Privileges and Roles Reference
In your workspace, you can create and assign roles, each of which consists of one or more privileges. A privilege is a level of access to a type of workspace object, such as flows.
Below, you can review the available workspace privileges, including the supported levels for each.
For more information on privileges and roles, see Overview of Authorization.
Privileges
Flows
The flows privilege governs access to flow objects in the workspace.
Access Level | Name | Description |
|---|---|---|
0 | none | Assigned role cannot see or use flows, including the pages where flows are available. |
1 | viewer | Assigned user can access Flows page and Flow View page for flows that the user owns or has been shared. User can also run jobs on the user's own flows. User cannot make changes to any flows. |
2 | editor | All of the above, plus: Assigned user can edit, share, and run jobs on flows to which the user has access. Note By default, editors can also schedule flows. This option can be disabled by an administrator. Tip Flow editors can edit any custom SQL used to import datasets into the flow. |
3 | author | All of the above, plus: Assigned user can create new flows, schedule flows, and delete flows. |
Tip
If you have enabled deployment management, a deployment user should be assigned author-level access for the workspace. Lesser flow roles may prevent the deployment user from properly importing and managing flows. See Workspace Roles Page.
Connections
The connections privilege governs access to connection objects in the workspace.
Access Level | Name | Description |
|---|---|---|
0 | none | Assigned role cannot see or use connections, including the pages where connections are available. |
1 | viewer | Assigned user can access Connections page for connections that the user owns or has been shared. User can share connections. User cannot make changes to any connections. |
2 | editor | All of the above, plus: Assigned user can edit and share connections to which the user has access. |
3 | author | All of the above, plus: Assigned user can create new connections and delete connections. |
Plans
The plans privilege manages access to plan objects in the workspace.
Access Level | Name | Description |
|---|---|---|
0 | none | Assigned role cannot see or use plans, including the pages where plans are available. |
1 | viewer | Assigned user can access Plans page and Plan View page for plans that the user owns or has been shared. User can also run jobs on the user's own plans. User cannot make changes to any plans. |
2 | editor | All of the above, plus: Assigned user can edit, share, and run jobs on plans to which the user has access. Note By default, editors can also schedule plans. This option can be disabled by an administrator. |
3 | author | All of the above, plus: Assigned user can create new plans, schedule plans, and delete plans. |
Standard Roles
The following roles are provided with the product.
Note
The following roles cannot be removed from a workspace.
default
The default role is assigned to each user when the user is initially created. This role contains the following permissions.
Privilege | Access Level/Name |
|---|---|
Flows | 3 - author |
Connections | 3 - author |
Plans | 3 - author |
Tip
You can modify the default role if you want to set a lower level of base access for each new user of the product. For more information, see Overview of Authorization.
Workspace admin
This role provides super-user privileges to a workspace user.
Note
This role enables for the user owner-level access to all objects in the workspace and access to all admin-level settings and configuration pages in the admin console. This role should not be assigned to many users. At least one user should always have the Workspace admin role.
Note
You cannot modify or delete the Workspace admin role.