Roles

Introduction

Secoda provides the ability to declare fine-grained access controls through Custom Roles. Some examples of roles that can be created are:

  • Table Owners should be allowed to edit documentation, but not Tags.

  • Jenny, our Data Steward, should be allowed to edit Tags for any Dashboard, but no other metadata.

  • John, a Data Analyst, should be allowed to edit the Related Resources for a specific Data Pipeline he is a downstream consumer of.

  • The Data Platform team should be allowed to manage users and groups, view platform analytics, and manage roles.

Custom Roles are only enabled for Premium and Enterprise tiers.

What is a Custom Role?

A Custom Role consists of a set of permissions (see all permissions below) that can be applied to users. There are 2 types of Permissions within Secoda:

  1. Platform Permissions

  2. Resource Permissions

Platform Permissions

Platform permissions determine who has platform-level access and management on Secoda. Examples of these permissions include

  • Managing Users & Groups

  • Viewing the Secoda Analytics

  • Managing Roles

Platform permissions consist of just permissions, e.g, "Can view Analytics". Platform permissions do not include a specific "target resource" against which the Permission applies to. Instead, they simply serve to assign specific permissions.

Resource Permissions

Resource permissions determine who can do what to which resources. For example,

  • Who can edit Tables Documentation & Related Resources?

  • Who can add Owners to a Chart?

  • Who can add Tags to a Dashboard?

A Resource Permission can be broken down into 2 parts:

  1. Resources: Which Resources that the permission applies to, e.g. "All Tables".

  2. Permissions: What actions are being permitted by a permission, e.g. "Manage Tags".

Resources

Subsets of resources can be associated with the permission by leveraging Filters. This uses the same capabilities that the filters in search, catalog, and many places in the application uses. Some examples of filters include:

  1. Resources from a specific integration, e.g, Snowflake

  2. Resources of a specific type, e.g, Tables

  3. Resources that contain a specific tag

  4. Resources that are marked as PII

Managing Roles

Policies can be managed on the page Settings > Members > Roles tab. The Roles tab will only be visible to those users having the Manage Roles privilege.

Out of the box, Secoda is deployed with a set of default Roles. The set of default roles are Viewers, Editors, and Admins.

Permissions

Each permission can enable Create, Update, View, and Delete. Managed allows for all.

Settings

Permission
Description
Admin
Editor
Viewer

API Keys

Allows user to create API keys to programatically access Secoda.

Manage

Create

None

Billing

Allows user to view invoices and update payment methods.

Manage

None

None

Import and export

Allows user to export resources to CSV and import via CSV.

Manage

Manage

None

Workspace settings

Allows user to manage various workspace settings.

Manage

None

None

Features

Permission
Description
Admin
Editor
Viewer

Integrations

Allows user to manage integrations.

Manage

View

None

Monitors

Allows user to manage monitors.

Manage

Manage

None

Automations

Allows user to manage automations.

Manage

Manage

None

Analytics

Allows user to manage analytics.

Manage

Manage

None

Views

Allows user to manage views.

Manage

Manage

View

Questions

Allows user to manage questions.

Manage

Manage

View

Secoda AI

Allows user to

Manage

View

View

DQS

Manage

View

View

Tags

Manage

Manage

View

Properties

Manage

Manage

View

Teams

Manage

View

View

Lineage

Manage

Manage

View

Preview

View

View

View

Column Profile

View

View

View

User & Role Management

Permission
Admin
Editor

Users

Manage

View

View

Roles

Manage

View

View

Groups

Manage

View

View

Teams

Manage

View

View

Resource Management

Permission
Admin
Editor
Viewer

Resource

Manage

Manage

View

Last updated