Permissions and User Roles
Users can have a platform role (Platform Admin), a site role (individual role on a site), or a group role (role inherited from a group). Platform admins can assign the platform admin role. Site admins can assign group and individual site roles. Non-admins can’t change or assign roles. A user must have a role to sign in to the platform or a site. If an admin removes all of a user’s roles, the user is automatically removed from sites.
There are 5 default roles available to assign to a user:
- Consumer – Consumers can view, share, and download files on the site, as permissions allow. They can run workflows that have been shared with them, but can’t run them on a recurring schedule. They can use data sources and connections that have been shared with them but can’t create or manage them.
- Contributor – Contributors view, share, download, create, edit, and delete files on the site. They can run and create recurring schedules for workflows that have been shared with them. They can create, manage and share data sources, connections, and credentials, as permissions allow. They can’t perform site administration tasks.
- Data Steward – Like a Contributor, Data Stewards can create, manage and share data sources, connections, and credentials as permissions allow. They can also load metadata, associate data sources, view all and change ownership of data sources and credentials.
- Site Admin – Site Admins are responsible for managing users, groups, and roles on their site. As part of these responsibilities, they can add users to their site, assign them roles and groups, and create groups. They can also manage files, data sources, connections and credentials, as required. Site admins have access to all content and user actions on the site regardless of permissions that have been directly granted to them.
- Platform Admin – Platform Admins are responsible for setting up the platform and managing licenses. As part of these responsibilities, they can change platform settings, manage users and user directories, create and delete sites, and manage license keys. By default, Platform Admins do not have access to the sites they create. They also do not have permission to see content in those sites. Platform Admins can add themself as a Site Admin on a given site. A Site Admin can add Platform Admins to a site as a user on that site. Platform Admins do not consume a license until they have been added to a site.
To see details about roles and permissions in the application, sign in as an admin and go to User Management > Roles.
Read – Users can view, share and download.
Write – Users can create, edit and delete.
Run – Users can run workflows and apps.
Schedule – Users can schedule workflows and apps.
Data Connection Manager
Read All – User can view and use data sources, connections and credentials.
Write Data Sources – User can create, edit and delete data sources.
Share Data Sources – User can share data sources.
Write Connections – User can create, edit and delete data connections and credentials.
Share Connections – User can share data connections.
View Objects – User can see all all data connections, credentials, and data sources.
Change Ownership – User can change ownership any data connection, credential, data source.
Load Metadata – User can run metadata loaders.
Associate Data Sources – User can associate data sources they don’t own.