Role privileges are separate components of the Role Based Access Control (RBAC) system
in Data Visualization. They define the level of dataset access that a role is allowed to grant
to the members of a specified role.
The following steps demonstrate how to add role privileges to a role. In this example,
Test Role 1 is used.
Add another privilege by clicking the ADD PRIVILEGE
button.
The ADD PRIVILEGE modal window appears.
You can see that the default privilege type is at the Connection
level, but it can be changed by selecting Role or
Dataset from the list of Component
Types.
In the Add Privilege modal window, under Component
Type, select Role.
From Roles(s), select either Visual Consumer, a role that
was defined earlier.
You can repeat this step to add more roles to this privilege.
After selecting the appropriate roles, click CREATE.
The Role privilege for the Visual Consumer role appears on the list of
privileges.
By default, it contains all possible privileges for a role component:
Grant manage dataset
Grant manage dashboards
Grant view dashboards
Note the following:
The privilege type appears with the Roles icon.
The Grant view dashboards permission is mandatory if the other permissions
exist, and cannot be removed. If you uncheck both Grant manage dashboards and
Grant manage dataset, then the Grant view dashboards permission
becomes mutable and can be unselected.
The Grant manage dashboards permission is mandatory if Grant manage
dataset permission is, and cannot be removed. If you uncheck Grant manage
dataset, it becomes mutable and can be unselected.
This privilege may be deleted by clicking the Delete
icon.
For the role permission on Visual Consumer, select only the Grant view
dashboards permission.
Repeat the previous steps twice, creating the following privileges:
On role Analyst, specify the Grant manage dashboards and Grant view
dashboards permissions.
On role Data Admin, specify all permissions: Grant manage dataset,
Grant manage dashboards, and Grant view dashboards.
Click SAVE at the top of the interface to save the
updates.
The members that get this role, defined under the Members tab,
can grant dataset access defined by the role-based privilege rows.
The selections in the rows indicate the level of privilages that each role, as defined
on the Component line, receives. For example, Analysts can grant Manage and
View privilages to users.
The dataset access permissions are granted to the roles defined on the component
line.