Permissions List
Permissions List
DATA CATEGORIES
| Privilege | Description |
|---|---|
| VIEWER | Users can view concepts and attributes defined in the logical model. They can also access Logical Namespaces, Ontologies Graph, Logical Relations, Logical Predicates, and export RDF files from the Namespace detail page. |
| EDITOR | Users can edit concepts and attributes defined in the logical model / ontologies, and can create, edit, and delete relationships between them, even from the ontologies graph editor. Can also edit Logical Predicates |
| ADMIN | Users can create and delete concepts and attributes in the logical model. Additionally, they can add and remove concepts even from the Ontologies Graph, create and delete Logical Namespaces, import ontologies from RDF files, and delete Logical Predicates. |
SYSTEMS
| Privilege | Description |
|---|---|
| VIEWER | Users can see all systems, along with all physical entities and fields. |
| EDITOR | Users can edit the physical metadata. Users can create and delete metadata within an already defined system. If also AGENTS_EDITOR, users can define, test, and manage crawling jobs. |
| ADMIN | Users can create or delete systems. |
CLASSIFICATION
| Privilege | Description |
|---|---|
| VIEWER | Users can view rules, dictionaries, and assignments within the Data Classification module. |
| EDITOR | Users can create, edit, and delete rules, dictionaries, and assignments within the Data Classification module. |
QUALITY
| Privilege | Description |
|---|---|
| VIEWER | Users can view the resources and dashboards related to the Data Quality module: Key Quality Indicators (test suites, quality checks, and quality results) |
| EDITOR | Users can edit, create, and delete quality checks and add quality results. |
| ADMIN | Users can create, edit, and delete test suites and delete entered results. |
PROBES
| Privilege | Description |
|---|---|
| VIEWER | Users can view projects, connections, and data quality control probes. |
| EDITOR | Users can create, edit, and delete projects, connections, probes, and tags within projects. If also AGENTS_EDITOR, users can test probes and projects and schedule the periodic execution of the projects. |
QUALITY ASSESSMENT
| Privilege | Description |
|---|---|
| VIEWER | Users can view all risk information and related dashboards. Users can view the list of risk definitions, risk assessments on physical entities, and their mitigations on quality checks. Users can also access analytics dashboards and export data. |
| EDITOR | Users can edit and add risk assessments on physical fields and quality checks. |
| ADMIN | Users can edit the configuration for the quality assessment framework and create, edit, and delete risks. |
PROCESSINGS
| Privilege | Description |
|---|---|
| VIEWER | Users can see processing, use registry templates, see archives, their records, and download |
| EDITOR | Users can write directly on the processing (creation, modification, deletion). |
| ADMIN | Users can create and edit registry templates, write and edit registry archives, and generate a new archive record. |
TASKS
| Privilege | Description |
|---|---|
| VIEWER | Users can view tasks and task templates |
| EDITOR | Users can write directly on tasks (creation, modification, deletion). |
| ADMIN | Users can write (creation, modification, cancellation) on the task templates. |
DATA ACTORS
| Privilege | Description |
|---|---|
| VIEWER | Users can view the list of data actors defined within the tenant |
| EDITOR | Users can edit or delete a data actor |
STEWARDSHIP
| Privilege | Description |
|---|---|
| VIEWER | Users can view roles, role assignments, and resource responsibilities within the tenant. |
| EDITOR | Users can associate users with roles and assign and terminate responsibilities on objects. |
| ADMIN | Users can also create and edit roles, permanently remove object responsibilities, turn stewardship-based ACL on and off, and bypass ACL checks for bulk changes via API or CSV import. |
PROPOSE
| Privilege | Description |
|---|---|
| VIEWER | Users can submit modification and creation proposals for assets that support the feature. |
APPROVE
| Privilege | Description |
|---|---|
| VIEWER | Users can see the submitted change proposals, review them, and approve or reject them. |
QUERY PARSER
| Privilege | Description |
|---|---|
| VIEWER | Users can see all the buckets and statements contained inside |
| EDITOR | Users can create, modify, and delete buckets and statements. Users can also reanalyze the resulting graph. |
CAMPAIGNS
| Privilege | Description |
|---|---|
| VIEWER | Users can see all resources and dashboards related to campaigns and issues. Users can change the progress of an issue if it has been assigned to them. |
| EDITOR | Users can create, edit content and progress, and delete issues within campaigns or not related to any campaign. If the campaign is private, only the owner can interact with the issues within it. |
| ADMIN | Users can create, edit, and delete campaigns. |
DATA SUBJECTS
| Privilege | Description |
|---|---|
| VIEWER | Users can see all the data subjects whose data have been recorded on Blindata through consents and information |
| EDITOR | Users can modify the data of the registered data subjects. |
| ADMIN | Users can add or delete data subjects. |
CONSENTS
| Privilege | Description |
|---|---|
| VIEWER | Users can see all consents that a data subject has given |
| ADMIN | Users can add or delete consents of a data subject |
CONTRACTS
| Privilege | Description |
|---|---|
| VIEWER | Users can view the contracts defined within a tenant |
| EDITOR | Users can edit the contracts defined within a tenant. |
| ADMIN | Users can add or delete contracts defined within a tenant. |
USERS
| Privilege | Description |
|---|---|
| VIEWER | Users can see the list of users associated with tenants whose users they have permission to view |
| EDITOR | Users can modify users, reset the password, and modify the permissions of users whose default tenants are those tenants for which they have permission to modify users. Users can also create and edit teams and related policies. |
| ADMIN | Users can create, delete, and associate tenants to users whose default tenants are those tenants for which they have user administration permission. |
OPERATOR
| Privilege | Description |
|---|---|
| VIEWER | Users can use the APIs dedicated to instance maintenance. |
AGENTS
| Privilege | Description |
|---|---|
| VIEWER | Users can view all information relating to agents, external connections, and schedules (including execution results). |
| EDITOR | Users can test the connections. Users can run jobs on the fly. |
| ADMIN | Users can create, edit, and delete job schedules. Users can configure new agents and external connections. Users can interrupt and stop running jobs. |
DATA PRODUCTS
| Privilege | Description |
|---|---|
| VIEWER | Users can view all information relating to data products, data product domains, data product ports. User can view all Data Products related to Concepts, Physical Entities and Attributes |
| EDITOR | Users can create, edit and delete data products, data product ports and data product domains. |
PROFILING
| Privilege | Description |
|---|---|
| VIEWER | Users can view metrics, metric anomalies, metric incidents and metric monitors. |
| EDITOR | Users can create, edit, and delete metrics, metric anomalies, metric incidents and metric monitors. Users can also create metric records and upload metric records CSV. |
GOVERNANCE POLICY
| Privilege | Description |
|---|---|
| VIEWER | Users can view governance policies, policy adoptions, evaluations and policy implementations. |
| EDITOR | Users can create, edit, and delete governance policies, policy adoptions, evaluations and policy implementations. Users can also upload policy evaluations. |
DATAOPS
| Privilege | Description |
|---|---|
| VIEWER | Users with this role can view data products and their versions as defined on the ODM Platform. They can also access policy implementations, but only if they also hold the GOVERNANCE_POLICIES_ADMIN permission. |
| EDITOR | Users can instantiate blueprints, create new data products in the ODM Platform from Blindata, plan activities for specific data product versions, start activities, and publish new data product versions. However, they must also have the following permissions: BLUEPRINTS_EDITOR and DATA_PRODUCTS_EDITOR to instantiate blueprints. |
| ADMIN | Users have full control over governance policies and their implementation within Blindata and the ODM platform (Users must be GOVERNANCE_POLICIES_ADMIN too). They can deploy, modify, and delete policies, align policy implementations between platforms, and manage agents and schedules for execution. This role ensures compliance with operational standards and provides full authority to maintain data governance processes effectively. |
BLUEPRINTS
| Privilege | Description |
|---|---|
| VIEWER | Users can view blueprints and access their details and parameters. They can navigate the blueprint details page and explore associated resources. |
| EDITOR | Users can instantiate blueprints, provided they also have the following permissions: DATAOPS_EDITOR and DATA_PRODUCTS_EDITOR. |
| ADMIN | Users can create, delete and modify Blueprints . |