Setting role privileges

Role privileges are separate components of the RBAC system. They define the level of dataset access that this role is allowed to grant to the members of the specified role row.

Follow these steps to add role privileges to the role Test Role 1:

  1. Add another privilege, by clicking the Add Privilege button.
  2. The Add Privilege modal window appears.
  3. Notice that the default privilege type is at the Connection level, but can be changed by selecting Role or Dataset from the list of Component Types.
  4. In the Add Privilege modal window, under Component Type, select Role.
  5. From Roles(s), select either Visual Consumer, a role we defined previously.
  6. [Optional] Repeat the previous step to add more roles to this privilege. We are not doing this here.
  7. [Optional] To remove a specific role, click the (x) icon next to the name of the role.
  8. After selecting the appropriate roles, click Create.
  9. The Role privilege for the Visual Consumer role appears on the list of privileges.

    By default, it contains all possible privileges for a role component:

    • Grant manage dataset
    • Grant manage dashboards
    • Grant view dashboards

    Note the following:

    1. The privilege type appears with the Roles icon.
    2. The Grant view dashboards permission is mandatory if the other permissions exist, and cannot be removed.

      However, if you uncheck both Grant manage dashboards and Grant manage dataset, then the Grant view dashboards permission becomes mutable and can be unselected.

    3. The Grant manage dashboards permission is mandatory if Grant manage dataset permission is, and cannot be removed.

      If you uncheck Grant manage dataset, it becomes mutable and can be unselected.

    4. This privilege may be deleted by clicking the Delete icon.
  10. For the role permission on Visual Consumer, select only the Grant view dashboards permission.
  11. Repeat the earlier steps twice more, creating the following privileges:
    • On role Analyst, specify the Grant manage dashboards and Grant view dashboards permissions.
    • On role Data Admin, specify all permissions: Grant manage dataset, Grant manage dashboards, and Grant view dashboards.
  12. Click Save at the top of the interface to save your progress.

Note the following:

  • The members that get this role, defined under the Members tab, can grant dataset access defined by the role-based privilege rows.
  • The selections in the rows indicate the level of privilages that each role, as defined on the Component line, receives. For example, Analysts can grant Manage and View privilages to users.
  • The dataset access permissions are granted to the roles defined on the component line.

Next, proceed to Setting connection privileges.