Skip to content

Managing Roles

Roles allow you to define a set of permissions on data, and then grant this set of access to groups. Read more about roles on Role-based Access Control.

The Roles page enables you to find roles and see their permissions on data. Users with specific access can also create, delete, and edit these roles and permissions.

Who has access to manage roles?

Actions on roles by the access levels that give permission to perform that action:

Action on roles CATALOG (all roles) ROLE
Ability to see roles page in UI ALL CREATE_ROLE_AS_OWNER Any access level
Create Roles ALL CREATE_ROLE_AS_OWNER
List Roles ALL Any access level
Full administrative actions on a role ALL ALL
Grant permissions to a role ALL ALL MANAGE_PERMISSIONS also need WITH GRANT OPTION to grant on objects.
Manage groups assigned to a role ALL ALL MANAGE_GROUPS

Creating and Editing Roles

Okera Roles page

Creating a New Role

Only catalog admins can create roles.

Click the ‘Create new role’ button to create a role:

Create role button

The only requirement for creating a role is to give it a name. You can also optionally assign groups to roles when you create them.

Deleting a Role

Only catalog admins can delete roles.

Click the ‘Delete role’ button to delete a role:

Delete role button

Note that deleting a role will revoke this role’s access to data.

Adding and Removing Groups from Roles

Only catalog admins can add and remove groups from roles.

Click the ‘Edit groups’ button to add or remove groups from a role:

Edit groups

Viewing and Managing Access

Granting Permissions to a Role

See Creating policies in the UI to learn how to add permissions to roles.

Filtering by Group and User

In addition to searching for roles by name, you may also filter by group and user.

Filtering by group will show you all roles assigned to that group:

Filter by group

Filtering by user will show you all roles assigned to groups containing that user (i.e. all roles that apply to this user):

Filter by user

Groups that contain the user you have filtered on will be indicated in bold pink text as shown in the image above.

You can also look up a specific user on the Users page to see which roles and groups they are assigned to.

Checking Access to Data

You can also check which roles have permissions on a given data object by going to the Data page and looking at the data object's Permissions tab. To learn more, see Permissions on the Data page.