Creating and Editing Roles
Before users can do anything in an organization, they must be assigned roles. A role is a grouping of system permissions, allowing you to grant a number of system permissions at a time to users who will have particular functions within an organization.
Before you begin
You must be logged into AtScale as a super user or as an administrator for the organization in which you plan to create and edit roles.
About this task
System permissions differ from design-time and runtime permissions. System permissions are associated with user roles. Design-time and runtime permissions are set on a per-project or per-cube basis, and are granted to groups or individual users.
To read, update, delete, or publish a project or cube, non-super users must have those permissions both on the system level and the design-time level. For example, you can assign a user to a role that has the "Edit Projects" system permission, but prevent them from updating a particular project by revoking the project's "Project Update" design-time permission from that user.
For more information on design-time and runtime permissions, see the following topics:
- Granting Design-Time Permissions on Projects to Individual Users
- Granting Design-Time and Runtime Permissions on Cubes to Individual Users
AtScale has the following system permissions that can be associated with a role:
Permission | Allowed Actions |
---|---|
Login | Log into AtScale Design Center View your user profile |
Administer Organizations | Manage users, groups, and roles in assigned organization Manage runtime and design permissions on projects and cubes Configure organization properties and settings Bypass all access control checks on projects and cubes in assigned organization |
Runtime User Settings | Allows the user to change their own runtime user settings. If disabled, the user's runtime settings (the ability to control aggregate creation and usage) is not configurable at query time by the user. |
View Aggregates | View the list of aggregates for the all of the published cubes in all of the projects in an organization. |
Manage Aggregates | Deactivate aggregates Access the Aggregate Settings page Requires the user ID also to have the View Aggregates permission. |
View Queries | View the query history and running queries for all published cubes in all projects in an organization. |
Cancel Queries | Allows the user to cancel queries from the queries screen mid-execution. |
Manage Data Warehouses | Create a data warehouse Edit a data warehouse Delete a data warehouse |
Create Projects | Create new projects |
View Support Logs | Allows the user to download today's or all of the support log history from the SUPPORT tab |
Impersonate Users | Allows the user that Tableau Server connects to AtScale with can be granted permission to impersonate a user. |
Edit Projects | Access overview pages for unpublished projects and cubes View and edit the cube canvas in draft mode |
Publish Projects | Publish a project |
Read Published Projects | View the overview page for published projects View published projects and perspectives from the AtScale landing page |
Override Engine and Organization Settings | This permission allows the user to read, manage, and set cube-level organization settings. |
The default organization comes with three pre-configured roles. You can edit these roles, delete them, or create your own.
Role Name | Permissions |
---|---|
Design Center User | Login View Aggregates View Queries Create Projects Edit Projects Publish Projects Read Published Projects |
Organization Admin | Login Administer Organization Runtime User Settings View Aggregates Manage Aggregates View Queries Cancel Queries Manage Data Warehouses Create Projects View Support Logs Edit Projects Publish Projects Read Published Projects Override Engine and Organization Settings |
Runtime Query User | This role is not granted any system permissions. Instead, users who are assigned this role can be given runtime permissions on cubes. Runtime permissions allow users to query cubes from BI client software, such as Tableau and Microsoft Excel. |
Procedure
-
In the Design Center, go to Security > Roles.
-
To create a role:
- On the Roles page, click the Create button.
- Select the permissions to associate with the role.
- Click Create Role.
-
To update a role:
- On the Roles page, click the role name.
- You can rename the role, select or deselect role permissions, or delete the role.
- Click Save to apply your edits.