Concept | Govern roles and permissions#

Roles and permissions determine how users can access and interact with Dataiku Govern. They’re not just technical settings—they form a core part of ensuring security, compliance, and efficient collaboration within an organization.

The value of roles and permissions#

Properly configured roles and permissions provide several benefits:

Benefit	Description
Security	Limit access to sensitive information and reduce the risk of accidental or unauthorized changes.
Compliance	Ensure your organization meets regulatory requirements by controlling who can see and modify specific data.
Efficiency	Users only see what they need, reducing clutter and confusion.
Consistency	Standardized roles help enforce company-wide policies and best practices.

Understanding the purpose behind roles and permissions allows organizations to design a governance model that balances flexibility with control, making data assets more reliable and easier to manage.

Configuring roles and permissions#

Roles, permissions, and role assignments form the foundation of Govern’s access control model. This section explains how these elements interact and how they can be structured within Dataiku Govern.

All configurations are managed under Roles & Permissions in the waffle () menu.

Create roles#

A role groups together a set of permissions that correspond to a user’s responsibilities. Role names should reflect the scope of the activities they govern.

Dataiku Govern provides several pre-configured roles for common types of users:

Organizations can adopt these roles as-is or customize them to reflect their specific structure and governance needs.

Configure permissions#

Permissions define what actions users can perform and what data they can access. Govern provides four primary permission types:

Permission	Description
Create (C)	Can create items within Govern but cannot delete items.
Read (R)	Can view information only.
Write (W)	Can edit fields but cannot create or delete items.
Delete (D)	Can delete items.

Additionally, the Admin permission grants all four types.

Administrators can apply permissions at different levels:

Default permissions: Baseline rights for each role across all blueprints.
Blueprint-specific settings: Refined permissions depending on the type of object (Blueprint, Blueprint Version, or Artifact).
Field-level permissions: Fine-grained control within a blueprint for specific fields.

This structure allows organizations to tailor access according to responsibilities and data sensitivity. For example, a data scientist role might have Read access to most blueprints, but Write access only on models relevant to their work.

Assign roles to users#

Roles are activated when assigned to users or groups through role assignment rules. These rules can define assignments based on:

Specific users, groups, API keys, or fields.
Certain conditions or criteria related to the blueprint or artifact.

Role assignments are blueprint-specific and can be applied to different governance items:

Business initiatives
Govern projects
Govern models
Govern model versions
Govern bundles

Inheritance allows role assignment rules defined at one level (for example, Business Initiative) to propagate to related governance items (that are Projects, Models, or Model Versions) according to the hierarchy of Govern items. This provides flexibility while maintaining control over access.

Important

Role assignment rules can be inherited, but permissions themselves aren’t inherited. Each blueprint requires explicit configuration of permissions where access is needed.

Next steps#

Within the Roles and Permissions settings, you can:

Create new roles.
Customize default and blueprint-specific permissions.
Assign roles to users with rules based on blueprint or criteria.

For hands-on guidance on creating roles, configuring permissions, and assigning roles to users in Dataiku Govern, follow the Tutorial | Govern roles and permissions.