Introduction

ONE DATA offers various possibilities to manage the rights on available Resources such as Data Tables, Workflows, Credentials, Connections, etc. The rights are structured in a matrix, allowing to set the following for every Resource: CREATE, READ, WRITE, EXECUTE, DELETE, and SHARE. This is related to normal users and not viewer users. 

Therefore, in this article, we provide you with detailed information about every matrix entry for every available Resource, which are the following:

General Information

Within the matrix there are also some configuration options that basically do not have an effect, but are kept to insure the integrity of the UI. We will mark such options with an "(x)" in the respective tables below, and if necessary, an explanation for those being empty is added.


Furthermore there are rights configurations that create some sort of dependency on other rights, meaning that the setting of the original right does only fully make sense if the depending right is also set, or things to consider when setting a right to true. This circumstance is written down as "Dependency" directly in the row entry of the following rights matrices.


This article does not show relations to Apps directly, as it would convolute the matrices below. However, there is an own article about the topic of Apps, their relation to the Rights Management, and how to set it up: How to Publish an App to Others.


Important Points for every Resource:

- If a Resource is deleted, it is deleted indefinitely and cannot be retrieved whatsoever! If a shared Resource is deleted, the original Resource will be deleted as well! Be mindful who you give the rights to delete Resources to!

- The creator of a Resource, which is in terms then the Resource's owner, always has full rights on it.

- If you have SHARE rights in Project A for a specific Resource, you need CREATE rights for the same Resource type in Project B to share a resource from A to B.


Credentials

Credentials
CREATEA user can create new Credentials.
READA user is able to see the existing Credentials in a Project and can open them to see their configuration (e.g. user name and the type of the Connection like "Oracle").

The user is not able to see the password though!
The password is never visible, not even to the creator of the Credentials.


Dependency: If a user wants to execute a Workflow containing Credentials, READ access on Credentials must be given to the user in order to make it work (and also EXECUTE rights for the Workflow must be given).
WRITEA user can alter the configuration of a Credentials resource (name, user name, password, etc.) and save them.
(x) EXECUTEFor Credentials, no EXECUTE rights are needed.
DELETEA user can delete Credentials. 

Please mind that deleted Credentials can never be restored again!
SHAREA user can share the reference to Credentials to another Project. 

Please mind that if a shared Resource gets deleted, the original one will be deleted, too!

Dependency: A user needs CREATE rights on Credentials in the receiving Project for this to work.


Connections

Connections
CREATEA user can create new Connections.

Dependency: Some Connections require Credentials, in this case the user needs READ rights on Credentials in order to see them in the configuration of the Connection.
READA user is able to see the existing Connections in a Project and can open them to see their respective configurations.

Dependency: If a user wants to execute a Workflow containing a Connection, READ access on Connections must be given to the user in order to make it work (and also EXECUTE rights for the Workflow must be given). Please note that if there is a Credential contained in the Connection, the user does not need READ rights on Credentials!
WRITEA user can alter the configuration of a Connections Resource and save them.
(x) EXECUTEFor Connections, no EXECUTE rights are necessary.
DELETEA user can delete Connections in the Project. 

Please mind that deleted Connections can never be restored again! 
SHAREA user can share Connections to another Project. 

Please mind that if a shared Resource gets deleted, the original one will be deleted, too! 

Dependency: A user needs CREATE rights on Connections in the receiving Project for this to work.


Data Tables

Data Tables
CREATEA user can create new Data Tables via the dialogues in the Data Table overview (e.g. CSV Upload), and via Workflows (important: only create, not alter - this is done via the WRITE right).
READA user can display and open all Data Tables as well as see the content, statistics, or e.g. select them in a Workflow.

Without READ rights, a user cannot successfully execute a Workflow in which the Data Table is used.

WRITEA user can alter a Data Table via the Data Table overview directly, and via Workflows (important: only alter, not create - if the Workflow is configured to create the Data Table if it is not existing yet, the user also needs CREATE rights or otherwise cannot create the initial Data Table).
(x) EXECUTE
For Data Tables, no EXECUTE rights are necessary, as they are directly used by e.g. Workflows.
DELETEA user is allowed to delete a Data Table. 

This also applies to Data Tables that were shared from other projects. 

Please mind that removed Data Tables cannot be restored anymore!
SHAREThe user can share a Data Table to another Project. 

Please mind that if a shared Resource gets deleted, the original one will be deleted, too! 

Dependency: A user needs CREATE rights on Data Tables in the receiving Project for this to work.


Models

Models
CREATEA user can create / upload new Models. Note that this right is necessary if the user is supposed to run a Workflow which creates a new initial Model.
READA user can see existing Models in a Project.

Dependency: Please note that READ and WRITE rights are also necessary for the execution of a Workflow that trains a Model.
WRITEA user can edit and save existing Models' information and can execute Workflows that save/alter the respective Model.
EXECUTEA user is allowed to use Models for execution (e.g. in a Workflow).
DELETEA user can delete Models. 

Please mind that removed Models cannot be restored anymore!
SHAREThe user can share a Model to another Project. 

Please mind that if a shared Resource gets deleted, the original one will be deleted, too! 

Dependency: A user needs CREATE rights on Models in the receiving Project for this to work.


Workflows

Workflows
CREATEA user can create new Workflows.
READA user can see existing Workflows in a Project.
WRITEA user can edit and save existing Workflows.
EXECUTEA user is allowed to execute Workflows.

Dependency: Please note that if other Resources are included in a Workflow, e.g. the training of a Model, then also respective rights need to be given to the user executing the Workflow (in the example case, the READ and WRITE rights on Models).
DELETEA user can delete Workflows. 

Please mind that removed Workflows cannot be restored anymore!
SHAREThe user can share a Workflow to another Project. 

Please mind that if a shared Resource gets deleted, the original one will be deleted, too! 

Dependency: A user needs CREATE rights on Workflows in the receiving Project for this to work.

 

Workflow Jobs / Jobs

Workflow Jobs / Jobs
CREATEJobs are automatically created when a Workflow is executed, but when this right is given to a user, its created Jobs are visible to other users.
READA user can see all Jobs related to a Workflow.
WRITEA user can see and edit the metadata of others' Jobs (a user can otherwise only edit its own Jobs).
(x) EXECUTEFor Jobs, no EXECUTE rights are necessary, as they are directly created via Workflows.
(x) DELETEJobs cannot be deleted via the ONE DATA UI.
(x) SHAREJobs cannot be shared directly - they are implicitly shared with a Workflow however.


Production Lines

Production Lines
CREATEA user can create new Production Lines.

Dependency: The user should also have READ rights on Workflows in order to add them to Production Lines.
READA user can see existing Production Lines.

Dependency: A user can only see Production Lines for which also the READ right on respectively contained Workflows is given.
WRITEA user can edit and save existing Production Lines.
EXECUTEA user is allowed to execute Production Lines.

Dependency: A user can only execute Productions Lines if also the right to EXECUTE the contained Workflows is given.
DELETEA user can delete Production Lines. 

Please mind that removed Production Lines cannot be restored anymore!
(x) SHAREProduction Lines cannot be shared.


Schedules

Schedules
CREATEA user can create new Schedules for both Workflows and Production Lines.
READA user can see existing Schedules in a Project and their information.
WRITEA user can edit and save existing Schedules.

Dependency: A user can only add Workflows and Production Lines to a Scheduler if the READ and EXECUTE rights are given on the respective Resource.
(x) EXECUTENot necessary to be set, as a Scheduler is not executed by the user itself.
DELETEA user can delete Schedules. 

Please mind that removed Schedules cannot be restored anymore!
(x) SHARESchedules cannot be shared.


Reports

Reports
CREATEA user can create new Reports.
READA user can see existing Reports in a Project and their content.
WRITEA user can edit and save existing Reports.
EXECUTEA user can execute elements of the Report, e.g. a button for the execution of a Production Line.

Dependency: The user does also need the READ and EXECUTE rights on the respective underlying resource (in the example of a Production Line, the user must be allowed to both read and execute both the Production Line and respectively contained Workflows).
DELETEA user can delete Reports. 

Please mind that removed Reports cannot be restored anymore!
SHAREThe user can share a Report to another Project. 

Please mind that if a shared Resource gets deleted, the original one will be deleted, too! 

Dependency: A user needs CREATE rights on Reports in the receiving Project for this to work.


Functions

Functions
CREATEA user can create new Functions.
READA user can see existing Functions in a Project and their content.
WRITEA user can edit and save & deploy existing Functions.
EXECUTEA user can execute / run a Function.
DELETEA user can delete Functions. 

Please mind that removed Functions cannot be restored anymore!
(x) SHAREFunctions cannot be shared.


Sidenote: A user requires the READ, WRITE, and EXECUTE rights in order to implement Functions in Apps.