Skip to main content

Privileges and Roles Reference

In the Trifacta Application, you can create and assign roles, each of which consists of one or more privileges. A privilege is a level of access to a type of object.

Below, you can review the available privileges, including the supported levels for each.

For more information on privileges and roles, see Overview of Authorization.

Privileges

Flows

The flows privilege governs access to flow objects.

Access Level

Name

Description

0

none

Assigned role cannot see or use flows, including the pages where flows are available.

1

viewer

Assigned user can access Flows page and Flow View page for flows that the user owns or has been shared. User can also run jobs on the user's own flows.

User cannot make changes to any flows.

2

editor

All of the above, plus:

Assigned user can edit, share, and run jobs on flows to which the user has access.

Note

By default, editors can also schedule flows. This option can be disabled by an administrator.

Tip

Flow editors can edit any custom SQL used to import datasets into the flow.

3

author

All of the above, plus:

Assigned user can create new flows, schedule flows, and delete flows.

Tip

If you have enabled deployment management, a deployment user should be assigned author-level access. Lesser flow roles may prevent the deployment user from properly importing and managing flows. See Roles Page.

Connections

The connections privilege governs access to connection objects.

Access Level

Name

Description

0

none

Assigned role cannot see or use connections, including the pages where connections are available.

1

viewer

Assigned user can access Connections page for connections that the user owns or has been shared. User can share connections.

User cannot make changes to any connections.

2

editor

All of the above, plus:

Assigned user can edit and share connections to which the user has access.

3

author

All of the above, plus:

Assigned user can create new connections and delete connections.

Plans

The plans privilege manages access to plan objects.

Access Level

Name

Description

0

none

Assigned role cannot see or use plans, including the pages where plans are available.

1

viewer

Assigned user can access Plans page and Plan View page for plans that the user owns or has been shared.

User can also run jobs on the user's own plans.

User can cancel plan runs.

2

editor

All of the above, plus:

Assigned user can edit, share, and run jobs on plans to which the user has access.

Note

By default, editors can also schedule plans. This option can be disabled by an administrator.

3

author

All of the above, plus:

Assigned user can create new plans, schedule plans, and delete plans.

Standard Roles

The following roles are provided with the product.

Note

The following roles cannot be removed.

default

The default role is assigned to each user when the user is initially created. This role contains the following permissions:

Privilege

Access Level/Name

Flows

3 - author

Connections

3 - author

Plans

3 - author

User defined functions

3 - author

Tip

You can modify the default role if you want to set a lower level of base access for each new user of the product. For more information, see Overview of Authorization.

Workspace admin

This role provides super-user privileges to the assigned user.

Note

This role enables for the user owner-level access to all objects in the project or workspace and access to all admin-level settings and configuration pages in the admin console. This role should not be assigned to many users. At least one user should always have this role.

Note

You cannot modify or delete this role.