You can assign roles to users. These roles can be set manually through the application or they can be mapped in from your identity provider if you have SSO integration enabled.
The available roles are:
-
SysAdmin
-
ProjectManager
-
SupportStaff
-
Practitioner
-
ReadOnlySupportStaff
-
Librarian
A user with no roles is called a Lite User, or in some contexts is called a Results Consumer. Lite Users have restricted feature access, and might have a different licensing status.
A SysAdmin user can grant access roles to other users. To do so, open Users tab of the admin UI. Locate the user you want to grant permissions to, click Edit next to the username, then select the desired role.
Users can have more than one role, and will have the additive permissions of each role.
By default, all new users will be assigned the Practitioner role, but this can be changed with central configuration options.
| Permission | Lite User | Practitioner | SysAdmin |
|---|---|---|---|
Create Project | X | ||
View Project List | X | X | X |
Fork Project | X | ||
Archive Project | X | X |
| Permission | Lite User | Practitioner | SysAdmin |
|---|---|---|---|
List and View Files | X | X | X |
Edit Files | X | ||
Upload Files | X |
| Permission | Lite User | Practitioner | SysAdmin |
|---|---|---|---|
Start Workspace | X | ||
Stop Workspace | X | X | |
Open Workspace | X | ||
View Workspace History | X | X | X |
Archive Workspace | X | X |
| Permission | Lite User | Practitioner | SysAdmin |
|---|---|---|---|
Start Job | X | ||
Stop Job | X | X | |
View Job History | X | X | X |
Create Scheduled Job | X | ||
Edit Scheduled Job | X | X | |
Delete Scheduled Job | X | X |
| Permission | Lite User | Practitioner | SysAdmin |
|---|---|---|---|
View Project Settings | X | X | |
Edit Project Settings | X | X |
| Permission | Lite User | Practitioner | SysAdmin |
|---|---|---|---|
Create Model API | X | ||
Be a Model API "Owner" | X | X | |
Be a Model API "Editor" | X | X | X |
Be a Model API "Viewer" | X | X | |
Stop a Model Version | X | X | |
View Model Settings | X | X | |
Edit Model Settings | X | X | |
Promote a Model Version to Prod | X |
| Permission | Lite User | Practitioner | SysAdmin |
|---|---|---|---|
Publish or Start App | X | ||
Stop App | X | X | |
View App | X | X | X |
| Permission | Lite User | Practitioner | SysAdmin |
|---|---|---|---|
View Launchers | X | X | X |
Create or Edit Launcher | X | ||
Delete Launcher | X | ||
Run Launcher | X | X |
| Permission | Lite User | Practitioner | SysAdmin |
|---|---|---|---|
Create Dataset | X | ||
Create Dataset Snapshot | X | ||
Mount Dataset | X | ||
View Datasets | X | X | X |
Delete Dataset Snapshot | X |
| Permission | Lite User | Practitioner | SysAdmin |
|---|---|---|---|
List and View Environment | X | X | X |
Create Environment | X | X | X |
Edit Environment | X | X | X |
| Permission | Lite User | Practitioner | SysAdmin |
|---|---|---|---|
View Admin UI | X | ||
Edit Settings in Admin UI | X |
When Project Managers are members of organizations, their role grants them owner-level access to all projects that are owned by other members of the organizations. This allows the Project Manager to see these projects and their assets in the Projects Portfolio and Assets Portfolio.
The Project Manager might also have the ability to add users to these organizations, thereby gaining contributor access to those users' projects. For this reason, Project Manager must be treated as a highly privileged role, similar to System Administrator.