Skip to main content

Privileges and Roles Reference

In Alteryx Analytics Cloud (AAC), you can create and assign roles, each consisting of 1 or more privileges. A privilege is a level of access to an asset in AAC, for example, a workflow in Designer Experience or dataset on the Data page.

For more information on privileges and roles, go to Overview of Authorization .

Privileges

These are the available privileges for assets in AAC, including the supported access levels...

Important

You can't directly assign privileges to a user. Use the Default, Custom, and Application-Specific roles to assign the correct privileges for users in your workspace.

Workflows

The Workflows privilege manages access to Designer Experience and Designer Desktop workflows.

Access Level

Name

Description

0

None

Assigned users can't perform operations on workflows.

1

Editor

Assigned users can view, edit, and share workflows.

2

Author

All of the above, plus...

Assigned users can create and delete workflows.

Flows

The Flows privilege governs access to Trifacta Classic flows.

Access Level

Name

Description

0

None

Assigned users can't see or use flows, including the pages where flows are available.

1

Viewer

Assigned users can access the Flows page and Flow View page for flows that the user owns or has been shared. Users can also run jobs on their own flows.

Users can't make changes to any flows.

2

Editor

All of the above, plus...

Assigned users can edit, share, and run jobs on flows to which they have access.

Note

By default, editors can also schedule flows. A Workspace Admin can disable this option.

Tip

Flow editors can edit any custom SQL used to import datasets into the flow.

3

Author

All of the above, plus...

Assigned users can create new flows, schedule flows, and delete flows.

Tip

If you've enabled deployment management, a deployment user should be assigned author-level access. Lesser flow roles might prevent the deployment user from properly importing and managing flows. Go to the Roles Page.

Connections

The Connections privilege governs access to connections.

Access Level

Name

Description

0

None

Assigned users can't see or use connections, including the pages where connections are available.

1

Viewer

Assigned users can access the Connections page for connections that the user owns or has been shared. Users can share connections.

Users can't make changes to any connections.

2

Editor

All of the above, plus...

Assigned users can edit and share connections to which they have access.

3

Author

All of the above, plus...

Assigned users can create and delete connections.

Datasets

The Datasets privilege manage access to imported datasets and reference datasets in AAC.

Access Level

Name

Description

0

None

Assigned users can't perform operations on datasets.

1

Viewer

Assigned users only can view datasets. Users can't edit datasets.

2

Editor

Assigned users can view, edit, and share datasets.

3

Author

All of the above, plus...

Assigned users can create and delete datasets.

Plans

The Plans privilege manages access to plans.

Access Level

Name

Description

0

None

Assigned users can't see or use plans, including the pages where plans are available.

1

Viewer

Assigned users can access the Plans page and Plan View page for plans that they own or have been shared.

Users can also run jobs on their own plans.

Users can cancel plan runs.

2

Editor

All of the above, plus...

Assigned users can edit, share, and run jobs on plans to which they have access.

Note

By default, editors can also schedule plans. A Workspace Admin can disable this option.

3

Author

All of the above, plus...

Assigned users can create new plans, schedule plans, and delete plans.

Standard Platform Roles

AAC provides these roles by default...

Note

You can't remove these roles.

Default

AAC assigns each user the Default role when you add the user. This role contains these privileges and access levels...

Privilege

Access Level—Name

Workflows

3—Author

Connections

3—Author

Datasets

3—Author

Plans

3—Author

Tip

You can modify the Default role if you want to set a lower level of base access for each new user of the product. Note that you can't edit the Workflows privileges for the Default role. For more information, go to Overview of Authorization.

Workspace Admin

This role provides super-user privileges to the assigned user.

Note

This role enables the user owner-level access to all objects in the project or workspace and access to all admin-level settings and configuration pages in the Admin Console. You shouldn't assign this role to many users. At least 1 user should always have this role.

Note

You can't modify or delete this role.

Application-Specific Roles

To access a specific application in AAC, a workspace user must have 1 application-specific role. A Workspace Admin or Account Admin can provision application-specific roles to each user. To view the application-specific roles and their associated permissions, go to the Permissions Matrix.

Note

Where applicable, adding a role to a user that permits the user to access the application increments the seat count for the licensed application. If insufficient seats are available for the application, the role is not assigned.

Note

Roles and authentication for Auto Insights aren't governed by AAC.