On January 27, 2021, Google is changing the required permissions for attaching IAM roles to service accounts. If you are using IAM roles for your Google service accounts, please see Changes to User Management.
This section provides an overview of sharing principles, limitations, and approaches.
NOTE: You cannot share with users outside of your current workspace, including any account that you may have in a different workspace.
Owners and collaborators
The following are the basic types of users of a shared object:
Typically, the owner is the original creator of the shared object. This user has maximum permissions on the object.
NOTE: There can be only one owner on an object. Only the owner or a workspace admin can delete a shared object.
|Workspace admin||All workspace admins have owner rights on all objects in the workspace.|
Any user who has been shared an object is a collaborator. A collaborator can have the one of the following permissions on the object:
The following types of objects can be shared with other workspace users:
In the collaborative approach, two or more users can work on the same flow. When a flow is shared, all flow objects are shared, including:
NOTE: A dataset that is created with parameters cannot be modified by a collaborator. It can only be modified by the owner.
- Job results
- Webhook tasks
NOTE: Sharing of data is managed at the flow level. You cannot share individual recipes or datasets from within a flow.
NOTE: You cannot share a flow with yourself.
All collaborators have access to the above objects, as long as they have permissions to the underlying sources. See below.
- Distribute the work on a flow with multiple recipes among team members for faster throughput.
- Pass recipes to others for commenting, editing, and general review.
- When stuck, share the flow with the team expert to provide guidance.
Underlying datasets: Sharing a flow does not change the permissions to the underlying data. If a user with whom a flow has been shared does not have access to the data on the datastore, the user cannot work with the flow's datasets.
- Datasets that are accessed through private connections cannot be shared, unless the connection is also shared.
- Stricter permissions sets on the datastore can adversely affect users' ability to access shared flows.
Sharing samples: Samples are not shared when a flow is shared. Users that have been shared a flow must create their own samples.When flows are shared with you, you can access them through the Shared with Me tab in the Flows page. See Flows Page.
- Use the imported datasets and references as sources in other flows accessible to the collaborator.
- Add new imported datasets.
- Remove existing imported datasets.
- Change the source of datasets.
- Edit dataset names and descriptions.
- Add new recipes.
- Edit the existing recipes, including multi-dataset operations such as union or join.
- Delete recipes.
- Copy recipes within the shared flow.
- Move recipes to the shared flow.
- Move recipes out of the shared flow.
- Run jobs.
- User can access the flow and run jobs.
- User cannot modify the flow.
Collaborator (Editor and Viewer) limitations:
Collaborators do not have the following permissions on a flow shared with them:
- Delete the flow
- Edit the name and description of the flow
- Remove the flow owner's access to the flow
- Delete imported datasets
Modify imported datasets
NOTE: Collaborators cannot modify datasets created with custom SQL.
Owners and Editors have the same permissions to edit recipes in the shared flow. In the Edit History, edits appear under the usernames of the individual contributors.
NOTE : Multiple editors cannot make changes to the same recipe at the same time.
NOTE: When a column is hidden from a dataset, it is hidden for all users.
Tip: You can review the history of changes to a recipe through the Edit History for a recipe. See Recipe Panel.
You can remove sharing access to a flow. When a flow is no longer shared with a user, that user:
- Cannot see the flow or its objects
- Cannot access them, if the user knows the location of the objects
NOTE: If a dataset from a shared flow is referenced in another flow, when sharing access is removed from the flow, the referenced dataset is still available in the other flow.
NOTE: If a flow is unshared with you, you cannot see or access the datasources for any jobs that you have already run on the flow, including any PDF profiles that you generated. You can still access the job results. This is a known issue.
When initially created, a connection is private. It is accessible only to the user who created. it.
Through the Connections page, you can share your connections with other users:
- Share connection with individual users: You can share your connection with specified workspace users.
- You can also share connections that have been shared with you.
When connections are shared with you, you can access them through the Shared with Me tab in the Connections page. See Connections Page.
When shared, private connections can be shared with or without credentials. If credentials are not shared, new users of the shared connection must supply their own credentials. Those credentials must be permitted access if access to any datasets previously imported through the connection is required.
NOTE: Password values for credentials are always masked in the user interface.
NOTE: For SSO connections, credentials are never shared.
For more information, see Connections Page.
Sharing connections through flows:
When a flow is shared, any connections associated with it are automatically shared to the specified users. If the connection is configured to do so, credentials are included, so that the new users can immediately begin using the flow.
For more information, see Flow View Page.
Plans that you create can be shared with other users. In the Plans page, select Share from a plan's context menu.
Depending on whether you created the plan, you may have the following set of privileges:
|Owner||The owner created the plan and can schedule the plan and has all editor privileges.|
A collaborator has been shared the plan as a Viewer or Editor. Privileges to the plan that are limited in the following ways:
When a plan is shared with you, you are a collaborator on the plan. A collaborator has the following capabilities based on the plan privileges assigned to your workspace role:
For more information, see Share a Plan.
This page has no comments.