User Roles in ONE DATA are used to define the rights a certain Group of users has in order to access resources (Data, Workflows, Reports, etc.) within a specific Project in ONE DATA.
Overall, there are six different rights that may be assigned to a Group of users for each of the available types of resources.
The figure below illustrates the relationship between User Roles and other core elements in the User Management.
As it can be observed, User Roles are assigned to a certain Group of users. They define the way a user may access a resource within a Project.
For example, in the picture above, Peter belongs to the Group "DS". This Group has been assigned the role "ALL" which means that they have access to all resources added to the Project "AB" and therefore, all rights regarding these resources.
On the other hand, Sofie has been assigned to the Group MGMT (management). This Group only has the right to execute jobsand view report.
Therefore Sofie would not be able to modify any Workflows or Reports within the Project, nor add Data Tables to the Project.
There are six different User Rights (CREATE, READ, WRITE, DELETE, EXECUTE, SHARE) which can be assigned to a Group of users for each of the existent resource types via User Roles.
The rights can be defined as follows:
CREATE: user is allowed to add existing resources to the Project or create new ones
READ: user is allowed to see that a resource exists within the Project
WRITE: user is allowed to edit a resource assigned to the Project and save the changes
DELETE: user is allowed to completely delete a resource from the system
EXECUTE: user is allowed to use a resource to process data
SHARE: user is allowed to move/take an existing resource and share it with other users
New roles can be created under the rights management area ().
First, the user needs to choose the Domain in which the new role is to be created then click "Add Rew Role". Upon validating the role name, a new column will be added to the table shown below and the user can assign the desired rights by clicking on the icon in the corresponding cell.
The green hook () means that the right has been granted for the selected resource, the red cross() means that the right has been denied.
Only a Domain Admin can create new roles and assign rights within the User Management.
A role can only be used to manage the access of a certain Group to a certain Project within the selected Domain. Therefore, roles are created under the "Rights Management" Area and assigned under the "Project Settings" Area. Consult the Projects article for more information.
In this section, we present some examples of user roles along with the associated rights for better understanding.
Examples will be given regarding to the following resource types:
The Group assigned this role has all rights for all resource types.
The Group assigned this role is able to read existent Reports, see old data and generate new data within Reports. However, this Group is not allowed to execute nor read Workflows.
This role allows users to only upload / add new data Tables to the project.
For a more detailed description, check the Rights Management in Detail article.