Manage Roles¶
Roles allow you to define a set of permissions on data and then grant this set of access to groups. Read more about roles in Role-Based Access Control (RBAC).
The Roles page enables you to find roles and see their permissions on data. Users with specific access can also create, delete, and edit these roles and permissions.
Who Can Manage Roles?¶
The following table lists the permissions to perform the actions required to manage roles.
Action on Roles | CATALOG (all roles) | ROLE |
---|---|---|
Ability to see roles page in UI | ALL CREATE_ROLE_AS_OWNER |
Any access level |
Create Roles | ALL CREATE_ROLE_AS_OWNER |
|
List Roles | ALL |
Any access level |
Full administrative actions on a role | ALL |
ALL |
Grant permissions to a role | ALL |
ALL MANAGE_PERMISSIONS also need WITH GRANT OPTION to grant on objects. |
Manage groups assigned to a role | ALL |
ALL MANAGE_GROUPS |
Create and Edit Roles¶
Create a New Role¶
Only catalog admins can create roles.
Select to create a new role. The Create role dialog appears.
Specify a name for the role in the Role name box (this is required). Then, optionally, select groups in the Assigned groups box to assign groups to the role.
Delete a Role¶
Only catalog admins can delete roles.
Select the role and review its details. Then select in the details section to delete the role.
Deleting a role revokes its access to data.
Add and Remove Groups From Roles¶
Only catalog admins can add and remove groups from roles.
Select the role and review its details. Then select in the details section. The Groups section expands:
To add a role, select it from the dropdown list in the Assigned groups box.
To remove a role, select the X to the left of its name in the box. Select to save your changes.
View and Manage Access¶
Grant Permissions to a Role¶
See Creating Permissions in the UI to learn how to add permissions to roles.
Filter the Role List by Group and User¶
In addition to searching for roles by role name, you can filter the role list by group and user.
Filtering by group shows you all roles assigned to that group. You can filter by multiple groups as well. To filter by group, select or specify the group name or group names in the middle filter box (All groups box) at the top of the Roles page:
Filtering by user shows you all roles assigned to groups containing that user (i.e. all roles that apply to the user). You can filter by multiple users as well. To filter by user, select or specify the user name or user names in the right filter box (All users box) at the top of the Roles page:
View and Manage Access for Roles¶
Grant Permissions¶
See Creating Permissions in the UI to learn how to add permissions to roles.
Check Access to Data¶
You can also check which roles have permissions for a given database or dataset. To do this, review the Permissions tab for the database or a dataset on the Data page. See Managing Permissions for Data.