In a collaborative environment, it can be helpful to be able to have multiple users work on the same assets or to create copies of good quality work to serve as templates for others. Designer Cloud Powered by Trifacta Enterprise Edition enables users to collaborate on the same flow objects or to create copies for others to use for independent work.
This section provides an overview of sharing principles, limitations, and approaches.
Sharing can be enabled and disabled through Workspace settings by a workspace administrator. To enable, set the following to Enabled
.
Sharing
For more information, see Workspace Settings Page.
Note
You cannot share with users outside of your current project or workspace, including any account that you may have in a different project or workspace.
Note
You may not be permitted to share objects with users who have not yet logged into the product.
The following are the basic types of users of a shared object:
Individual users can be assigned one or more roles. A role is a set of privileges (permissions).
For each type of shareable object, an administrator can define within a role the privileges that users have on the object type. Below, you can review the basic privilege levels and the implications on sharing:
For more information, see Roles Page.
Fine-grained sharing privileges for individual shared objects
When an object is shared, the user who is sharing the object can specify the privilege level for the target user on the shared object, which provides finer-grained access controls on individual objects:
The high-level privileges define the maximum set of privileges that you can share on an object with the target user.
Project- or workspace-level privileges on object types can be overridden for individual objects.
For example, a user with Viewer privileges on flows at the project or workspace level cannot be given Editor privileges on any individual flow.
Limitations:
Fine-grained sharing privileges apply to flows, plans, and connections only.
Users who have received changes in privileges on individual objects should log out and log in again to see those changes.
The following types of objects can be shared with other users:
In the collaborative approach, two or more users can work on the same flow. When a flow is shared, all flow objects are shared, including:
Imported datasets
Note
A dataset that is created with parameters cannot be modified by a collaborator. It can only be modified by the owner.
Recipes
Output objects
Job results
Webhook tasks
Note
Sharing of data is managed at the flow level. You cannot share individual recipes or datasets from within a flow.
Note
You cannot share a flow with yourself.
All collaborators have access to the above objects, as long as they have access to the underlying sources. See below.
Use cases:
Distribute the work on a flow with multiple recipes among team members for faster throughput.
Pass recipes to others for commenting, editing, and general review.
When stuck, share the flow with the team expert to provide guidance.
PrivilegesUnderlying datasets: Sharing a flow does not change the permissions to the underlying data. If a user with whom a flow has been shared does not have access to the data on the datastore, the user cannot work with the flow's datasets.
Datasets that are accessed through private connections cannot be shared, unless the connection is also shared.
Stricter permissions sets on the datastore can adversely affect users' ability to access shared flows.
Sharing samples: A flow's samples are not necessarily available to all users who have been shared the flow. In some cases, if a user who has been shared a flow does not have access to a recipe's sample, the user may have to collect a separate sample to view data or edit the recipe associated with the sample. To enable universal access to shared samples, you can use either of the following permissions schemes:
The default output directories for any user can be accessed by any other user. This configuration must be managed in the base storage layer.
When the sample is executed, an individual user must set his or her default output directory to a location that shared users of the flow can access.
Editor privileges:
Datasets
Use the imported datasets and references as sources in other flows accessible to the collaborator.
Add new imported datasets.
Remove existing imported datasets.
Change the source of datasets.
Edit dataset names and descriptions.
Recipes
Add new recipes.
Edit the existing recipes, including multi-dataset operations such as union or join.
Delete recipes.
Copy recipes within the shared flow.
Move recipes to the shared flow.
Move recipes out of the shared flow.
Run jobs.
Schedules
Create new schedules.
Edit schedules.
Viewer privileges:
Collaborator (Editor and Viewer) limitations:
Collaborators do not have the following privileges on a flow shared with them:
Flow
Datasets
Delete imported datasets
Modify imported datasets
Note
Collaborators cannot modify datasets created with custom SQL.
For more information on the privileges for Viewer and Editor roles, see Privileges and Roles Reference.
Editing recipesOwners and Editors have the same privileges to edit recipes in the shared flow. In the Edit History, edits appear under the usernames of the individual contributors.
Note
: Multiple editors cannot make changes to the same recipe at the same time.
Note
When a column is hidden from a dataset, it is hidden for all users.
Removing accessYou can remove sharing access to a flow. When a flow is no longer shared with a user, that user:
Note
If a dataset from a shared flow is referenced in another flow, when sharing access is removed from the flow, the referenced dataset is still available in the other flow.
Note
If a flow is unshared with you, you cannot see or access the datasources for any jobs that you have already run on the flow, including any PDF profiles that you generated. You can still access the job results. This is a known issue.
When initially created, a connection is private. It is accessible only to the user who created. it.
Through the Connections page, you can share your connections with other users:
When connections are shared with you, you can access them through the Shared with Me tab in the Connections page. See Connections Page.
Sharing credentials:
When shared, private connections can be shared with or without credentials. If credentials are not shared, new users of the shared connection must supply their own credentials. Those credentials must be permitted access if access to any datasets previously imported through the connection is required.
Note
A workspace admin has owner-level access to all connections. However, a workspace admin cannot access or use a connection's credentials if those credentials were not shared by the owner of the connection. For more information, see Workspace Admin Permissions.
Note
Password values for credentials are always masked in the user interface.
Note
For SSO connections, credentials are never shared.
Instead, the Kerberos principal of the user with whom the connection is shared is used to connect. That principal must have the appropriate permissions to access the data.
For more information, see Connections Page.
Sharing connections through flows:
When a flow is shared, any connections associated with it are automatically shared to the specified users. If the connection is configured to do so, credentials are included, so that the new users can immediately begin using the flow.
For more information on the privileges for Viewer and Editor roles, see Privileges and Roles Reference.
Plans that you create can be shared with other users. In the Plans page, select Share from a plan's context menu.
Depending on whether you created the plan, you may have the following set of privileges:
When a plan is shared with you, you are a collaborator on the plan. A collaborator has the following capabilities based on the plan privileges assigned to your role:
For more information on the privileges for Viewer and Editor privileges, see Privileges and Roles Reference.
For more information, see Share a Plan.