Page tree

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Published by Scroll Versions from space DEV and version r094

D toc

D s ed
rtrue
editionsawsent,awspro,awspr, gdpent,gdppro,gdppr

Excerpt

In the

D s webapp
rtrue
, you can create and assign roles, each of which consists of one or more privileges. A privilege is a level of access to a type of object, such as flows. 

Below, you can review the available privileges, including the supported levels for each.

For more information on privileges and roles, see Overview of Authorization.

Privileges

Flows

The flows privilege governs access to flow objects. 

Access LevelNameDescription
0noneAssigned role cannot see or use flows, including the pages where flows are available.
1viewer

Assigned user can access Flows page and Flow View page for flows that the user owns or has been shared. User can also run jobs on the user's own flows.

User cannot make changes to any flows.

2editor

All of the above, plus:

Assigned user can edit, share, and run jobs on flows to which the user has access.

Info

NOTE: By default, editors can also schedule flows. This option can be disabled by an administrator.

3author

All of the above, plus:

Assigned user can create new flows, schedule flows, and delete flows.

Connections

D s ed
rtrue
editionsawsent,awspro,awspr, gdpent,gdppro,gdppr

The connections privilege governs access to connection objects.

Access LevelNameDescription
0noneAssigned role cannot see or use connections, including the pages where connections are available.
1viewer

Assigned user can access Connections page for connections that the user owns or has been shared. User can share connections.

User cannot make changes to any connections.

2editor

All of the above, plus:

Assigned user can edit and share connections to which the user has access.

3author

All of the above, plus:

Assigned user can create new connections and delete connections.

Plans

D s ed
rtrue
editionsawsent,awspro,awspr, gdpent,gdppro,gdppr

The plans privilege manages access to plan objects.

Access LevelNameDescription
0noneAssigned role cannot see or use plans, including the pages where plans are available.
1viewer

Assigned user can access Plans page and Plan View page for plans that the user owns or has been shared. User can also run jobs on the user's own plans.

User cannot make changes to any plans.

2editor

All of the above, plus:

Assigned user can edit, share, and run jobs on plans to which the user has access.

Info

NOTE: By default, editors can also schedule plans. This option can be disabled by an administrator.

3author

All of the above, plus:

Assigned user can create new plans, schedule plans, and delete plans.

User defined functions

The User defined functions privilege manages access to user-defined functions and their UI pages in the application.

Access LevelNameDescription
0none

Assigned role cannot see or use UDFs, including the pages where they are available.

  • Cannot see or use User Defined Functions page.
  • Cannot see or use UDFs in the Transform Builder.
  • Recipe steps with UDFs are invalid due to no access.
1viewer

Assigned user can access User Defined Functions page and UDFs in them. User can also see and access UDFs through the Transform Builder.

  • Cannot create, edit, duplicate, or delete UDFs.
2editor

All of the above, plus:

Assigned user can edit code and signature of UDFs to which the user has access.

3author

All of the above, plus:

Assigned user can create new UDFs and delete UDFs owned by the user.

Info

NOTE: By default, the default role includes author level access.


Standard Roles

The following roles are provided with the product.

Info

NOTE: The following roles cannot be removed.

default

The default role is assigned to each user when the user is initially created. This role contains the following permissions:

PrivilegeAccess Level/Name
Flows3 - author
Connections3 - author
Plans3 - author
User defined functions3 - author
Tip

Tip: You can modify the default role if you want to set a lower level of base access for each new user of the product. For more information, see Overview of Authorization.

Dataprep admin

This role provides super-user privileges to the assigned user.

Info

NOTE: This role enables for the user owner-level access to all objects in the project or workspace and access to all admin-level settings and configuration pages in the admin console. This role should not be assigned to many users. At least one user should always have this role.

Info

NOTE: The project owner is automatically granted the Dataprep admin role. This role can be assigned to non-project owners. It grants a project user all of the privileges of the project owner within

D s product
. If the Dataprep admin role is un-assigned to a project owner, it is automatically granted back to the project owner on next login.

Info

NOTE: You cannot modify or delete this role.

D s also
inCQLtrue
label((label = "admin_ui") AND (label = "role"))