User Roles and Permissions
User roles are set by Curators (Gallery admins) in the Gallery Admin interface. User roles determine the user's level of access to Gallery users and assets.
Gallery users can have one of the following roles.
- Curator: Curators (Gallery admins) can access the Admin interface to perform administrative tasks. Curators also have all the privileges of an Artisan.
- Artisan: Artisans can publish, run, and share workflows in their private studio and shared collections.
- Member: Members can run workflows that are shared with them via collections.
- Viewer: Viewers can run public workflows on the Gallery home page and in districts.
- No Access: Blocks access to all Gallery assets. The No Access role is typically used in Galleries using either Integrated Windows Authentication or SAML Authentication to control initial access to the Gallery when new users sign up.
- Default: Assumes the default user role. Go to Set a Default User Role on the Gallery Configuration page for more info.
|View and run public workflows on the homepage||✓||✓||✓||✓|
|View and run workflows in collections||✓||✓||✓|
|Publish workflows and insights||✓||✓|
|View and run private workflows in a private studio||✓||✓|
|Add assets to collections||✓||✓|
|Share apps to the private Gallery||✓||✓|
|Administer all collections||✓|
|Admin API Access||✓|
In addition to user roles, there are several user permissions that you can set to control what users can do in the Gallery.
- Schedule Jobs: This permission allows the user to schedule workflows to run at a scheduled time. Note, you have to also enable workflow scheduling on the Configuration page for a user to be able to schedule jobs.
- Prioritize Jobs: This permission allow the user to prioritize a job. When there are multiple jobs in the queue, the job with the highest priority runs first.
- Assign Jobs: This permission allows the user to assign a specific worker to run a workflow.
- Create Collections: This permission allows the user to create collections.
- API Access: This permission allows the user to access the Gallery API. Go to the Gallery API Overview to learn more.
- Active: Set to No to prevent the user from accessing the Gallery.
Set a Default User Role
New Gallery users assume the default user role unless you add them to a group or assign a user role other than Default. Go to Understand Role Hierarchy. The default user role is set to Viewer by default. You can change the default role using the Default Role dropdown on the Gallery Configuration page. Go to Default Role on the Gallery Configuration page for more info.
Note, the default role is displayed as Evaluated in some places like the in the group Details.
A user's role, and their resulting Gallery access, can come from 3 places, the user role, the group role, or the default role. Gallery evaluates roles in this order: user role, group role, default role. Users' access resolves to the most specific role assignment. So, if a user's role assignment is any role other than Default, that is their role and corresponding access. If a user's role is Default, then the Gallery looks to see if they are in a group. If the user is in a group, they assume the group role. If they are not in a group they assume the default role.