Roles

Introduction

A role is a set of privileges to perform certain operations.

Each user account and service account has the roles directly associated with it plus those of the groups to which it belongs. For example, if an account has the Internal role and is part of a group with the Advanced role, it has both roles.

Info

The owner of an object has full power over it, regardless of its roles. On objects shared with it (projects, runtimes), the account has the privileges granted by the sharer.

Installation with projects

Projects are a feature that can be installed or not.
If there are projects, roles are of two types: basic and add-on and every account must have at least one basic role.

The tables below list the privileges of the basic and add-on roles when there are projects.

Basic roles

Role → Privilege ↓	Internal	Advanced	Admin	Owner
Create projects	⬤	⬤	⬤	⬤
See account names in the UI (owners, publishers, etc.)	⬤¹	⬤	⬤	⬤
View and export public workflows	⬤	⬤	⬤	⬤
Publish and unpublish public workflows in public runtimes	⬤	⬤	⬤	⬤
Test public workflows published in public runtimes	⬤	⬤	⬤	⬤
List and download public models	⬤	⬤	⬤	⬤
View public runtimes	⬤	⬤	⬤	⬤
Create, export, edit and delete private runtimes	⬤	⬤	⬤	⬤
View public API keys	⬤	⬤	⬤	⬤
Create, edit and delete accounts			⬤²	⬤
Create, edit and delete groups			⬤³	⬤
Create custom components	⬤	⬤	⬤	⬤
Download the custom component manifest	⬤	⬤	⬤	⬤
Delete custom components				⬤
View labels	⬤	⬤	⬤	⬤
View details of software services and their versions in the about panel				⬤

Add-on roles

Role → Privilege ↓	Public Workspace Manager	Data Owner
Create, edit and delete public workflows	⬤	⬤
Change the owner of a public workflow	⬤	⬤
Create, edit and delete public models	⬤	⬤
Create public runtimes	⬤	⬤
Modify the properties of a public runtime	⬤	⬤
Regenerate the connection token of a public runtime	⬤	⬤
Make a public runtime private	⬤	⬤
Create, edit and delete public API keys	⬤	⬤
Create, edit and delete labels	⬤	⬤
View other people's objects		⬤

Installation without projects

Where projects are not enabled in the installation of EI-Flow, there are not add-on roles. Also the Internal role does not exist.

Every account must have at least one role.

The table below list the privileges of the roles.

Role → Privilege ↓	Advanced	Admin	Owner
View and export workflows	⬤	⬤	⬤
Create, edit and delete workflows	⬤	⬤	⬤
Publish and unpublish workflows in public runtimes	⬤	⬤	⬤
Test workflows published in public runtimes	⬤	⬤	⬤
Change the owner of a workflow			⬤
List and download models	⬤	⬤	⬤
Create, edit and delete models	⬤	⬤	⬤
View public runtimes	⬤	⬤	⬤
Create runtimes	⬤	⬤	⬤
Modify the properties of a public runtime	⬤	⬤	⬤
Regenerate the connection token of a public runtime	⬤	⬤	⬤
View API keys	⬤	⬤	⬤
Create, edit and delete API keys	⬤	⬤	⬤
View labels	⬤	⬤	⬤
Create, edit and delete labels	⬤	⬤	⬤
See account names in the UI (owners, publishers, etc.)	⬤	⬤	⬤
Create, export, edit and delete private runtimes	⬤	⬤	⬤
Create, edit and delete accounts		⬤⁴	⬤
Create, edit and delete groups		⬤⁵	⬤
Create custom components	⬤	⬤	⬤
Download the custom component manifest	⬤	⬤	⬤
Delete custom components			⬤
View details of software services and their versions in the about panel			⬤

Limited to the members of groups with only the Internal role the account belongs to. For example, if an account belongs to group TEAM A, whose only basic role is Internal, he will see only the names of other members of the same group. For other accounts he will see User not found. ↩
Limited to accounts with Internal or Advanced roles. ↩
Limited to groups with Internal or Advanced roles. ↩
Limited to accounts with Advanced roles. ↩
Limited to groups with Advanced roles. ↩