User Roles
User roles are the most granular level of access control on the platform, determine what exactly individual users can view and do after they log in - for example, whether they can bring data onto the platform, or if they are limited to data consumption.
A single user may have multiple personas and roles, meaning that an Organization Administrator may also function as a Technical. Given this, when setting user roles, it is useful to consider what privileges teams and individuals will need to fulfil their job function and organization requirements.
Add or Remove User roles
Adding or removing users roles takes effect immediately.
Click on the Organization logo on the navigation bar.
Click on the three dots > edit user roles next to the user you want to edit.
To add user roles, drag or double click the role from Select User Roles to User Roles.
To remove user roles, drag the role from User Roles to Select User Roles.
Click Save.
Note: You must have an Organization Administrator role to perform this action.
Common User Roles
Organization Administrator: Can invite other users to the organization, define their roles and assign permissions that govern how users can interact with data. They may determine users' ability to publish data assets and products, and create default T&Cs for data products.
Subscription Administrator: Can view all products released by users and allocate, replace and expire subscriptions for users and organizations.
Ecosystem Administrator: Create organization types, invite organizations, and manage ecosystem subscription plans and T&Cs. They design the Exchange, manage categories and tags, as well as data products created by other organizations. Ecosystem Administrators can also delete data products or assets across any organization.
Product/Asset Creators: Create and manage data products/assets, as well as share management permissions for assets and products they create.
Asset Creator (no share): Users can create, use and manage assets on the platform without the ability to directly share the asset by default.
Product Administrator: Can release, delete, and manage data products within their Organization.
Asset Administrator: Can delete and manage assets within their organization.
Technicians: Responsible for adding, updating and deleting Connectors that allow data to be transferred to and from the platform.
Automation Creators: Create and manage automated tasks and code assets that streamline data workflows
Automation Administrators: Manage automated tasks that enhance the speed and efficiency of data sharing and production.
Subscription Administrators: Create, edit and expire subscriptions for products created by users in the same organization.
Secrets Administrator: Create and manage secrets on the platform, such as passwords, API keys and digital certificates.
Transformations Administrator: Create, view and manage transformations on the platform, such as those applied to exports.
Permissions
Full Permission | Permission with limited scope | No Permission |
Administrative roles
Permission | Ecosystem Administrator | Organization Administrator | Subscription Administrator | Secrets Administrator |
Manage Organization details | platform-wide | within their org | ||
Manage Organization types | ||||
Invite users | platform-wide | within their org | ||
Manage user roles | platform-wide | within their org | ||
View user profiles | ||||
View Activity Log | within their org | |||
Create Sub Plan Templates | platform-wide | within their org | ||
Manage Plan Template T&Cs | platform-wide | within their org | ||
Assign ‘managed’ Subscriptions |
| to products in their org | ||
Manage Subscriptions | platform-wide | |||
Expire Subscriptions | platform-wide | to products in their org | ||
Delete live products | platform-wide | |||
Delete unreleased product | platform-wide | |||
Create and manage secrets | platform-wide |
Asset Related roles
Permission | Technician | Asset Creator | Asset Creator (no share) | Asset Admin |
Create, edit and manage connectors | ||||
Create asset | assets they create | assets they create | ||
View and edit asset | assets they create | assets they create | all assets in org | |
Share permissions | assets they create | all assets in org | ||
Delete draft asset | assets they create | assets they create | all assets in org | |
Delete live asset | assets they create | assets they create | all assets in org | |
Add asset to product | assets they create | assets they create | all assets in org | |
Release asset | assets they create | assets they create | all assets in org |
Product Related roles
Permission | Product Creator | Product Admin |
Expire Subscriptions | all products in org | |
Delete live products | all products in org | |
Create product | products they create | |
View and edit product | products they create | all products in org |
Share Manage permissions | products they create | all products in org |
Delete unreleased product | products they create | all products in org |
Release product | all products in org |
Automation Related roles
Permission | Automation Creator | Automation Administrator | Transformations Administrator |
Create automated tasks and code assets | in their org |
| |
Manage automated tasks and code assets | tasks/code they create | in their org | |
Create, view and manage transformations | in their org |
Persona Mapping
The following illustrates the roles that are typically associated with the platform personas. This design varies depending on whether a user also has administrative responsibilities.
Platform Operator
Data Producer
Data Consumer