About Security Roles
Incorta applies permissions with Roles. Roles are immutable. You cannot create, edit, or delete a Role.
Here are the available Roles in Incorta:
Manages folders and dashboards and has access to the Analyzer screen. This role creates Dashboards with shared and personal (requires Schema Manager) schemas. This role also shares with the Share option, shares through email, or schedules Dashboards for sharing using email.
Creates new dashboards using shared or personal schemas (requires Schema Manager). This role cannot share or send dashboards via email.
Shares and schedules sending dashboards using emails.
Creates schemas and data sources and loads the data into the schemas. This role also shares the schemas with other users so they can create dashboards.
Manages users, groups, and roles. Can create users and groups. This role also creates schemas and dashboards without requiring any additional roles. This is the master Admin role.
The default roles assigned to an end-user assigned to a group. This role views any dashboard shared with them. This role can apply filters but cannot change the underlying metadata.
Creates and manages groups and users. Creates groups and adds roles. Adds users to groups.
Roles enforce Access Rights. There three levels of access rights:
- Can View: Has view (read) access
- Can Share: Has view (read) and share access
- Can Manage: Has view (read), share, and edit access
The following table describes the Access Rights for each Role.
|Analyze User||Can Manage: Catalog; Can View: Schema|
|Individual Analyzer||Can Manage: Catalog; Can View: Schema|
|Privileged User||Can Share: Catalog|
|Schema Manager||Can Manage: Schema, Data|
|SuperRole||Can Manage: Security, Catalog, Schema, Data|
|User||Can View: Catalog|
|User Manager||Can Manage: Security|
Note that Catalog refers to the Content tab in the Navigation bar.
Incorta’s security model is optimistic, meaning that Incorta enforces the least restrictive role permissions and access rights.
All users inherit the User role. A tenant administrator inherits the SuperRole by default.
There is no direct way to assign a role to user. Instead, you can assign one or more Roles to a Group.
A Group is a collection of zero or more users. You assign a user to one or more groups.