Data Access Roles at Preset
  • 22 Jun 2022
  • 3 Minutes to read
  • Contributors
  • Dark
    Light
  • PDF

Data Access Roles at Preset

  • Dark
    Light
  • PDF

Overview

In this article we will look at data access roles and how they operate in coordination with workspace roles and row level security to provide a wide range of access control in Preset.

Data access begins with workspace roles, which are broadly responsible for determining whether a user has restricted access or not.

Restricted access is configured using data access roles, which are used to configure either wide access coverage (e.g., all databases) or access to specific datasources.

Lastly, Preset's row level security feature enables organizations to achieve granular data control by configuring which data access roles can query & view data within datasets.

Let's have a closer look at how data access roles play an integral part in how access is managed.


Workspace Roles

Concept

At the highest level, data access is controlled at the workspace level. Within a workspace, a user's access permissions fall into one of four categories:

Category Role(s)
Full Admin access Workspace Admin
Full non-Admin access Primary Contributor
Data access role-based access Limited Contributor, Viewer, or Dashboard Viewer
No access No access

The roles of Workspace Admin, Primary Contributor, and No access are all fairly self-explanatory. The user has either admin access, full non-admin access, or no access whatsoever, respectively.

The three data access role-based options, however, enable organizations to access Preset's built-in functionality around role-based access permissions and, potentially, use row-level security to achieve granular control at the data-in-dataset level.

First, though, let's learn about workspace roles and the specific access they provide.

Role details

Workspace role definitions are as follows:

Role Feature Access Data Access Data Role Management
Workspace Admin All All Yes
Primary Contributor All All No
Limited Contributor All, based on Data Access Role Restricted No
Viewer Published Charts and Dashboards, based on Data Access Role Restricted No
Dashboard Viewer Published Dashboards, based on Data Access Role Restricted No
No Access None None No

Data restriction (via data access roles) is possible for the following workspace roles:

Limited Contributor
This user role has access to all data within a workspace, but is subject to data restrictions as defined by a data access role. For example, a data scientist hired as a temporary employee for a project may only be able to build charts and dashboards from a specific database.

Viewer
This user role only has access to visualizations (charts and dashboards) that are published, and is also subject to any defined data access role-based restrictions. For example, an external marketing agency may be given view access to published visualizations from a specified database schema.

Dashboard Viewer
This user role only has access to dashboards that are published, and is also subject to any defined data access role-based restrictions. For example, a potential business partner is given view access rights to a quarterly product sales dashboard used in a presentation by your company.

All of the roles above are assigned to specific users in Preset Manager on the Workspace Roles screen (see Give a User Access to a Workspace to learn more).

So, what are data access roles?


Data Access Roles

Data access roles work by creating a role in Preset, assigning user(s), and then assigning access to datasources for that role.

Levels of Data Access Coverage

Wide Access

  • All database access
  • All dataset access
  • All query access

Specific Datasources

  • Database Access: Databases defined on Sources / Databases.
  • Schema Access: Schemas available on the Databases defined on Source / Databases.
  • Dataset Access: Data set defined on Sources / Tables.

Data access roles are defined on the Edit Data Access Role screen (see Add a User to a Data Access Role to learn more).

Note that Workspace Admins are the only users that can create, modify, or delete a role.

Select_DAR_Permissions


Data Access Roles and Row Level Security

Preset supports more granular control over data access via row level security (RLS).

Please view our Row Level Security article to see an example of how RLS works in tandem with data access roles to provide granular access over data queries.


Was this article helpful?