Identity Broker Default Roles
The AtScale Identity Broker provides a number of default realm roles that control the actions users can perform. The following table describes these roles in detail.
For information on assigning roles in the Identity Broker, see Managing Users with the Identity Broker.
| Role | Description |
|---|---|
admin | Access the AtScale Control Center, where the Identity Broker and other system configurations are managed; set global configuration properties; administer users, roles, and groups; administer runtime permissions on catalogs/models; grant or revoke the superuser_user role for other users; bypass all access control checks on catalogs/models. |
aggregates_manage | Activate/deactivate aggregates via the Aggregates page. Access to the Aggregates page requires the user to also have the aggregates_view role. |
aggregates_view | Access the Aggregates page, view aggregates. |
datawarehouses_admin | Access the Data Warehouses page; view, add, and manage the data warehouses connected to AtScale. |
default-roles-atscale | For system use only. |
designcenter_user | Access Design Center. |
impersonation_user | Impersonate other users when connecting to AtScale. This is used to configure impersonation for data warehouses, client BI tools, etc. |
offline_access | For system use only. |
queries_manage | Cancel queries via the Queries page. Access to the Queries page requires the user to also have the queries_view role. |
queries_view | Access the Queries page. |
query_dataset_api_view | Not currently in use. |
query_user | Access models from BI tools and execute queries on them. This role is automatically assigned to all users via the everyone group. |
repository_project_publish | Publish catalogs. Read access to catalog repositories requires the user to also have the repository_project_read role. |
repository_project_read | Access and view catalog repositories. |
superuser_user | Set global configuration properties; administer users, roles, and groups; administer runtime permissions on catalogs/models; grant or revoke the superuser_user role for other users; bypass all access control checks on catalogs/models.AtScale requires that you always have at least one user with the superuser_user role. |
support_logs_view | View and download support logs. |
uma_authorization | For system use only. |