Skip to content

Manage Roles

Roles allow you to define a set of permissions on data and then grant this set of access to groups. Read more about roles in Role-Based Access Control (RBAC).

The Roles page enables you to find roles and see their permissions on data. Users with specific access can also create, delete, and edit these roles and permissions.

Who Can Manage Roles?

The following table lists the permissions to perform the actions required to manage roles.

Action on Roles CATALOG (all roles) ROLE
Ability to see roles page in UI ALL CREATE_ROLE_AS_OWNER      Any access level
Create Roles ALL CREATE_ROLE_AS_OWNER     
List Roles ALL Any access level
Full administrative actions on a role ALL ALL
Grant permissions to a role ALL ALL MANAGE_PERMISSIONS also need WITH GRANT OPTION to grant on objects.
Manage groups assigned to a role ALL ALL MANAGE_GROUPS

Create and Edit Roles

Okera Roles page

Create a New Role

Only catalog admins can create roles.

Select to create a new role. The Create role dialog appears.

Create role dialog

Specify a name for the role in the Role name box (this is required). Then, optionally, select groups in the Assigned groups box to assign groups to the role.

Delete a Role

Only catalog admins can delete roles.

Select the role and review its details. Then select in the details section to delete the role.

Deleting a role revokes its access to data.

Add and Remove Groups From Roles

Only catalog admins can add and remove groups from roles.

Select the role and review its details. Then select in the details section. The Groups section expands:

Edit groups

To add a role, select it from the dropdown list in the Assigned groups box. To remove a role, select the X to the left of its name in the box. Select to save your changes.

View and Manage Access

Grant Permissions to a Role

See Creating Permissions in the UI to learn how to add permissions to roles.

Filter the Role List by Group and User

In addition to searching for roles by role name, you can filter the role list by group and user.

Filtering by group shows you all roles assigned to that group. You can filter by multiple groups as well. To filter by group, select or specify the group name or group names in the middle filter box (All groups box) at the top of the Roles page:

Filter by group

Filtering by user shows you all roles assigned to groups containing that user (i.e. all roles that apply to the user). You can filter by multiple users as well. To filter by user, select or specify the user name or user names in the right filter box (All users box) at the top of the Roles page:

Filter by user

View and Manage Access for Roles

Grant Permissions

See Creating Permissions in the UI to learn how to add permissions to roles.

Check Access to Data

You can also check which roles have permissions for a given database or dataset. To do this, review the Permissions tab for the database or a dataset on the Data page. See Managing Permissions for Data.