Security Roles

About Security Roles

Incorta applies permissions with Roles. Roles are immutable. You cannot create, edit, or delete a Role.

Here are the available Roles in Incorta:

Analyze User

Manages folders and dashboards and has access to the Analyzer screen. This role creates Dashboards with shared and personal (requires Schema Manager) schemas. This role also shares with the Share option, shares through email, or schedules Dashboards for sharing using email.

Dashboard Analyzer

In addition to viewing and sharing the dashboards available to the user role, this role will also be able to personalize the dashboards shared with them.

Individual Analyzer

Creates new dashboards using shared or personal schemas (requires Schema Manager). This role cannot share or send dashboards via email.

Privileged User

Shares and schedules sending dashboards using emails.

Schema Manager

Creates schemas and data sources and loads the data into the schemas. This role also shares the schemas with other users so they can create dashboards.

SuperRole

Manages users, groups, and roles. Can create users and groups. This role also creates schemas and dashboards without requiring any additional roles. This is the master Admin role.

User

The default roles assigned to an end-user assigned to a group. This role views any dashboard shared with them. This role can apply filters but cannot change the underlying metadata.

User Manager

Creates and manages groups and users. Creates groups and adds roles. Adds users to groups.

Important

Starting the 5.2 release, users with only the Analyze User or Individual Analyzer roles will have limited access to the Business Schema Manager where they can view a list of business schemas shared with them without the need to be assigned the Schema Manager role. They can only open a shared business schema in the Business Schema Designer view mode, explore its data, export it, and view its description and sharing configurations.

Role Permissions

Roles enforce Access Rights. There three levels of access rights:

  • Can View: Has view (read) access
  • Can Share: Has view (read) and share access
  • Can Manage: Has view (read), share, and edit access

The following table describes the Access Rights for each Role.

RoleAccess Rights
Analyze UserCan Manage: Catalog; Can View: Schema
Dashboard AnalyzerCan Share: Catalog
Individual AnalyzerCan Manage: Catalog; Can View: Schema
Privileged UserCan Share: Catalog
Schema ManagerCan Manage: Schema, Data
SuperRoleCan Manage: Security, Catalog, Schema, Data
UserCan View: Catalog
User ManagerCan Manage: Security

Note that Catalog refers to the Content tab in the Navigation bar.

Security Model

Incorta's security model is optimistic, meaning that Incorta enforces the least restrictive role permissions and access rights.

All users inherit the User role. A tenant administrator inherits the SuperRole by default.

There is no direct way to assign a role to user. Instead, you can assign one or more Roles to a Group.

A Group is a collection of zero or more users. You assign a user to one or more groups.