Skip to main content
Skip table of contents

Roles: Creation and assignment

Role Investigation and Creation 

Navigate to the Admin > Roles tab. Here we see a list of DCT’s default Roles. Each role has its selection of Permissions, such as Read VDB, Delete Bookmarks, Modify dSources, etc. Select “View” on the “devops” role to see its permissions.

On the left-hand side, you can see a description, the Access Groups it’s currently a part of, and any assigned Tags. On the right-hand side, is the complete list of permissions. For example, you can see here that the “devops” role has “Manage Tags” and “Read” permissions on the CDBs objects. These various permissions make up the Role’s identity. 

DCT’s default roles are immutable.

Role Creation 

Now we understand what it’s composed of, let’s create one. Navigate back to the Admin > Roles tab and select the “+ Role” button. Give the Role a custom name, sample description, and add all the permissions you want. In my simple example, I gave it the “VDBs  > Read, Refresh, and Manage Tags” permissions. If you need to grant permission for the entire category, select the header checkbox, such as “Access Groups” or “Bookmarks”. If you only want a portion of that Object group, then click the little arrow icon to open up the complete set of options and select the targeted permissions. 

Once happy with your selection, click “Create”. You can modify your Permissions further on the presented page.

Role Assignment

Roles, by themselves, provide no access. You must first assign them to an Access Group and a set of Objects before their permissions are applied to an Account. Let’s do the first part now. Navigate back to the Admin > Access Groups tab and “View” your previously created Access Group. Select the “Roles” subtab and then “Edit” within the Roles widget. 

Now you can assign default Roles, such as “devops”, and your newly created Role. You might recall that Role assignment was also possible during Access Group creation. On Save, your Access Group might look like the following.

Immediately on assignment, all users within the Access Group will now have the permissions assigned to them through these roles. (Since you are currently an Admin user, you must log in as your test Account user.) However, you might notice that this user has full access to every object on DCT. The following section will define the Role scoping modes and refine the Account Object access.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close