Data space roles and permissions
When you add members to a data space, you can assign them roles inside the space. Space roles are defined by a set of permissions on the data space, and the resources inside the space.
When you create a data space, you become the owner of the data space and all resources inside of that space. Space owners, tenant admins, and data admins can add members to the data space. Also, data space members who are granted the Can manage role can add other members to the space.
As data tasks operate in the context of the owner of the data project they belong to, the following roles are required:
-
The owner of a data project must have the Can edit role in the space where the data project resides. This allows the catalog to be updated with table metadata and ensures that storage (QVD) tasks in the data project can create data files in the space.
-
The owner of a data project must have the Can consume data, Can edit, or Can manage role in the spaces that contain:
-
Target data connections that are used in the data project.
-
Source data connections used in data tasks in the data project.
-
-
For any data task that uses data connections through Data Gateway - Data Movement, the owner of the data project must have the Can consume data, Can edit, or Can manage role in the space where the data gateway resides.
To create data connections to access data through Data Gateway - Data Movement, the following roles are required for the user who creates the data connection:
-
Can manage on the space where you create the data connection.
-
Can consume data, Can edit, or Can manage on the space where the data gateway resides.
Data space roles
Members of a data space can be assigned one or more of the following data space roles.
| Data space role | Summary |
|---|---|
| Is owner | This member can manage the space, all data projects, data tasks and data resources inside the space, and its members. |
| Can view | This member can view data projects, data tasks and data resources, but they cannot make changes. |
| Can view data | This member can view data in data tasks in the data space, for example, preview and samples of data. |
| Can consume data | This member can consume data from data tasks in the data space. |
| Can manage | This member can manage the space details and members. |
| Can operate | This member can view data projects, and data tasks with basic details and perform actions, such as run, stop, and resume. |
| Can edit | This member can view and edit data projects, and data tasks in this space, as well as create new data tasks. |
Permissions for members of the data space
The following tables outlines what specific permissions are granted to a data space member with a particular role.
Permissions on the data space
| Action | Is owner | Can view | Can consume data | Can manage | Can operate | Can edit |
|---|---|---|---|---|---|---|
| See data space in Data Integration home | Yes | Yes | Yes | Yes | Yes | Yes |
| Change space name, description, members, and roles | Yes | Yes | ||||
| Delete space | Yes | Yes |
Permissions on data projects
All permissions are granted on space level.
| Action | Is owner | Can view | Can consume data | Can manage | Can operate | Can edit |
|---|---|---|---|---|---|---|
| List data projects | Yes | Yes | Yes | Yes | Yes | Yes |
| Create project | Yes | Yes | ||||
| Update project | Yes | Yes | ||||
| Open project | Yes | Yes | Yes | Yes | ||
| Delete project | Yes | Yes | ||||
| Operate project | Yes | Yes |
Permissions on data tasks and data resources in the data space
All permissions are granted on space level.
| Action | Is owner | Can view | Can consume data | Can manage | Can operate | Can edit |
|---|---|---|---|---|---|---|
| Create data task | Yes | Yes | ||||
| List data tasks and information about tasks | Yes | Yes | Yes | Yes | Yes | Yes |
| Edit data task attribute | Yes | Yes | ||||
| Open data task | Yes | Yes | Yes | Yes | ||
| Update data task | Yes | Yes | ||||
| Delete data task | Yes | Yes | ||||
| Control data task (run, stop, resume, reload) | Yes | Yes | ||||
| List data resources (data connections) | Yes | Yes | Yes | Yes | Yes | Yes |
| Add data connection | Yes | Yes | ||||
| Edit data connection | See note below | |||||
| Delete data connection | Yes | Yes |
Permissions for users with security roles
The following tables outlines what specific permissions are granted to a user with a specific security role with regard to data spaces, data tasks and data resources in a data space.
Permissions on data spaces with security roles
| Action | Tenant admin | Data admin | Data space creator |
|---|---|---|---|
| Create data space | Yes | Yes | Yes |
| See data space in Data Integration home | Yes | Yes | |
| Change space name and description | Yes | Yes | |
| Delete space | Yes | Yes | |
| Change space owner | Yes | Yes |
Permissions on data projects with security roles
| Action | Tenant admin | Data admin |
|---|---|---|
| List data projects | Yes | Yes |
| Open project | Yes | Yes |
| Delete project | Yes | Yes |
| Change owner of project | Yes | Yes |
Permissions on data tasks and data resources with security roles
| Action | Tenant admin | Data admin |
|---|---|---|
| List data tasks and information about assets | Yes | Yes |
| Open data task | Yes | Yes |
| Delete data task | Yes | Yes |
| Change owner of data task | Yes | Yes |
| List data resources (data connections) | Yes | Yes |
| Delete data connection | Yes | Yes |
| Change owner of data connection | Yes | Yes |
| Change space of data connection | Yes | Yes |