Overview

User Roles in ONE DATA are used to define the rights a certain Group of users has in order to access resources (Data, Workflows, Reports, etc.) within a specific Project in ONE DATA.

Overall, there are six different rights that may be assigned to a Group of users for each of the available types of resources.


Introductory Example

The figure below illustrates the relationship between User Roles and other core elements in the User Management.

As it can be observed, User Roles are assigned to a certain Group of users. They define the way a user may access a resource within a Project.

For example, in the picture above, Peter belongs to the Group "DS". This Group has been assigned the role "ALL" which means that they have access to all resources added to the Project "AB" and therefore, all rights regarding these resources.

On the other hand, Sofie has been assigned to the Group MGMT (management). This Group only has the right to execute jobs ( ) and view reports ( ). Therefore Sofie would not be able to modify any Workflows or Reports within the Project, nor add Data Tables to the Project.


User Rights

There are six different User Rights (CREATE, READ, WRITE, DELETE, EXECUTE, SHARE) which can be assigned to a Group of users for each of the existent resource types via User Roles.

The rights can be defined as follows:

  • CREATE: user is allowed to add existing resources to the Project or create new ones

  • READ: user is allowed to see that a resource exists within the Project

  • WRITE: user is allowed to edit a resource assigned to the Project and save the changes

  • DELETE: user is allowed to completely delete a resource from the system

  • EXECUTE: user is allowed to use a resource to process data

  • SHARE: user is allowed to move/take an existing resource and share it with other users


Rights Management

New roles can be created under the rights management area ().

First, the user needs to choose the Domain in which the new role is to be created then click "Add Rew Role". Upon validating the role name, a new column will be added to the table shown below and the user can assign the desired rights by clicking on the icon in the corresponding cell.

The green hook () means that the right has been granted for the selected resource, the red cross () means that the right has been denied.


Only a Domain Admin can create new roles and assign rights within the User Management.



A role can only be used to manage the access of a certain Group to a certain Project within the selected Domain. Therefore, roles are created under the "Rights Management" Area and assigned under the "Project Settings" Area. Consult the Projects article for more information.


Examples

In this section, we present some examples of user roles along with the associated rights for better understanding.

Examples will be given regarding to the following resource types:

Data Tables
Workflows
Jobs
Reports


All rights

The Group assigned this role has all rights for all resource types.


Actions
CREATE
READ
WRITE
DELETE
EXECUTE
SHARE


Manager role

The Group assigned this role is able to read existent Reports, see old data and generate new data within Reports. However, this Group is not allowed to execute nor read Workflows.


Actions
CREATE
READ
WRITE
DELETE
EXECUTE
SHARE


Upload role

This role allows users to only upload / add new data Tables to the project.


Actions
CREATE
READ
WRITE
DELETE
EXECUTE
SHARE


For a more detailed description, check the Rights Management in Detail article.