Permissions, Users, and Teams
Permissions in Ascend
Ascend uses a whitelist approach when determining permissions for users and are specific to each Data Service. Users are not shared across data services and is not globally managed. This allows for greater security and gives you the ability to silo Data Services.
There are seven available permissions throughout Ascend. A user can have one or more of the below permissions:
- Site Admin: Allows a user full access to all aspects of Ascend.
- Data Ops Admin: Allow a user to view any Data Service, Dataflow, and any logs and notifications. The Data Ops Admin also has the ability to refresh, pause/unpause, and reset errors for the components within a Dataflow.
- Data Admin: Allows a user to access the Data Service, see all the data Dataflows, and make any changes. This role can create and manage Data Services, Data Service connections, Dataflows, and any components within a Dataflow.
- User Admin: Allows a user to manage users, teams, and permissions within the Data Service and the Dataflows.
- Super Admin: Allows the user both Data Admin and User Admin permissions.
- Read Only: Allows a user to access the Data Service and see all data within Dataflows, but not make any changes.
- Member: Allows a user to have full view a Data Service and a restricted view of Observe.
Users can have multiple roles for multiple Data Services and Dataflows. For example, a user may be a Data Admin for a specific Data Service, but only a Data Ops Admin for a different Data Service.
For more details, see the permission matrix below.
Site Level Access
Site Level Access refers to the configuration and management of your Ascend account and generally requires Site Admin permissions. Read Only and Data Ops Admin have View access.
| Member | Read Only (Data Restricted) | Read Only | Operator | User Admin | Data Ops Admin | Super Admin | Data Admin | Site Admin | |
|---|---|---|---|---|---|---|---|---|---|
| Site Admin | |||||||||
| Edit | ✅ | ||||||||
| View | ✅ | ||||||||
| Site Connections | |||||||||
| Create/Delete | ✅ | ||||||||
| Update | ✅ | ||||||||
| View | ✅ | ||||||||
| Site Credentials | |||||||||
| Create/Delete | ✅ | ||||||||
| Update | ✅ | ||||||||
| View | ✅ | ||||||||
| Docker | |||||||||
| Create | ✅ | ||||||||
| View | ✅ | ||||||||
| Configure | ✅ | ||||||||
| View | ✅ | ✅ | ✅ | ✅ | ✅ |
Data Service Access
Data Service Access refers to the creation and management of Data Services. Members are the most restricted
and can only View Data Services.
| Read Only (Data Restricted) | Member | Read Only (Data Restricted) | Read Only | Operator | User Admin | Data Ops Admin | Super Admin | Data Admin | Site Admin |
|---|---|---|---|---|---|---|---|---|---|
| Data Service | |||||||||
| Create/Delete | ✅ | ||||||||
| Update | ✅ | ||||||||
| View | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | |
| Data Service Connections | |||||||||
| Create/Delete | ✅ | ✅ | ✅ | ||||||
| Update | ✅ | ✅ | ✅ | ||||||
| View | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ||
| Data Service Credentials | |||||||||
| Create/Delete | ✅ | ✅ | ✅ | ||||||
| Update | ✅ | ✅ | ✅ | ||||||
| View | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ||
| Data Service Members | |||||||||
| Create/Delete | ✅ | ✅ | ✅ | ||||||
| Update | ✅ | ✅ | ✅ | ||||||
| View | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | |
| Data Service Teams | |||||||||
| Create/Delete | ✅ | ✅ | ✅ | ||||||
| Update | ✅ | ✅ | ✅ | ||||||
| View | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | |
| Data Service (Service Account) | |||||||||
| Create/Delete | ✅ | ✅ | ✅ | ||||||
| Update | ✅ | ✅ | ✅ | ||||||
| View | ✅ | ✅ | ✅ | ✅ | ✅ | ||||
| Data Service Query | |||||||||
| Create | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | |||
| View | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | |||
| Manage | ✅ | ✅ | ✅ |
Dataflow and Components Access
For Dataflow and components access, the Data Admin, Super Admin, and Site Admin have the greatest amount of access.
| Member | Read Only (Data Restricted) | Read Only | Operator | User Admin | Data Ops Admin | Super Admin | Data Admin | Site Admin | |
|---|---|---|---|---|---|---|---|---|---|
| Dataflow | |||||||||
| Create/Delete | ✅ | ✅ | ✅ | ||||||
| Update | ✅ | ✅ | ✅ | ||||||
| View | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ||
| Components | |||||||||
| Reset Errors | ✅ | ✅ | ✅ | ✅ | ✅ | ||||
| Refresh | ✅ | ✅ | ✅ | ✅ | ✅ | ||||
| Un/Pause | ✅ | ✅ | ✅ | ✅ | ✅ | ||||
| Create | ✅ | ✅ | ✅ | ||||||
| Records Tab | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | |||
| Partitions Tab | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | |||
| Debug Tab | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | |||
| View | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
Logs, Notifications, and Observe Access
Logs, notifications, and Observe access is primarily allowed with the Data Ops Admin role or greater. The only role with full access to Observe is Site Admin.
| Member | Read Only (Data Restricted) | Read Only | Operator | User Admin | Data Ops Admin | Super Admin | Data Admin | Site Admin | |
|---|---|---|---|---|---|---|---|---|---|
| Logs | |||||||||
| View | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | |||
| Data Service Notifications | |||||||||
| Create/Delete | ✅ | ✅ | ✅ | ✅ | |||||
| Update | ✅ | ✅ | ✅ | ✅ | |||||
| View | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | |||
| Observe | |||||||||
| View Full | ✅ | ||||||||
| View Restricted | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
Questions?
We're always happy to help with any other questions you might have! Send us an email, ping us on Slack, or chat with us to your right 👉.
Updated 10 months ago