Get Started

Roles

Introduction

Secoda provides the ability to declare fine-grained access controls through Custom Roles. Some examples of roles that can be created are:

  • Table Owners should be allowed to edit documentation, but not Tags.

  • Jenny, our Data Steward, should be allowed to edit Tags for any Dashboard, but no other metadata.

  • John, a Data Analyst, should be allowed to edit the Related Resources for a specific Data Pipeline he is a downstream consumer of.

  • The Data Platform team should be allowed to manage users and groups, view platform analytics, and manage roles.

Custom Roles are only enabled for Premium and Enterprise tiers.

What is a Custom Role?

A Custom Role consists of a set of permissions (see all permissions below) that can be applied to users. There are 2 types of Permissions within Secoda:

  1. Platform Permissions

  2. Resource Permissions

Platform Permissions

Platform permissions determine who has platform-level access and management on Secoda. Examples of these permissions include

  • Managing Users & Groups

  • Viewing the Secoda Analytics

  • Managing Roles

Platform permissions consist of just permissions, e.g, "Can view Analytics". Platform permissions do not include a specific "target resource" against which the Permission applies to. Instead, they simply serve to assign specific permissions.

Resource Permissions

Resource permissions determine who can do what to which resources. For example,

  • Who can edit Tables Documentation & Related Resources?

  • Who can add Owners to a Chart?

  • Who can add Tags to a Dashboard?

A Resource Permission can be broken down into 2 parts:

  1. Resources: Which Resources that the permission applies to, e.g. "All Tables".

  2. Permissions: What actions are being permitted by a permission, e.g. "Manage Tags".

Resources

Subsets of resources can be associated with the permission by leveraging Filters. This uses the same capabilities that the filters in search, catalog, and many places in the application uses. Some examples of filters include:

  1. Resources from a specific integration, e.g, Snowflake

  2. Resources of a specific type, e.g, Tables

  3. Resources that contain a specific tag

  4. Resources that are marked as PII

Managing Roles

Policies can be managed on the page Settings > Members > Roles tab. The Roles tab will only be visible to those users having the Manage Roles privilege.

Out of the box, Secoda is deployed with a set of default Roles. The set of default roles are Viewers, Editors, and Admins.

Permissions

Each permission can enable Create, Update, View, and Delete. Managed allows for all.

Settings

Permission
Admin
Editor
Viewer

API Keys

Manage

Create

None

Billing

Manage

None

None

Import and export

Manage

Manage

None

Workspace settings

Manage

None

None

Features

Permission
Admin
Editor
Viewer

Integrations

Manage

View

None

Monitors

Manage

Manage

None

Automations

Manage

Manage

None

Analytics

Manage

Manage

None

Views

Manage

Manage

View

Questions

Manage

Manage

View

Secoda AI

Manage

View

View

DQS

Manage

View

View

Tags

Manage

Manage

View

Properties

Manage

Manage

View

Teams

Manage

View

View

User & Role Management

Permission
Admin
Editor

Users

Manage

View

View

Roles

Manage

View

View

Groups

Manage

View

View

Teams

Manage

View

View

Resource Management

Permission
Admin
Editor
Viewer

Resource

Manage

Manage

View

Lineage

Manage

Manage

View

Column Profile

Manage

Manage

View

Preview

View

View

View

Last updated