Each Studio user is assigned a user role. The user role determines a user's access to features within Studio.
Studio roles are divided into Studio-wide user roles and project-specific roles. The user roles are Administrator, Power User, Restricted User, and User. These roles control access to Studio features in data sets, projects, and Studio administrative configuration. The project-specific roles are Project Author and Project Restricted User. These roles control access to project-specific configuration and project data. All Studio users have a user role, and they may also have project-specific roles that have been assigned to them individually or to any of their user groups.
Administrators can assign user roles. They also have Project Author access to all projects, which allows them to assign project roles as well.
A Studio user might have a number of assigned roles. In addition to a user role, they may have a project-specific role and belong to a user group that grants additional roles. In these cases, the highest privileges apply to each area of Studio, regardless of if these privileges have been assigned directly or inherited from a user group.
Role | Description |
---|---|
Administrator |
Administrators have full access to all features in Studio. Administrators can:
|
Power User |
Power users can:
Power users cannot:
|
User |
Users can:
Users cannot:
|
Restricted User |
This is the default user role for new users. It has the most restricted privileges and is essentially a read-only role. This is the default user role for new users. Restricted users can:
Restricted users cannot:
|
Project roles grant access privileges to project content and configuration. You can assign project roles to individual users or to user groups, and they define access to a given project regardless of a user's user role in Big Data Discovery Studio. The roles are:
Role | Description |
---|---|
Project Author |
Project authors can:
Project authors cannot:
|
Project Restricted User |
Project Restricted Users can:
Project restricted users cannot:
|
In addition to the global feature access and project level access controlled by user roles and project roles, some deployments may require access controls at the data set level. Since data sets are a fundamental component of Big Data Discovery, this requires granting or denying access to data sets on a case-by-case basis.
Access Level | Description |
---|---|
No Access (User Groups only) | The user group cannot access the data set. The data set does not show up for this user or group in the Catalog. |
Default Access (User Groups only) | The user group has default access to the data set. The "default" access level is set via the df.defaultAccessForDerivedDataSets setting on the Studio Settings page in the Control Panel. |
Read-only |
Users with Read access to a data set can
|
Read/Write |
In addition to Read permissions, users with Write access to
a data set can
|
Users have No Access to any data set uploaded from a file by another user; only the file uploader and Studio Administrators have access, and both have the Read/Write permissions level.
As an example of using these access levels, you may wish to restrict default data set access "Read-only" and assign the "Default Access" level to all non-Administrative user groups. This gives all users the ability to add data sets to a project and modify them there. You can then create a "Data Curators" group that has Read/Write access to data sets in order to configure attribute metadata and data set details globally to make it easier for your users to navigate the Catalog. The group effectively becomes an additional level of permissions on top of whatever other access its users have.