This section provides an overview of sharing principles, limitations, and approaches.
NOTE: You cannot share with users outside of your current project or workspace, including any account that you may have in a different project or workspace.
NOTE: You may not be permitted to share objects with users who have not yet logged into the product.
Owners and collaborators
The following are the basic types of users of a shared object:
Typically, the owner is the original creator of the shared object. This user has maximum permissions on the object.
NOTE: There can be only one owner on an object. Only the owner or a workspace admin can delete a shared object.
Any user who has been shared an object is a collaborator. A collaborator can have the one of the following permissions on the object:
Role by object type
Individual users can be assigned one or more roles. A role is a set of privileges (permissions).
For each type of shareable object, an administrator can define within a role the privileges that users have on the object type. Below, you can review the basic privilege levels and the implications on sharing:
|Privilege||Description||If object shared, default privileges on the object|
|Author||Assigned user can create and delete new objects of this type.||Editor|
|Editor||Assigned user can modify objects of this type with limitations. See below.||Editor|
|Viewer||Assigned user has read-only access to this type of object.||Viewer|
For more information, see Roles Page.
Fine-grained sharing privileges for individual shared objects
When an object is shared, the user who is sharing the object can specify the privilege level for the target user on the shared object, which provides finer-grained access controls on individual objects:
- The high-level privileges define the maximum set of privileges that you can share on an object with the target user.
- Project- or workspace-level privileges on object types can be overridden for individual objects.
- For example, a user with Viewer privileges on flows at the project or workspace level cannot be given Editor privileges on any individual flow.
- Fine-grained sharing privileges apply to flows, plans, and connections only.
- Users who have received changes in privileges on individual objects should log out and log in again to see those changes.
The following types of objects can be shared with other users:
In the collaborative approach, two or more users can work on the same flow. When a flow is shared, all flow objects are shared, including:
NOTE: A dataset that is created with parameters cannot be modified by a collaborator. It can only be modified by the owner.
- Output objects
- If available, any output SQL scripts are also shared.
- Job results
- Webhook tasks
NOTE: Sharing of data is managed at the flow level. You cannot share individual recipes or datasets from within a flow.
NOTE: You cannot share a flow with yourself.
All collaborators have access to the above objects, as long as they have access to the underlying sources. See below.
- Distribute the work on a flow with multiple recipes among team members for faster throughput.
- Pass recipes to others for commenting, editing, and general review.
- When stuck, share the flow with the team expert to provide guidance.
Underlying datasets: Sharing a flow does not change the permissions to the underlying data. If a user with whom a flow has been shared does not have access to the data on the datastore, the user cannot work with the flow's datasets.
- Datasets that are accessed through private connections cannot be shared, unless the connection is also shared.
- Stricter permissions sets on the datastore can adversely affect users' ability to access shared flows.
Sharing samples: Samples are not shared when a flow is shared. Users that have been shared a flow must create their own samples.Editor privileges:
- Use the imported datasets and references as sources in other flows accessible to the collaborator.
- Add new imported datasets.
- Remove existing imported datasets.
- Change the source of datasets.
- Edit dataset names and descriptions.
- Add new recipes.
- Edit the existing recipes, including multi-dataset operations such as union or join.
- Delete recipes.
- Copy recipes within the shared flow.
- Move recipes to the shared flow.
- Move recipes out of the shared flow.
- Run jobs.
- Create new schedules.
- Edit schedules.
- User can access the flow and run jobs.
- User cannot modify the flow.
- Create new schedules.
- Edit schedules.
Collaborator (Editor and Viewer) limitations:
Collaborators do not have the following privileges on a flow shared with them:
- Delete the flow
- Edit the name and description of the flow
- Remove the flow owner's access to the flow
- Delete imported datasets
Modify imported datasets
NOTE: Collaborators cannot modify datasets created with custom SQL.
Owners and Editors have the same privileges to edit recipes in the shared flow. In the Edit History, edits appear under the usernames of the individual contributors.
NOTE : Multiple editors cannot make changes to the same recipe at the same time.
NOTE: When a column is hidden from a dataset, it is hidden for all users.
You can remove sharing access to a flow. When a flow is no longer shared with a user, that user:
- Cannot see the flow or its objects
- Cannot access them, if the user knows the location of the objects
NOTE: If a dataset from a shared flow is referenced in another flow, when sharing access is removed from the flow, the referenced dataset is still available in the other flow.
NOTE: If a flow is unshared with you, you cannot see or access the datasources for any jobs that you have already run on the flow, including any PDF profiles that you generated. You can still access the job results. This is a known issue.
When initially created, a connection is private. It is accessible only to the user who created. it.
Through the Connections page, you can share your connections with other users:
- Share connection with individual users: You can share your connection with specified users.
- You can also share connections that have been shared with you.
When connections are shared with you, you can access them through the Shared with Me tab in the Connections page. See Connections Page.
When shared, private connections can be shared with or without credentials. If credentials are not shared, new users of the shared connection must supply their own credentials. Those credentials must be permitted access if access to any datasets previously imported through the connection is required.
NOTE: Password values for credentials are always masked in the user interface.
NOTE: For SSO connections, credentials are never shared.
Sharing connections through flows:
When a flow is shared, any connections associated with it are automatically shared to the specified users. If the connection is configured to do so, credentials are included, so that the new users can immediately begin using the flow.
For more information on the privileges for Viewer and Editor roles, see Privileges and Roles Reference.
Plans that you create can be shared with other users. In the Plans page, select Share from a plan's context menu.
Depending on whether you created the plan, you may have the following set of privileges:
|Owner||The owner created the plan and can schedule the plan and has all editor privileges.|
A collaborator has been shared the plan as a Viewer or Editor. Privileges to the plan that are limited in the following ways:
When a plan is shared with you, you are a collaborator on the plan. A collaborator has the following capabilities based on the plan privileges assigned to your role:
For more information on the privileges for Viewer and Editor privileges, see Privileges and Roles Reference.
For more information, see Share a Plan.
This page has no comments.