Skip to main content

Workspace Admin Permissions

Workspace Admins are responsible for the configuration and maintenance of individual workspaces.

Configuration

The workspace admin can enable and disable features and capabilities in the workspace. For more information, see Workspace Settings Page.

User Management

A workspace admin can administer all of the other users of the workspace, including disabling or deleting the user. See Users Page.

Object Access

A workspace admin has owner-level access to objects in the workspace.

注意

A workspace admin can access these objects like their owners, even if the objects have not been shared.

This access applies, but is not limited, to the following types of objects:

  • Connections (see below)

  • Output objects

  • Job profiles and results

A workspace admin has collaborator-level access to the following objects:

  • Imported datasets

  • Macros

  • Schedules

Data Access

The workspace admin can access the data of individual users under the following conditions.

注意

Workspace admin privileges do not affect access permissions on outside storage systems. Those systems can prevent data access by the workspace admin user.

Connections with credentials:

If the data is accessed through a connection that requires a specific set of credentials, then the workspace admin can access all data available through the connection when the credentials are shared.

警告

If connection credential sharing is disabled after a connection has already been shared with credentials, then the connection remains accessible to the workspace admin and to all users who were previously shared the connection. Workspace admins created in the future also inherit this access. The sharing of a connection's credentials cannot be revoked, except by deleting the connection.

A workspace admin cannot:

  1. Modify or remove the shared credentials.

  2. Change the credential sharing on another user's connection.

If a connection with shared credentials remains after credential sharing has been disabled, you can do one of the following for the connection:

  • Edit the connection to use credentials that are safe to share with all affected users.

  • Create a duplicate connection with private credentials. Delete the old shared connection.

File-based backend storage:

Source datasets and job results that are stored on file-based backend storage systems for individual users can be accessed by the workspace admin except in the following situations:

  • If users have user-specific access controls to the storage, such as secure impersonation, the workspace admin can only access a user's data if the admin's own permissions enable it.

  • Directory permissions on user directories may prevent the workspace admin from accessing a user's data. For example, the workspace admin user can see the link to a user's job results that were written on the backend storage. However, when the workspace admin attempts to download those results, a permissions error is displayed, since the workspace admin user does not have permissions on the directory.

Relational connections:

Data is accessible under the connections with credentials limitations described above.

本节内容如下: