Reference | Permission management on Dataiku Cloud#

The groups to which a user belongs defines their permissions and which instances they can access.

Group management#

On Dataiku Cloud, group and permission management occurs in the Users & Access Management > Groups and Permissions panel in your Launchpad. There you are able to:

  • Create, edit, or delete groups.

  • Manage group permissions.

  • Control which users are members of groups.

  • Control which Dataiku instances are targeted by groups.

Dataiku screenshot of the groups and permissions tab in the Dataiku Cloud Launchpad.

Dataiku Cloud creates some groups by default to manage your users.

Group

Permission

space_administrators

Members of this group can administer the Launchpad and all Dataiku instances. Members of this group can notably manage other users and groups, and have access to all projects within Dataiku instances.

designers

Members of this group can perform any action included in their profile except the admin tasks. Deployer permissions are not included. It’s created when the space is created, and all designers are automatically added.

code_studios_designers

Members of this group can create and use the Code Studios feature. It’s created when the corresponding extension is activated, and all designers are automatically added.

deployers (API node) and project_deployers (Automation node)

Members of these groups can publish on the local Deployer and to their respective node. It’s created when the extension is activated, and all designers are automatically added.

  • Members of deployers (API node) and project_deployers (Automation node) can publish on the local Deployer and in the corresponding node. It’s created when the extension is activated, and all designers are automatically added.

  • The default group can be edited and/or deleted if needed.

Note

In some spaces a default group has been created so users don’t lose access to a node. Members of this group can access all the nodes in the given space but it gives no permission. The space admins can edit and delete this group.

Group targets#

For each group, you can select the Node Availability that will define in which instances of the space the group will be created.

To edit this settings, click on the horizontal dots (Horizontal dots icon.) for a group, and select Edit Group. You are able to select which Dataiku instances the group should target.

Note

If a group targets instance X, all members of this group will be able to connect to that instance. A user that isn’t in any group targeting instance X, won’t be able to connect to this instance.

Group permissions#

If you want to manage group permissions, click on the horizontal dots (Horizontal dots icon.) for a group, and select Edit Group. You are able to adjust permissions for your Dataiku instance and for panels of the Launchpad.

  • The Launchpad Administrator permission gives access to all panels and rights in the Launchpad.

  • The Node Administrator permission gives admin rights to the Dataiku instances it targets.

  • The Manage code envs permission allows users to access the Code Envs panel and create, edit, or delete code environments.

  • The Turn on space permission allows users to start the targeted Dataiku instances if they’re stopped.

Space owner#

The space owner is a member of the space_administrators group and has similar permissions. However, the space owner is the one user that you can’t delete or withdraw from the group.

To transfer space ownership, in the Users & Access Management panel, click the horizontal dots (Horizontal dots icon.) next to the user. Select Transfer Space Ownership.