Roles
A role is a set of privileges to perform certain operations.
Each user account and service account has the roles directly associated with it plus those of the groups to which it belongs. For example, if an account has the Internal role and is part of a group with the Advanced role, it has both roles.
Roles are of two types: basic and add-on. Every account must have at least one basic role.
Info
The owner of an object has full power over it, regardless of its roles. On objects shared with it (projects, runtimes), the account has the privileges granted by the sharer.
The following tables lists the privileges associated with each role.
Basic roles
| Role → Privilege ↓ |
Internal | Advanced | Admin | Owner |
|---|---|---|---|---|
| Create projects | ⬤ | ⬤ | ⬤ | ⬤ |
| See account names in the UI (owners, publishers, etc.) | ⬤1 | ⬤ | ⬤ | ⬤ |
| View and export public workflows | ⬤ | ⬤ | ⬤ | ⬤ |
| Publish and unpublish public workflows in public runtimes | ⬤ | ⬤ | ⬤ | ⬤ |
| Test public workflows published in public runtimes | ⬤ | ⬤ | ⬤ | ⬤ |
| List and download public models | ⬤ | ⬤ | ⬤ | ⬤ |
| View public runtimes | ⬤ | ⬤ | ⬤ | ⬤ |
| Create, export, edit and delete private runtimes | ⬤ | ⬤ | ⬤ | ⬤ |
| Create, edit and delete accounts | ⬤2 | ⬤ | ||
| Create, edit and delete groups | ⬤3 | ⬤ | ||
| Create custom components | ⬤ | ⬤ | ⬤ | ⬤ |
| Download the custom component manifest | ⬤ | ⬤ | ⬤ | ⬤ |
| Delete custom components | ⬤ | |||
| View labels | ⬤ | ⬤ | ⬤ | ⬤ |
| View details of software services and their versions in the about panel | ⬤ |
Add-on roles
| Role → Privilege ↓ |
Public Workspace Manager | Data Owner |
|---|---|---|
| Create, edit and delete public workflows | ⬤ | ⬤ |
| Change the owner of a public workflow | ⬤ | ⬤ |
| Create, edit and delete public models | ⬤ | ⬤ |
| Create public runtimes | ⬤ | ⬤ |
| Modify the properties of a public runtime | ⬤ | ⬤ |
| Regenerate the connection token of a public runtime | ⬤ | ⬤ |
| Make a public runtime private | ⬤ | ⬤ |
| Create, edit and delete public API keys | ⬤ | ⬤ |
| Create, edit and delete labels | ⬤ | ⬤ |
| View other people's objects | ⬤ |
-
Limited to the members of groups with only the Internal role the account belongs to. For example, if an account belongs to group TEAM A, whose only basic role is Internal, he will see only the names of other members of the same group. For other accounts he will see User not found. ↩
-
Limited to accounts with Internal or Advanced roles. ↩
-
Limited to groups with Internal or Advanced roles. ↩