Data Access Roles at Preset
  • 03 Nov 2023
  • 3 Minutes to read
  • Dark
    Light

Data Access Roles at Preset

  • Dark
    Light

Article summary

Overview

In this article we will look at data access roles and how they operate in coordination with workspace roles and row level security to provide a wide range of access control in Preset.

Data access begins with workspace roles, which are broadly responsible for determining whether a user has restricted access or not.

Restricted access is configured using data access roles, which are used to configure either wide access coverage (e.g., all databases) or access to specific datasources.

Lastly, Preset's row level security feature enables organizations to achieve granular data control by configuring which data access roles can query & view data within datasets.

Let's have a closer look at how data access roles play an integral part in how access is managed.


Workspace Roles

Concept

At the highest level, data access is controlled at the workspace level. Within a workspace, a user's access permissions fall into one of four categories:

CategoryRole(s)
Full Admin accessWorkspace Admin
Full non-Admin accessPrimary Contributor
Data access role-based accessSecondary Contributor, Limited Contributor, Viewer, or Dashboard Viewer
No accessNo access

The roles of Workspace Admin, Primary Contributor, and No access are all fairly self-explanatory. The user has either admin access, full non-admin access, or no access whatsoever, respectively.

The three data access role-based options, however, enable organizations to access Preset's built-in functionality around role-based access permissions and, potentially, use row-level security to achieve granular control at the data-in-dataset level.

First, though, let's learn about workspace roles and the specific access they provide.

Role details

Workspace role definitions are as follows:

RoleFeature AccessData AccessData Role Management
Workspace AdminAllAllYes
Primary ContributorAllAllNo
Secondary ContributorLimitedbased on Data Access Role. Can create physical datasets.RestrictedNo
Limited ContributorLimited based on Data Access Role. Can only create virtual datasets.RestrictedNo
ViewerPublished Charts and Dashboards, based on Data Access RoleRestrictedNo
Dashboard ViewerPublished Dashboards, based on Data Access RoleRestrictedNo
No AccessNoneNoneNo

Further details about which functionalities are available to each Workspace Role can be found on this article

Data restriction (via data access roles) is possible for the following workspace roles:

Secondary Contributor

Secondary Contributorshave access to all data within a workspace, but is subject to data restrictions as defined by a data access role. This role grants data access restricted dataset write access to the users. For example, they can create physical datasets from databases or schemas they have access to, they can edit datasets if they are the owner, they can create and manage alerts/reports, and they can upload CSVs if CSV upload is enabled the database they have access to. 

Limited Contributor
Similar to the Secondary Contributor, this user role has access to all data within a workspace, but is subject to data restrictions as defined by a data access role. Limited Contributors can't create physical datasets from databases and schemas, and they can't upload CSVs to databases. However, they can create virtual datasets and charts/dashboards using the data they have access to. 

Viewer
This user role only has access to visualizations (charts and dashboards) that are published, and is also subject to any defined data access role-based restrictions. For example, an external marketing agency may be given view access to published visualizations from a specified dataset. 

Dashboard Viewer
This user role only has access to dashboards that are published, and is also subject to any defined data access role-based restrictions. For example, a potential business partner is given view access rights to a quarterly product sales dashboard used in a presentation by your company.

All of the roles above are assigned to specific users in Preset Manager on the Workspace Roles screen (see Give a User Access to a Workspace to learn more).

So, what are data access roles?


Data Access Roles

Data access roles work by creating a role in Preset, assigning user(s), and then assigning access to datasources for that role.

Levels of Data Access Coverage

Wide Access

  • All database access
  • All dataset access
  • All query access

Specific Datasources

For more granular data access, Workspace Admins can manage what users can use when creating charts or see when viewing dashboards and charts.

  • Database Access: Databases defined on Sources / Databases, used for Secondary Contributors, Limited Contributors, Viewers, and Dashboard Viewers.
  • Schema Access: Schemas available on the Databases defined on Source / Databases used forSecondary Contributors, Limited Contributors, Viewers, and Dashboard Viewers.
  • Dataset Access: Dataset defined on Sources / Tables, used forSecondary Contributors, Limited Contributors, Viewers and Dashboard Viewers.

Data access roles are defined on the Edit Data Access Role screen (see Add a User to a Data Access Role to learn more).

Note that Workspace Admins are the only users that can create, modify, or delete a role.

Select_DAR_Permissions




Was this article helpful?