Access Control for Teams and Projects
When a team or project is created, the Team/Project Admin role is assigned to the user who created it. Other Team/Project Admins can be assigned later but there must always be at least one user assigned as Admin for the team or project. Team and project administrators then decide what level of access other users are granted per-team or per-project.
Project Access Levels
Users who are explicitly added to a project are referred to as project collaborators. Project collaborators can be assigned one of the following levels of access:
- Viewer - Read-only access to code, data, and results.
- Operator - Read-only access to code, data, and results. Additionally, Operators can start and stop existing jobs in the projects that they have access to.
- Contributor - Can view, edit, create, and delete files and environmental variables, run sessions/experiments/jobs/models and execute code in running jobs. Additionally, Contributors can set the default engine for the project.
- Admin - Has complete access to all aspects of the project. This includes the ability to add new collaborators, and delete the entire project.
Team Access Levels
Users who are explicitly added to a team are referred to as team members. Team members can be assigned one of the following levels of access:
- Viewer - Read-only access to team projects. Cannot create new projects within the team but can be added to existing ones.
- Operator - Read-only access to team projects. Cannot create new projects within the team but can be added to existing ones. Additionally, Operators can start and stop existing jobs in the projects that they have access to.
- Contributor - Write-level access to all team projects to all team projects with Team or Public visibility. Can create new projects within the team. They can also be added to existing team projects.
- Admin - Has complete access to all team projects, can add new team members, and modify team account information.
Project Visibility Levels
Projects can be created either in your personal context, or in a team context. Furthermore, projects can be created with one of the following visibility levels:
- Private - Private projects can be created either in your personal context, or in a team context. They can only be accessed by project collaborators.
- Team - Team projects can only be created in a team context. They can be viewed by all members of the team.
- Public - Public projects can be created either in your personal context, or in a team context. They can be viewed by all authenticated Cloudera Data Science Workbench users.
It is important to remember that irrespective of the visibility level of the project, site administrators will always have complete Admin-level access to all projects on Cloudera Data Science Workbench. Additionally, depending on the visibility level of the project, and the context in which it was created, a few other users/team members might also have Contributor or Admin-level access to your project by default.
Use the following table to find out who might have default access to your projects on Cloudera Data Science Workbench.
| Project Visibility | Access Levels for Cloudera Data Science Workbench Users | 
|---|---|
| Private Visibility | Private Projects Created in Personal Context The following user roles will have access to private projects in your personal context: 
                              Admin Access
                               
 
                              Contributor Access
                               
 
                              Operator Access
                               
 
                              Viewer Access
                               
 | 
| Private Projects Created in a Team Context For private projects created within a team context, project-level permissions granted by Project Admins will take precedence over team-level permissions. The only exception to this rule are users who are Team Admins. Team Admins will always have Admin-level access to all projects within their team context, irrespective of the access level granted to them per-project. The following user roles will have access to private projects created within a team context: 
                              Admin Access
                               
 
                              Contributor Access
                               
 
                              Operator Access
                               
 
                              Viewer Access
                               
 | |
| Team Visibility | Team Projects Projects with Team visibility can only be created in a team context. For team projects, both team access levels and project access levels must be taken into consideration to determine who has access to these projects. 
                              Points to note:
                               
 The following user roles will have access to team projects on Cloudera Data Science Workbench: 
                              Admin Access
                               
 
                              Contributor Access
                               
 
                              Operator Access
                               
 
                              Viewer Access
                               
 | 
| Public Visibility | Public Projects Created in Personal Context The following user roles will have access to public projects on Cloudera Data Science Workbench: 
                              Admin Access
                               
 
                              Contributor Access
                               
 
                              Operator Access
                               
 
                              Viewer Access
                               
 | 
| Public Projects Created in a Team Context The following user roles will have access to public projects created in team contexts: 
                              Admin Access
                               
 
                              Contributor Access
                               
 
                              Operator Access
                               
 
                              Viewer Access
                               
 | 
