Roles (deprecated)
Deprecated, see Access Control
Overview
Users and Access Tokens can be assigned to different roles that come with different sets of permissions.
Roles
Users and Access Tokens can be assigned to the following roles:
AdminEditorViewer
The API role is a legacy role that could be assigned to Access Tokens but that is no longer available for new Access Tokens. Existing tokens with the API role however still function.
Permissions
Each role comes with a given set of permissions on the various Sifflet objects. Unless specified, below matrix applies regardless of how you are trying to access the information (UI, API, CLI, etc.).
| Scope | Admin | Editor | Viewer |
|---|---|---|---|
| INTEGRATIONS | |||
| Secrets management (create, edit, delete) | ✅ | ❌ | ❌ |
| Integrations management (create, edit, delete, trigger run) | ✅ | ✅ | ❌ |
| Submit dbt metadata files and trigger the related datasource refresh (API only) | ✅ | ✅ | ❌ |
| Create declarative pipeline & edge lineage (API only) | ✅ | ❌ | ❌ |
| DATA CATALOG | |||
| Data catalog search | ✅ | ✅ | ✅ |
| Data assets (read) | ✅ | ✅ | ✅ |
| Data assets (edit - manual or through AI suggestions) | ✅ | ✅ | ❌ |
| Preview data | ✅ | ✅ | ❌ |
| MONITORS | |||
| Monitors (read)(overview, runs, details) | ✅ | ✅ | ✅ |
| Show failing rows | ✅ | ✅ | ❌ |
| Datapoint qualification on monitors' runs | ✅ | ✅ | ❌ |
| Monitors (create, edit, delete, trigger run) | ✅ | ✅ | ❌ |
| INCIDENTS | |||
| Incidents management (assignment, closing) | ✅ | ✅ | ❌ |
| SETTINGS | |||
| Business Glossary (read) | ✅ | ✅ | ✅ |
| Business Glossary (create, edit, delete) | ✅ | ✅ | ❌ |
| Tags (read) | ✅ | ✅ | ✅ |
| Tags (create, edit, delete) | ✅ | ✅ | ❌ |
| Domains (read, create, edit, delete) | ✅ | ❌ | ❌ |
| Users (read, create, edit, delete) | ✅ | ❌ | ❌ |
| Access Tokens (read, create, delete) | ✅ | ❌ | ❌ |
| SSO (read, create, edit, delete) | ✅ | ❌ | ❌ |
| Alert Destinations (read, create, edit, delete) | ✅ | ❌ | ❌ |
Updated 7 months ago