Roles and Permissions
Data Pipes permissions are managed using RBAC (Role-Based Access Control) and can be enforced within 2 specific context: User Roles and Domain Roles.
User Roles and Domain Roles serve different purposes
User Roles define the actions a user can perform within the Data Pipes platform.
Domain Roles define the actions a user can perform within a specific Domain.
User Roles and Permissions
There are three primary User Roles within Data Pipes: Data Administrators, Domain Owners, Data Users.
Data Pipes does not allow creation of new User Roles.
Only Data Administrators can assign User Roles to other users.
Data Administrators
Data Administrators will manage the Data Pipes application. They connect the various data sources to the data lake and organize those datasets in Domains. Data Administrators have access to the necessary log files to ensure compliance with data security requirements.
Domain Owners
Domain Owners manages access control and data quality for a set of tables. Domain owners typically have some expertise in the IT systems providing the data, which allows them to provide the right context . A typical Domain Owner would be appointed by the head of an operational department (finance, HR, …) or be part of a Data Office.
Data Users
Data Users create data assets - dashboards, predictive models, etc. Data Pipes provide them with a tightly integrated analytics workbench where users can discover, validate and request access to the dataset to perform data cleaning and preparation, and open the dataset in an analytical tool of choice.
User Roles Permissions Overview
Below is a summary that describes the specific permissions that have been granted to each of the user roles within Data Pipes.
Permissions | Data Users | Domain Owner | Data Administrators |
|---|---|---|---|
View snapshots of tables, dashboards, lineage, tags and documentations | ✅ | ✅ | ✅ |
Start a new ingestion pipeline | ✅ | ✅ | ✅ |
Perform data preparation and transformation | ✅ | ✅ | ✅ |
Consume data using analytical. visualization and machine learning tools | ✅ | ✅ | ✅ |
Create and Invite new users |
|
| ✅ |
Create new User Roles |
|
| ✅ |
Assign User Roles to other users |
|
| ✅ |
Access Audit Logs |
|
| ✅ |
Domain Roles and Permissions
A Domain Role is a logical group assigned to multiple users so that the actions across Domains can be managed collectively.
Example: A Domain Owner can restrict sensitive data to a specific Domain Role.
Domain Owners can manage the actions a Domain Role can perform within their owned domain.
However, only a Data Administrator can create and assign Domain Roles to other users.
Domain Permissions Overview
Permissions | Data Users | Domain Owner | Data Administrators |
|---|---|---|---|
Create new Domains |
|
| ✅ |
Create new domain roles and assign domain ownership |
|
| ✅ |
Assign Domain Roles to Other Users |
|
| ✅ |
Design and manage metadata fields within the data catalog |
|
| ✅ |
Populate, modify and remove tags, metadata and description fields |
| *️⃣ Owned Domain Only |
|
Hide or unhide tables within the data catalog |
| *️⃣ Owned Domain Only |
|
Manage access and visibility to data tables, rows and columns |
| *️⃣ Owned Domain Only |
|