Privileges and Roles Reference
In Alteryx Analytics Cloud (AAC), you can create and assign roles, each consisting of 1 or more privileges. A privilege is a level of access to an asset in AAC, for example, a workflow in Designer Experience or dataset on the Data page.
For more information on privileges and roles, go to Overview of Authorization .
Privileges
These are the available privileges for assets in AAC, including the supported access levels...
Important
You can't directly assign privileges to a user. Use the Default, Custom, and Application-Specific roles to assign the correct privileges for users in your workspace.
Workflows
The Workflows privilege manages access to Designer Experience and Designer Desktop workflows.
Access Level | Name | Description |
|---|---|---|
0 | None | Assigned users can't perform operations on workflows. |
1 | Editor | Assigned users can view, edit, and share workflows. |
2 | Author | All of the above, plus... Assigned users can create and delete workflows. |
Flows
The Flows privilege governs access to Trifacta Classic flows.
Access Level | Name | Description |
|---|---|---|
0 | None | Assigned users can't see or use flows, including the pages where flows are available. |
1 | Viewer | Assigned users can access the Flows page and Flow View page for flows that the user owns or has been shared. Users can also run jobs on their own flows. Users can't make changes to any flows. |
2 | Editor | All of the above, plus... Assigned users can edit, share, and run jobs on flows to which they have access. Note By default, editors can also schedule flows. A Workspace Admin can disable this option. Tip Flow editors can edit any custom SQL used to import datasets into the flow. |
3 | Author | All of the above, plus... Assigned users can create new flows, schedule flows, and delete flows. |
Tip
If you've enabled deployment management, a deployment user should be assigned author-level access. Lesser flow roles might prevent the deployment user from properly importing and managing flows. Go to the Roles Page.
Connections
The Connections privilege governs access to connections.
Access Level | Name | Description |
|---|---|---|
0 | None | Assigned users can't see or use connections, including the pages where connections are available. |
1 | Viewer | Assigned users can access the Connections page for connections that the user owns or has been shared. Users can share connections. Users can't make changes to any connections. |
2 | Editor | All of the above, plus... Assigned users can edit and share connections to which they have access. |
3 | Author | All of the above, plus... Assigned users can create and delete connections. |
Datasets
The Datasets privilege manage access to imported datasets and reference datasets in AAC.
Access Level | Name | Description |
|---|---|---|
0 | None | Assigned users can't perform operations on datasets. |
1 | Viewer | Assigned users only can view datasets. Users can't edit datasets. |
2 | Editor | Assigned users can view, edit, and share datasets. |
3 | Author | All of the above, plus... Assigned users can create and delete datasets. |
Plans
The Plans privilege manages access to plans.
Access Level | Name | Description |
|---|---|---|
0 | None | Assigned users can't see or use plans, including the pages where plans are available. |
1 | Viewer | Assigned users can access the Plans page and Plan View page for plans that they own or have been shared. Users can also run jobs on their own plans. Users can cancel plan runs. |
2 | Editor | All of the above, plus... Assigned users can edit, share, and run jobs on plans to which they have access. Note By default, editors can also schedule plans. A Workspace Admin can disable this option. |
3 | Author | All of the above, plus... Assigned users can create new plans, schedule plans, and delete plans. |
Standard Platform Roles
AAC provides these roles by default...
Note
You can't remove these roles.
Default
AAC assigns each user the Default role when you add the user. This role contains these privileges and access levels...
Privilege | Access Level—Name |
|---|---|
Workflows | 3—Author |
Connections | 3—Author |
Datasets | 3—Author |
Plans | 3—Author |
Tip
You can modify the Default role if you want to set a lower level of base access for each new user of the product. Note that you can't edit the Workflows privileges for the Default role. For more information, go to Overview of Authorization.
Workspace Admin
This role provides super-user privileges to the assigned user.
Note
This role enables the user owner-level access to all objects in the project or workspace and access to all admin-level settings and configuration pages in the Admin Console. You shouldn't assign this role to many users. At least 1 user should always have this role.
Note
You can't modify or delete this role.
Application-Specific Roles
To access a specific application in AAC, a workspace user must have 1 application-specific role. A Workspace Admin or Account Admin can provision application-specific roles to each user. To view the application-specific roles and their associated permissions, go to the Permissions Matrix.
Note
Where applicable, adding a role to a user that permits the user to access the application increments the seat count for the licensed application. If insufficient seats are available for the application, the role is not assigned.
Note
Roles and authentication for Auto Insights aren't governed by AAC.