
Schedule – Users can schedule workflows and apps.

Data Connection Manager
Read All – User can view and use data sources, connections and credentials. 
Write Data Sources – User can create, edit and delete data sources.
Share Data Sources – User can share data sources.
Write Connections – User can create, edit and delete data connections and credentials.
Share Connections – User can share data connections.
View Objects – User can see all all data connections, credentials, and data sources.
Change Ownership – User can change ownership any data connection, credential, data source.
Load Metadata – User can run metadata loaders.
Associate Data Sources – User can associate data sources they don’t own.

Was This Page Helpful?

Running into problems or issues with your Alteryx product? Visit the Alteryx Community or contact support. Can't submit this form? Email us.