Skip to main content

Overview of Sharing

In a collaborative environment, it can be helpful to be able to have multiple users work on the same assets or to create copies of good quality work to serve as templates for others. Designer Cloud Powered by Trifacta Enterprise Edition enables users to collaborate on the same flow objects or to create copies for others to use for independent work.

This section provides an overview of sharing principles, limitations, and approaches.

Enable

Sharing can be enabled and disabled through Workspace settings by a workspace administrator. To enable, set the following to Enabled.

Sharing

For more information, see Workspace Settings Page.

Sharing Model

Note

You cannot share with users outside of your current project or workspace, including any account that you may have in a different project or workspace.

Note

You may not be permitted to share objects with users who have not yet logged into the product.

Owners and collaborators

The following are the basic types of users of a shared object:

User Type

Description

Owner

Typically, the owner is the original creator of the shared object. This user has maximum permissions on the object.

Note

There can be only one owner on an object. Only the owner or a workspace admin can delete a shared object.

Workspace admin

All workspace admins have owner rights on all objects in the workspace.

Collaborator

Any user who has been shared an object is a collaborator. A collaborator can have the one of the following permissions on the object:

  • Editor

  • Viewer

See below.

Role by object type

Individual users can be assigned one or more roles. A role is a set of privileges (permissions).

For each type of shareable object, an administrator can define within a role the privileges that users have on the object type. Below, you can review the basic privilege levels and the implications on sharing:

Privilege

Description

If object shared, default privileges on the object

Author

Assigned user can create and delete new objects of this type.

Editor

Editor

Assigned user can modify objects of this type with limitations. See below.

Editor

Viewer

Assigned user has read-only access to this type of object.

Viewer

For more information, see Roles Page.

Fine-grained sharing privileges for individual shared objects

When an object is shared, the user who is sharing the object can specify the privilege level for the target user on the shared object, which provides finer-grained access controls on individual objects:

  • The high-level privileges define the maximum set of privileges that you can share on an object with the target user.

  • Project- or workspace-level privileges on object types can be overridden for individual objects.

  • For example, a user with Viewer privileges on flows at the project or workspace level cannot be given Editor privileges on any individual flow.

Limitations:

  • Fine-grained sharing privileges apply to flows, plans, and connections only.

  • Users who have received changes in privileges on individual objects should log out and log in again to see those changes.

Shareable Objects

The following types of objects can be shared with other users:

  • Flows

  • Connections

  • Plans

Sharing Flows

In the collaborative approach, two or more users can work on the same flow. When a flow is shared, all flow objects are shared, including:

  • Imported datasets

    Note

    A dataset that is created with parameters cannot be modified by a collaborator. It can only be modified by the owner.

  • Recipes

  • Output objects

    • If available, any output SQL scripts are also shared.

  • Job results

  • Webhook tasks

Note

Sharing of data is managed at the flow level. You cannot share individual recipes or datasets from within a flow.

Note

You cannot share a flow with yourself.

All collaborators have access to the above objects, as long as they have access to the underlying sources. See below.

Use cases:

  • Distribute the work on a flow with multiple recipes among team members for faster throughput.

  • Pass recipes to others for commenting, editing, and general review.

  • When stuck, share the flow with the team expert to provide guidance.

Privileges

Underlying datasets: Sharing a flow does not change the permissions to the underlying data. If a user with whom a flow has been shared does not have access to the data on the datastore, the user cannot work with the flow's datasets.

  • Datasets that are accessed through private connections cannot be shared, unless the connection is also shared.

  • Stricter permissions sets on the datastore can adversely affect users' ability to access shared flows.

Sharing samples: A flow's samples are not necessarily available to all users who have been shared the flow. In some cases, if a user who has been shared a flow does not have access to a recipe's sample, the user may have to collect a separate sample to view data or edit the recipe associated with the sample. To enable universal access to shared samples, you can use either of the following permissions schemes:

  1. The default output directories for any user can be accessed by any other user. This configuration must be managed in the base storage layer.

  2. When the sample is executed, an individual user must set his or her default output directory to a location that shared users of the flow can access.

Editor privileges:

  • Datasets

    • Use the imported datasets and references as sources in other flows accessible to the collaborator.

    • Add new imported datasets.

    • Remove existing imported datasets.

    • Change the source of datasets.

    • Edit dataset names and descriptions.

  • Recipes

    • Add new recipes.

    • Edit the existing recipes, including multi-dataset operations such as union or join.

    • Delete recipes.

    • Copy recipes within the shared flow.

    • Move recipes to the shared flow.

    • Move recipes out of the shared flow.

    • Run jobs.

  • Schedules

    • Create new schedules.

    • Edit schedules.

Viewer privileges:

  • User can access the flow and run jobs.

  • User cannot modify the flow.

  • Schedules

    • Create new schedules.

    • Edit schedules.

Collaborator (Editor and Viewer) limitations:

Collaborators do not have the following privileges on a flow shared with them:

  • Flow

    • Delete the flow

    • Edit the name and description of the flow

    • Remove the flow owner's access to the flow

  • Datasets

    • Delete imported datasets

    • Modify imported datasets

      Note

      Collaborators cannot modify datasets created with custom SQL.

For more information on the privileges for Viewer and Editor roles, see Privileges and Roles Reference.

Editing recipes

Owners and Editors have the same privileges to edit recipes in the shared flow. In the Edit History, edits appear under the usernames of the individual contributors.

Note

: Multiple editors cannot make changes to the same recipe at the same time.

Note

When a column is hidden from a dataset, it is hidden for all users.

Removing access

You can remove sharing access to a flow. When a flow is no longer shared with a user, that user:

  • Cannot see the flow or its objects

  • Cannot access them, if the user knows the location of the objects

Note

If a dataset from a shared flow is referenced in another flow, when sharing access is removed from the flow, the referenced dataset is still available in the other flow.

Note

If a flow is unshared with you, you cannot see or access the datasources for any jobs that you have already run on the flow, including any PDF profiles that you generated. You can still access the job results. This is a known issue.

Share Connections

When initially created, a connection is private. It is accessible only to the user who created. it.

Through the Connections page, you can share your connections with other users:

  • Share connection with individual users: You can share your connection with specified users.

    • You can also share connections that have been shared with you.

  • Make connection public: Public connections are available for use by all users.

    Note

    Only an admin can make connections public. After a connection has been made public, it cannot be made private again. You must delete and recreate the connection.

When connections are shared with you, you can access them through the Shared with Me tab in the Connections page. See Connections Page.

Sharing credentials:

When shared, private connections can be shared with or without credentials. If credentials are not shared, new users of the shared connection must supply their own credentials. Those credentials must be permitted access if access to any datasets previously imported through the connection is required.

Note

A workspace admin has owner-level access to all connections. However, a workspace admin cannot access or use a connection's credentials if those credentials were not shared by the owner of the connection. For more information, see Workspace Admin Permissions.

Note

Password values for credentials are always masked in the user interface.

Note

For SSO connections, credentials are never shared.

Instead, the Kerberos principal of the user with whom the connection is shared is used to connect. That principal must have the appropriate permissions to access the data.

For more information, see Connections Page.

Sharing connections through flows:

When a flow is shared, any connections associated with it are automatically shared to the specified users. If the connection is configured to do so, credentials are included, so that the new users can immediately begin using the flow.

For more information on the privileges for Viewer and Editor roles, see Privileges and Roles Reference.

Share Plans

Plans that you create can be shared with other users. In the Plans page, select Share from a plan's context menu.

Depending on whether you created the plan, you may have the following set of privileges:

You are

Privileges

Owner

The owner created the plan and can schedule the plan and has all editor privileges.

Collaborator

A collaborator has been shared the plan as a Viewer or Editor. Privileges to the plan that are limited in the following ways:

  • Collaborators cannot delete plans that have been shared with them.

  • Collaborator access to the plan may be further filtered based on assignments at the project or workspace level. See below.

When a plan is shared with you, you are a collaborator on the plan. A collaborator has the following capabilities based on the plan privileges assigned to your role:

Plan Privilege

Description

Author

  • Create plans.

  • Delete plans that you create.

  • All Editor privileges.

Editor

  • Edit parameters in entitled plans

  • Manage email notifications on entitled plans

  • Update entitled plans names and descriptions

  • Share entitled plans

  • All Viewer privileges.

Viewer

  • View and run entitled plans

  • View runs and jobs from entitled plans

  • Export entitled plans

For more information on the privileges for Viewer and Editor privileges, see Privileges and Roles Reference.

For more information, see Share a Plan.