Permissions, Users, and Teams

Permissions in Ascend

Ascend uses a whitelist approach when determining permissions for users and are specific to each Data Service. Users are not shared across data services and is not globally managed. This allows for greater security and gives you the ability to silo Data Services.

There are seven available permissions throughout Ascend. A user can have one or more of the below permissions:

  • Site Admin: Allows a user full access to all aspects of Ascend.
  • Data Ops Admin: Allow a user to view any Data Service, Dataflow, and any logs and notifications. The Data Ops Admin also has the ability to refresh, pause/unpause, and reset errors for the components within a Dataflow.
  • Data Admin: Allows a user to access the Data Service, see all the data Dataflows, and make any changes. This role can create and manage Data Services, Data Service connections, Dataflows, and any components within a Dataflow.
  • User Admin: Allows a user to manage users, teams, and permissions within the Data Service and the Dataflows.
  • Super Admin: Allows the user both Data Admin and User Admin permissions.
  • Read Only: Allows a user to access the Data Service and see all data within Dataflows, but not make any changes.
  • Member: Allows a user to have full view a Data Service and a restricted view of Observe.

Users can have multiple roles for multiple Data Services and Dataflows. For example, a user may be a Data Admin for a specific Data Service, but only a Data Ops Admin for a different Data Service.

For more details, see the permission matrix below.

Site Level Access

Site Level Access refers to the configuration and management of your Ascend account and generally requires Site Admin permissions. Read Only and Data Ops Admin have View access.

MemberRead Only (Data Restricted)Read OnlyOperatorUser AdminData Ops AdminSuper AdminData AdminSite Admin
Site Admin
Edit
View
Site Connections
Create/Delete
Update
View
Site Credentials
Create/Delete
Update
View
Docker
Create
View
Configure
View

Data Service Access

Data Service Access refers to the creation and management of Data Services. Members are the most restricted
and can only View Data Services.

Read Only (Data Restricted)MemberRead Only (Data Restricted)Read OnlyOperatorUser AdminData Ops AdminSuper AdminData AdminSite Admin
Data Service
Create/Delete
Update
View
Data Service Connections
Create/Delete
Update
View
Data Service Credentials
Create/Delete
Update
View
Data Service Members
Create/Delete
Update
View
Data Service Teams
Create/Delete
Update
View
Data Service (Service Account)
Create/Delete
Update
View
Data Service Query
Create
View
Manage

Dataflow and Components Access

For Dataflow and components access, the Data Admin, Super Admin, and Site Admin have the greatest amount of access.

MemberRead Only (Data Restricted)Read OnlyOperatorUser AdminData Ops AdminSuper AdminData AdminSite Admin
Dataflow
Create/Delete
Update
View
Components
Reset Errors
Refresh
Un/Pause
Create
Records Tab
Partitions Tab
Debug Tab
View

Logs, Notifications, and Observe Access

Logs, notifications, and Observe access is primarily allowed with the Data Ops Admin role or greater. The only role with full access to Observe is Site Admin.

MemberRead Only (Data Restricted)Read OnlyOperatorUser AdminData Ops AdminSuper AdminData AdminSite Admin
Logs
View
Data Service Notifications
Create/Delete
Update
View
Observe
View Full
View Restricted

Questions?

We're always happy to help with any other questions you might have! Send us an email, ping us on Slack, or chat with us to your right 👉.