Skip to main content
In , the Roles tab (Settings > Roles) displays a table of all roles that are defined in the application, along with a link to all users who can assume each role. Roles enable you to restrict users to performing only certain actions on certain resources. The roles that are assigned to users affect everything that they see in , including but not limited to the following components: Every installation of includes four predefined roles: These roles are global roles that cannot be edited or deleted. They apply to all resources. However, you can define custom roles that limit each user’s permissions. Custom roles are made up of policies, which provide the most granular control over exactly what users can see or do in . An individual user can be assigned to a maximum of five roles, and each role can include up to ten policies. Custom roles also identify which resources users can see and interact with.

Predefined Roles

The following sections describe each predefined role and what permissions are assigned to each role.

Admin Role

The Admin role provides full control over the application. An Admin user can create new jobs and connections, change application settings, and perform every other operation supported by the console. Only Admin users have permission to manage other users. Admin users can create, delete, and modify users. In addition, only admin users can view the Audit log, which records changes that are made within the application (by any user).

Standard Role

The Standard role allows users to create, edit, and delete jobs and connections, but it does not allow for changing application-wide settings like those that appear on the Settings tab.

Job Creator Role

The Job Creator role allows users to create, edit, and delete jobs and transformations, but it does not allow access to connections and does not allow for changing application-wide settings.

Job Operator Role

The Job Operator role is a Read-only role that enables users to start and stop jobs, view job history, and download job logs. However, these users cannot create new jobs, delete jobs, or change application settings.

Custom Roles

Custom roles give you more granular control over what each user can see or do in the application. You define custom roles by creating policies, which specify the exact permissions assigned to members of that role. You can assign an individual user to a maximum of ten roles, and each role can include up to ten policies.

Creating Custom Roles and Policies

To create a custom role:
  1. Select Settings > Roles.
  2. Click Add Role. Enter a meaningful name and description for the role. Then, click Add Role again to open the policy page for your new role.
  3. Click Add Policy to open the Add Policy dialog box.
  4. Select the workspace to which you want the policy to apply. The policy also grants the users access to all resources that are contained within the selected workspace.
  5. Click Add Policy to open the Policy X for WorkspaceName page (where X is the policy number). This page lists a set of permissions for each resource type: jobs, transformations, and connections.
  6. In each Permissions section, select the allowed actions (for example, Create, Update, or Schedule) and the resources to which those actions apply.
    Read permission is granted automatically for all resources in a workspace. When you access a workspace, you can always view all of its resources because Read permission is not inherited from the workspace.
  7. Click Save (top right of the page) to save the selected permissions and return to the Role details page.
After you configure all permissions and are returned to the Roles page, you can click the name of any role to open its summary. The summary page includes two tabs: Policies and Assigned Users.
  • Policies tab: Edit existing policies or add a new policy by clicking Add Policy at the bottom of the page.
  • Assign Users tab: Assign users to the role. See the next section, Assigning Users to a Custom Role for detailed steps.
To return to the Roles page from the summary page, click Roles at the top left of the page.

Assigning Users to a Custom Role

From the Role summary page, you can assign users to that role, as follows:
  1. Click the Assigned Users tab.
  2. Click Assign User to open a dialog box where you can search for or select users to assign.
  3. Click Assign User in the dialog box to add the selected users to the role. You are then returned to the Assigned Users tab.
    Users that are assigned to the Admin role cannot be assigned to other roles.

Role and Policy Example

The following example shows how to define custom roles and policies for different team responsibilities in . A company manages several data-integration projects in , with each project organized into its own workspace. A group of project managers and project analysts share responsibilities for these projects:
  • Project managers—Create, run, and modify jobs.
  • Project analysts—Analyze job results and performance metrics without making changes.
To manage access, you can define two custom roles and attach policies to each that specify the actions each role can perform within a workspace. Create the roles and associated policies based on the steps outlined in Creating Custom Roles and Policies. ProjectManager:
  1. Create a custom role called ProjectManager.
  2. Select the workspace to which you want the ProjectManager role to apply.
  3. Create a policy and define the permissions that should be granted to the role. For example, on the Policy X for WorkspaceName page (where X is the policy number), specify the permissions that the project manager needs. This role needs permissions for all actions in the following categories:
    • Job Permissions
    • Transformations Permissions
    • Connections Permissions
  4. Save the policy. Then assign the appropriate users to the role.
ProjectAnalyst:
  1. Create a custom role called ProjectAnalyst.
  2. Select the workspace to which you want the ProjectAnalyst role to apply.
  3. Create a policy and define the permissions that should be granted to the role. For example, on the Policy X for WorkspaceName page (where X is the policy number), specify the permissions that the project analyst needs. This role only needs View Logs permission in the following categories:
    • Job Permissions
    • Transformations Permissions
  4. Save the policy. Then assign the appropriate users to the role.
By defining these roles and attaching specific policies, you ensure that each user can access only those actions that are required for their responsibilities.

User Roles Comparison

The following list shows which actions each user role can perform:
  • View connections, jobs, and transformations: All roles (Admin, Standard, Job Creator, Job Operator)
  • View application and job-execution logs: All roles (Admin, Standard, Job Creator, Job Operator)
  • Execute jobs and transformations: All roles (Admin, Standard, Job Creator, Job Operator)
  • Manage jobs and transformations: Admin, Standard, Job Creator
  • Manage connections: Admin, Standard
  • Install new connectors: Admin
  • Manage users: Admin
  • Change application settings: Admin
  • View Audit logs: Admin