Reference | Per-resource group permissions#
Permission |
Description |
Note |
Other permissions automatically granted |
|---|---|---|---|
Admin |
Allows group members to perform any action on the project, including: change the permissions and owner of the project and create project bundles. |
|
|
Read project content |
Allows group members to see the Flow, access the datasets, and read the recipes. More generally speaking, this group may read every configuration and data in this project. |
|
|
Write project content |
Allows group members to read and write every configuration and dataset in this project. This includes the ability to create new datasets, recipes, and run all jobs in this project. |
This permission should be the default for a data team working within a project. |
|
Share to workspaces |
Allows group members to share objects (dashboards, datasets, wiki pages) to workspaces. |
Instance admins must separately grant the group permission to share content into workspaces, regardless of source project. |
|
Export datasets |
Allows group member to click on the “Download” button to retrieve the content of a dataset. |
Disabling this permission removes the most obvious way to download whole datasets, but users who have at least Read project content permission will still be able to download datasets. If you do not want your users to be able to retrieve the full content of datasets, do not give them access to the project. |
|
Read dashboards |
Allows group members to read dashboards that have been created. They may not modify anything. They can only read dashboard insights that use project objects that have been shared with them using Dashboard authorizations. |
||
Write dashboards |
Allows group members to create their own dashboards, using the project objects that have been shared with them using Dashboard authorizations. |
|
|
Run scenarios |
Allows group members to run scenarios. They may not run jobs that are not part of a scenario. Users with this permission may only run scenarios that have a “Run As” user. |
This permission is generally not very useful without the Read project content permission. |
|
Manage authorized objects |
This group may modify which objects of the project are usable by dashboard-only users through the Workspaces & dashboards authorizations and accessible through a workspace. |
This permission is generally not very useful without the Read project content permission. The main use case for this permission is the following: A group of analysts and data scientists creates a Flow. The data is of medium sensitivity so all dashboard users could use any of the Flow. However, the dashboard users must not be able to break or modify the Flow. Thus, the dashboard users (or a subgroup of them) has this permission to gain access to source datasets. |
|
Manage exposed elements |
Allows group members to modify which objects of the project are available in other projects through the exposed objects. |
This permission is generally not very useful without the Read project content permission. The main use case for this permission is the following: A group of analysts and data scientists creates a Flow. The data is of medium sensitivity so all or some DSS users should be able to reuse it on other projects. However, the other projects’ users must not be able to break or modify the Flow. Thus, a group of other project’s users has permission to go in the project, and “pick” datasets to use in other projects. |
|
Execute app |
This permission is only available on projects converted into a Dataiku application or an application-as-recipe. This group may execute the corresponding application if the application is configured to be instantiated only by a user with this permission. Otherwise this permission is not needed. |
Permission |
Description |
|---|---|
Use |
Allows group members to use a code environment (for example in recipes and notebooks). |
Update settings & packages |
Allows group members to update settings and change included packages. |
Admin |
Allows group members to have full administrative control over the code environment. |
Permission |
Description |
|---|---|
Use |
Allows group members to select the cluster and use it in a project. |
Change settings & Operate |
Allows group members to modify cluster settings. |
Admin |
Allows group members to have full administrative control over clusters. |
Permission |
Description |
|---|---|
View |
Allows group members to view existing deployments. |
Deploy |
Allows group members to create and update deployments. |
Admin |
Allows group members to have full administrative control over the deployment infrastructure (including managing the permissions). |