domino logo
Latest (5.6)
  • About Domino
  • Architecture
  • Security and Compliance
  • Domino Infrastructure
  • Kubernetes Infrastructure
  • Installation
  • Data Planes
  • Execution Resources
  • Users
  • Keycloak Authentication Service
  • Data
  • Projects
  • Environments
  • Model Monitoring
  • Control Center
  • Logs and Monitoring
  • Backup and Restore
  • Disaster Recovery
  • Configuration Reference
  • Run the Admin Toolkit
  • MongoDB Console
  • Get Help
  • Send Feedback
domino logo
About Domino
Domino Data LabKnowledge BaseData Science BlogTraining
Admin Guide
>
Users
>
Manage Users
>
Roles

Roles

Administrators assign roles to users based on assignments and responsibilities. Set these roles in the application or map them from your identity provider if you have SSO integration enabled. If you start with a completely new Domino installation, the first user to log in is assigned the SysAdmin and Practitioner roles.

The available roles are:

  • SysAdmin - Administers instance with full administrative access.

  • ProjectManager - Manages organizations and project tags.

  • SupportStaff - Manages compute-related functionality.

  • Practitioner - Uses compute and file storage.

  • ReadOnlySupportStaff - Views compute related configuration.

  • Librarian - Manages project library.

  • LimitedAdmin - SysAdmin without access to projects and data.

  • LicenseReviewer - Views license-related content.

A user with no roles is called a Lite User or, in some contexts, a Results Consumer. Lite Users have restricted feature access and might have a different licensing status.

Tip

By default, all new users are assigned the Practitioner role. You can change this with central configuration options.

When multiple roles are assigned to a user, permissions are additive. To grant users roles, you must be a SysAdmin.

  1. In the Admin application, click Users.

  2. Search for the username to whom you want to grant permissions.

  3. Click Edit and select the roles.

  4. Click Save.

Project Overview Actions

PermissionPractitionerSysAdminSupportStaffReadOnlySupportStaffLibrarianLimited AdminLicense Reviewer

Create Project

X

View Project List

X

X

X

X

X

Fork Project

X

Archive Project

X

X

X

File Actions

PermissionPractitionerSysAdminSupportStaffReadOnlySupportStaffLibrarianLimited AdminLicense Reviewer

List and View Files

X

X

X

X

Edit Files

X

Upload Files

X

Workspace Actions

PermissionPractitionerSysAdminSupportStaffReadOnlySupportStaffLibrarianLimited AdminLicense Reviewer

Start Workspace

X

Stop Workspace

X

X

X

Open Workspace

X

View Workspace History

X

X

X

X

X

Archive Workspace

X

X

Job Actions

PermissionPractitionerSysAdminSupportStaffReadOnlySupportStaffLibrarianLimited AdminLicense Reviewer

Start Job

X

X

Stop Job

X

X

X

X

(Public projects only)

View Job History

X

X

X

Create Scheduled Job

X

Edit Scheduled Job

X

X

Delete Scheduled Job

X

X

Project Settings Actions

PermissionPractitionerSysAdminSupportStaffReadOnlySupportStaffLibrarianLimited AdminLicense Reviewer

View Project Settings

X

X

X

X

X

Edit Project Settings

X

X

X

X

Model API Actions

PermissionPractitionerSysAdminSupportStaffReadOnlySupportStaffLibrarianLimited AdminLicense Reviewer

Create Model API

X

Be a Model API "Owner"

X

Be a Model API "Editor"

X

X

X

Be a Model API "Viewer"

X

Stop a Model Version

X

X

X

View Model Settings

X

X

X

X

Edit Model Settings

X

X

X

Promote a Model Version to Prod

X

App Actions

PermissionPractitionerSysAdminSupportStaffReadOnlySupportStaffLibrarianLimited AdminLicense Reviewer

Publish or Start App

X

Stop App

X

X

X

View App

X

X

X

Launcher Actions

PermissionPractitionerSysAdminSupportStaffReadOnlySupportStaffLibrarianLimited AdminLicense Reviewer

View Launchers

X

X

X

Create or Edit Launcher

X

Delete Launcher

X

Run Launcher

X

Dataset Actions

See Dataset permissions and Dataset Roles for more information.

PermissionPractitionerSysAdminSupportStaffReadOnlySupportStaffLibrarianLimited AdminLicense Reviewer

Create Dataset

X

Mount/Unmount Dataset

X

Delete Dataset Snapshot

X

X

List All Datasets on Global Data Page

X

X

List All Datasets and Snapshots in Admin Application

X

X

Permanently Delete Datasets and Snapshots from the Admin Application

X

X

Cancel Delete Requests within the time set by com.cerebro.domino.dataset.graceTimeForDeletion. See Read-write datasets.

X

X

Edit Any Dataset Permissions

X

X

Environment Actions

Note
PermissionPractitionerSysAdminSupportStaffReadOnlySupportStaffLibrarianLimited AdminLicense Reviewer

List and View Environment

X

X

X

X

Create Environment

X

X

Edit Environment

X

X

X

Administrator Actions

PermissionLite UserPractitionerSysAdminSupportStaffReadOnlySupportStaffLibrarianLimited AdminLicense Reviewer

View Admin UI

X

X

X

X

X

Edit Settings in Admin UI

X

X

Edit Central Configuration

X

Edit Users

X

Edit Feature Flags

X

X

Create Global Environments

X

Edit Global Environments

X

View Usage Reports

X

X

X

Create Notifications

X

X

Edit Hardware Tiers

X

X

Run MongoDB Queries

X

Manage Executions

X

X

View Datasets in Admin UI

X

X

Manage Datasets in Admin UI

X

X

Organization Actions

PermissionLite UserPractitionerSysAdminSupportStaffReadOnlySupportStaffLibrarianLimited AdminLicense Reviewer

Create Organizations

X

X

X

X

X

X

Organization Owner Can Add/Remove Members To/From the Organization

X

X

X

X

X

X

X

Organization Owner Can Make Another User an Owner of the Organization

X

X

X

X

X

X

X

Add/Remove Members To/From Any Organization

X

Can Make Another User an Owner of Any Organization

X

Select Hardware Tiers Available to Members of the Organization

X

X

Note

About the Project Manager Role

When Project Managers are members of organizations, their role grants them owner-level access to all projects that are owned by other members of the organizations. This allows the Project Manager to see these projects and their assets in the Projects Portfolio and Assets Portfolio.

The Project Manager might also have the ability to add users to these organizations, thereby gaining contributor access to those users' projects. For this reason, Project Manager must be treated as a highly privileged role, similar to System Administrator.

Domino Data LabKnowledge BaseData Science BlogTraining
Copyright © 2022 Domino Data Lab. All rights reserved.