Data Access Roles at Preset
In this article we will look at data access roles and how they operate in coordination with workspace roles and row level security to provide a wide range of access control in Preset.
Data access begins with workspace roles, which are broadly responsible for determining whether a user has restricted access or not.
Restricted access is configured using data access roles, which are used to configure either wide access coverage (e.g., all databases) or access to specific datasources.
Lastly, Preset's row level security feature enables organizations to achieve granular data control by configuring which data access roles can query & view data within datasets.
Let's have a closer look at how data access roles play an integral part in how access is managed.
At the highest level, data access is controlled at the workspace level. Within a workspace, a user's access permissions fall into one of four categories:
|Full Admin access||Workspace Admin|
|Full non-Admin access||Primary Contributor|
|Data access role-based access||Limited Contributor, Viewer, or Dashboard Viewer|
|No access||No access|
The roles of Workspace Admin, Primary Contributor, and No access are all fairly self-explanatory. The user has either admin access, full non-admin access, or no access whatsoever, respectively.
The three data access role-based options, however, enable organizations to access Preset's built-in functionality around role-based access permissions and, potentially, use row-level security to achieve granular control at the data-in-dataset level.
First, though, let's learn about workspace roles and the specific access they provide.
Workspace role definitions are as follows:
|Role||Feature Access||Data Access||Data Role Management|
|Limited Contributor||All, based on Data Access Role||Restricted||No|
|Viewer||Published Charts and Dashboards, based on Data Access Role||Restricted||No|
|Dashboard Viewer||Published Dashboards, based on Data Access Role||Restricted||No|
Data restriction (via data access roles) is possible for the following workspace roles:
This user role has access to all data within a workspace, but is subject to data restrictions as defined by a data access role. For example, a data scientist hired as a temporary employee for a project may only be able to build charts and dashboards from a specific database.
This user role only has access to visualizations (charts and dashboards) that are published, and is also subject to any defined data access role-based restrictions. For example, an external marketing agency may be given view access to published visualizations from a specified database schema.
This user role only has access to dashboards that are published, and is also subject to any defined data access role-based restrictions. For example, a potential business partner is given view access rights to a quarterly product sales dashboard used in a presentation by your company.
All of the roles above are assigned to specific users in Preset Manager on the Workspace Roles screen (see Give a User Access to a Workspace to learn more).
So, what are data access roles?
Data Access Roles
Data access roles work by creating a role in Preset, assigning user(s), and then assigning access to datasources for that role.
Levels of Data Access Coverage
- All database access
- All dataset access
- All query access
- Database Access: Databases defined on Sources / Databases.
- Schema Access: Schemas available on the Databases defined on Source / Databases.
- Dataset Access: Data set defined on Sources / Tables.
Data access roles are defined on the Edit Data Access Role screen (see Add a User to a Data Access Role to learn more).
Note that Workspace Admins are the only users that can create, modify, or delete a role.
Data Access Roles and Row Level Security
Preset supports more granular control over data access via row level security (RLS).
Please view our Row Level Security article to see an example of how RLS works in tandem with data access roles to provide granular access over data queries.