Skip to main content
Skip table of contents

Roles: Creation and assignment

Latest changes

  • Version 2025.1.0

    • UI profiles have been added to Roles. At this time, UI profiles are 1:1 with roles and can be assigned at creation or with an update to a role. The built-in roles are given their own profiles at the start.

    • The navigation links for most list pages will be shown or hidden according to the UI profiles a user has. As an example, a user with the “devops” role and UI profile will be able to see the Data top menu and all submenus, a few of the data-related reports, and the Operations page, but would not be able to see any Compliance pages without additional UI profiles.

Getting started

The illustration below shows that user accounts get grouped into Access Groups, which are then assigned various Roles that ultimately control which data objects each group can see or work with—a high-level snapshot of how user provisioning and permissions flow.

Viewing roles

Navigate to the Admin > Roles tab to see a list of DCT’s default roles. Each role has its selection of permissions, such as Read VDB, Delete Bookmarks, Modify dSources, etc. Select View on any role to see its permissions.

On the left-hand side is a description, the Access Groups the role is currently a part of, and any assigned tags. On the right-hand side is the complete list of permissions. For example, view the “devops” role to see Manage Tags and Read permissions on the CDBs objects. These various permissions make up the role’s identity. 

DCT’s default roles are immutable.

Creating a role

To create a role, navigate back to the Admin > Roles tab and select the +Role button. Give the role a custom name, sample description, and add all the permissions desired. In the example below, the VDBs section is expanded with the arrow and the Read, Refresh, and Manage Tags permissions are selected. If you want to select the entire section, use the checkbox for the section instead of expanding it with the arrow.

Confirm your selection and click Create. You can modify your permissions further on the next page.

image-20250123-195055.png

Role assignment

Roles, by themselves, provide no access. You must first assign them to an Access Group and a set of objects before their permissions are applied to an account.

Navigate back to the Admin > Access Groups tab and view your previously created Access Group. Select the Roles subtab and then click to Edit.

Now you can assign default Roles, such as “devops”, or a newly created one. Role assignment is also possible during Access Group creation. On Save, your Access Group might look like the following.

Immediately on assignment, all users within the Access Group will now have the permissions assigned to them through these roles. If you are logged in as an admin, you must log in as a test account user to see the effects. Admin users have full access to every object on DCT.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.