This section provides an overview of sharing principles, limitations, and approaches.
Sharing can be enabled and disabled through Workspace settings by a workspace administrator. To enable, set the following to
For more information, see Workspace Settings Page.
NOTE: You cannot share with users outside of your current workspace, including any account that you may have in a different workspace.
Owners and collaborators
The following are the basic types of users of a shared object:
Typically, the owner is the original creator of the shared object. This user has maximum permissions on the object.
NOTE: There can be only one owner on an object. Only the owner or a workspace admin can delete a shared object.
|Workspace admin||All workspace admins have owner rights on all objects in the workspace.|
Any user who has been shared an object is a collaborator. A collaborator can have the one of the following permissions on the object:
Workspace role by object type
Individual users can be assigned one or more workspace roles. A role is a set of permissions.
For each type of shareable object, a workspace administrator can define within a role the permissions that workspace users have on the object type. Below, you can review the workspace level permissions and the implications on sharing:
|Workspace Permission||Description||If object shared, default permissions on the object|
|Author||Assigned user can create and delete new objects of this type in the workspace.||Editor|
|Editor||Assigned user can modify objects of this type with limitations. See below.||Editor|
|Viewer||Assigned user has read-only access to this type of object.||Viewer|
For more information, see Workspace Roles Page.
Fine-grained sharing privileges for individual shared objects
When an object is shared, the user who is sharing the object can specify the privilege level for the target user on the shared object, which provides finer-grained access controls on individual objects:
- Workspace-level privileges on object types can be overridden for individual objects.
- The workspace-level privileges define the maximum set of privileges that you can share on an object with the target user.
- For example, a user with Viewer privileges on flows at the workspace level cannot be given Editor privileges on any individual flow.
- Fine-grained sharing privileges apply to flows and connections only.
- Users who have received changes in privileges on individual objects should log out and log in again to see those changes.
The following types of objects can be shared with other workspace users:
In the collaborative approach, two or more users can work on the same flow. When a flow is shared, all flow objects are shared, including:
NOTE: A dataset that is created with parameters cannot be modified by a collaborator. It can only be modified by the owner.
- Job results
- Webhook tasks
NOTE: Sharing of data is managed at the flow level. You cannot share individual recipes or datasets from within a flow.
NOTE: You cannot share a flow with yourself.
All collaborators have access to the above objects, as long as they have access to the underlying sources. See below.
- Distribute the work on a flow with multiple recipes among team members for faster throughput.
- Pass recipes to others for commenting, editing, and general review.
- When stuck, share the flow with the team expert to provide guidance.
Underlying datasets: Sharing a flow does not change the permissions to the underlying data. If a user with whom a flow has been shared does not have access to the data on the datastore, the user cannot work with the flow's datasets.
- Datasets that are accessed through private connections cannot be shared, unless the connection is also shared.
- Stricter permissions sets on the datastore can adversely affect users' ability to access shared flows.
Sharing samples: A flow's samples are not necessarily available to all users who have been shared the flow. In some cases, if a user who has been shared a flow does not have access to a recipe's sample, the user may have to collect a separate sample to view data or edit the recipe associated with the sample. To enable universal access to shared samples, you can use either of the following permissions schemes:
- The default output directories for any user can be accessed by any other user. This configuration must be managed in the base storage layer.
- When the sample is executed, an individual user must set his or her default output directory to a location that shared users of the flow can access.
When flows are shared with you, you can access them through the Shared with Me tab in the Flows page. See Flows Page.
- Use the imported datasets and references as sources in other flows accessible to the collaborator.
- Add new imported datasets.
- Remove existing imported datasets.
- Change the source of datasets.
- Edit dataset names and descriptions.
- Add new recipes.
- Edit the existing recipes, including multi-dataset operations such as union or join.
- Delete recipes.
- Copy recipes within the shared flow.
- Move recipes to the shared flow.
- Move recipes out of the shared flow.
- Run jobs.
- User can access the flow and run jobs.
- User cannot modify the flow.
Collaborator (Editor and Viewer) limitations:
Collaborators do not have the following privileges on a flow shared with them:
- Delete the flow
- Edit the name and description of the flow
- Remove the flow owner's access to the flow
- Delete imported datasets
Modify imported datasets
NOTE: Collaborators cannot modify datasets created with custom SQL.
For more information on the privileges for Viewer and Editor roles, see Privileges and Roles Reference.
Owners and Editors have the same privileges to edit recipes in the shared flow. In the Edit History, edits appear under the usernames of the individual contributors.
NOTE : Multiple editors cannot make changes to the same recipe at the same time.
NOTE: When a column is hidden from a dataset, it is hidden for all users.
Tip: You can review the history of changes to a recipe through the Edit History for a recipe. See Recipe Panel.
You can remove sharing access to a flow. When a flow is no longer shared with a user, that user:
- Cannot see the flow or its objects
- Cannot access them, if the user knows the location of the objects
NOTE: If a dataset from a shared flow is referenced in another flow, when sharing access is removed from the flow, the referenced dataset is still available in the other flow.
NOTE: If a flow is unshared with you, you cannot see or access the datasources for any jobs that you have already run on the flow, including any PDF profiles that you generated. You can still access the job results. This is a known issue.
When initially created, a connection is private. It is accessible only to the user who created. it.
Through the Connections page, you can share your connections with other users:
- Share connection with individual users: You can share your connection with specified workspace users.
- You can also share connections that have been shared with you.
Make connection public: Public connections are available for use by all users.
NOTE: Only a workspace admin can make connections public. After a connection has been made public, it cannot be made private again. You must delete and recreate the connection.
When connections are shared with you, you can access them through the Shared with Me tab in the Connections page. See Connections Page.
When shared, private connections can be shared with or without credentials. If credentials are not shared, new users of the shared connection must supply their own credentials. Those credentials must be permitted access if access to any datasets previously imported through the connection is required.
NOTE: A workspace admin has owner-level access to all connections. However, a workspace admin cannot access or use a connection's credentials if those credentials were not shared by the owner of the connection. For more information, see Workspace Admin Permissions.
NOTE: Password values for credentials are always masked in the user interface.
NOTE: For SSO connections, credentials are never shared.Instead, the Kerberos principal of the user with whom the connection is shared is used to connect. That principal must have the appropriate permissions to access the data.
For more information, see Connections Page.
Sharing connections through flows:
When a flow is shared, any connections associated with it are automatically shared to the specified users. If the connection is configured to do so, credentials are included, so that the new users can immediately begin using the flow.
For more information, see Flow View Page.For more information on the privileges for Viewer and Editor roles, see Privileges and Roles Reference.
Plans that you create can be shared with other users. In the Plans page, select Share from a plan's context menu.
Depending on whether you created the plan, you may have the following set of privileges:
|Owner||The owner created the plan and can schedule the plan and has all editor privileges.|
A collaborator has been shared the plan as a Viewer or Editor. Privileges to the plan that are limited in the following ways:
When a plan is shared with you, you are a collaborator on the plan. A collaborator has the following capabilities based on the plan privileges assigned to your workspace role:
For more information, see Share a Plan.
This page has no comments.