Security Roles
About Security Roles
Incorta applies permissions with Roles. Roles are immutable. You cannot create, edit, or delete a Role.
Here are the available Roles in Incorta:
Analyze User
Manages folders and dashboards and has access to the Analyzer screen. This role creates Dashboards with shared and personal (requires Schema Manager) schemas. This role also shares with the Share option, shares through email, or schedules Dashboards for sharing using email.
Dashboard Analyzer
In addition to viewing and sharing the dashboards available to the user role, this role will also be able to personalize the dashboards shared with them.
Individual Analyzer
Creates new dashboards using shared or personal schemas (requires Schema Manager). This role cannot share or send dashboards via email.
Privileged User
Shares and schedules sending dashboards using emails.
Schema Manager
Creates schemas and data sources and loads the data into the schemas. This role also shares the schemas with other users so they can create dashboards.
SuperRole
Manages users, groups, and roles. Can create users and groups. This role also creates schemas and dashboards without requiring any additional roles. This is the master Admin role.
User
The default roles assigned to an end-user assigned to a group. This role views any dashboard shared with them. This role can apply filters but cannot change the underlying metadata.
User Manager
Creates and manages groups and users. Creates groups and adds roles. Adds users to groups.
Role Permissions
Roles enforce Access Rights. There three levels of access rights:
- Can View: Has view (read) access
- Can Share: Has view (read) and share access
- Can Manage: Has view (read), share, and edit access
The following table describes the Access Rights for each Role.
Role | Access Rights |
---|---|
Analyze User | Can Manage: Catalog; Can View: Schema |
Dashboard Analyzer | Can Share: Catalog |
Individual Analyzer | Can Manage: Catalog; Can View: Schema |
Privileged User | Can Share: Catalog |
Schema Manager | Can Manage: Schema, Data |
SuperRole | Can Manage: Security, Catalog, Schema, Data |
User | Can View: Catalog |
User Manager | Can Manage: Security |
Note that Catalog refers to the Content tab in the Navigation bar.
Security Model
Incorta's security model is optimistic, meaning that Incorta enforces the least restrictive role permissions and access rights.
All users inherit the User role. A tenant administrator inherits the SuperRole by default.
There is no direct way to assign a role to user. Instead, you can assign one or more Roles to a Group.
A Group is a collection of zero or more users. You assign a user to one or more groups.