Roles
Introduction
Secoda provides the ability to declare fine-grained access controls through Custom Roles. Some examples of roles that can be created are:
Table Owners should be allowed to edit documentation, but not Tags.
Jenny, our Data Steward, should be allowed to edit Tags for any Dashboard, but no other metadata.
John, a Data Analyst, should be allowed to edit the Related Resources for a specific Data Pipeline he is a downstream consumer of.
The Data Platform team should be allowed to manage users and groups, view platform analytics, and manage roles.
Custom Roles are only enabled for Premium and Enterprise tiers.
What is a Custom Role?
A Custom Role consists of a set of permissions (see all permissions below) that can be applied to users. There are 2 types of Permissions within Secoda:
Platform Permissions
Resource Permissions
Platform Permissions
Platform permissions determine who has platform-level access and management on Secoda. Examples of these permissions include
Managing Users & Groups
Viewing the Secoda Analytics
Managing Roles
Platform permissions consist of just permissions, e.g, "Can view Analytics". Platform permissions do not include a specific "target resource" against which the Permission applies to. Instead, they simply serve to assign specific permissions.
Resource Permissions
Resource permissions determine who can do what to which resources. For example,
Who can edit Tables Documentation & Related Resources?
Who can add Owners to a Chart?
Who can add Tags to a Dashboard?
A Resource Permission can be broken down into 2 parts:
Resources: Which Resources that the permission applies to, e.g. "All Tables".
Permissions: What actions are being permitted by a permission, e.g. "Manage Tags".
Resources
Subsets of resources can be associated with the permission by leveraging Filters. This uses the same capabilities that the filters in search, catalog, and many places in the application uses. Some examples of filters include:
Resources from a specific integration, e.g, Snowflake
Resources of a specific type, e.g, Tables
Resources that contain a specific tag
Resources that are marked as PII
Managing Roles
Policies can be managed on the page Settings > Members > Roles tab. The Roles tab will only be visible to those users having the Manage Roles privilege.
Out of the box, Secoda is deployed with a set of default Roles. The set of default roles are Viewers, Editors, and Admins.
Permissions
Each permission can enable Create, Update, View, and Delete. Managed allows for all.
Settings
API Keys
Allows user to create API keys to programatically access Secoda.
Manage
Create
None
Billing
Allows user to view invoices and update payment methods.
Manage
None
None
Import and export
Allows user to export resources to CSV and import via CSV.
Manage
Manage
None
Workspace settings
Allows user to manage various workspace settings.
Manage
None
None
Features
Integrations
Allows user to manage integrations.
Manage
View
None
Monitors
Allows user to manage monitors.
Manage
Manage
None
Automations
Allows user to manage automations.
Manage
Manage
None
Analytics
Allows user to manage analytics.
Manage
Manage
None
Views
Allows user to manage views.
Manage
Manage
View
Questions
Allows user to manage questions.
Manage
Manage
View
Secoda AI
Allows user to
Manage
View
View
DQS
Manage
View
View
Tags
Manage
Manage
View
Properties
Manage
Manage
View
Teams
Manage
View
View
Lineage
Manage
Manage
View
Preview
View
View
View
Column Profile
View
View
View
User & Role Management
Users
Manage
View
View
Roles
Manage
View
View
Groups
Manage
View
View
Teams
Manage
View
View
Resource Management
Resource
Manage
Manage
View
Last updated