System Rights

Access rights are configured in the "Roles" > "Access Rights" tab.

The rights are specified for each category of rights separately.

Tip

The rights can be assigned globally at any level (it will be considered the parent level) and overridden at a child level

System

System administration group of rights defines access to:

• «Libraries» section (can be overridden by the Libraries right);

• «Pipelines» section (can be overridden by the Pipelines right);

• «Audit Logs» section (can be overridden by the Audit Logs management right);

• «System Parameters» section (can be overridden by the System Parameters right);

• «Operations» section (can be overridden by the Operations right);

• Launching operations (can be overridden by the Operation Launch right, if the Operation right to view is enabled);

• Default columns to be used in the output:ref:search results tables <resultstable>.

• «Access Directory» section (can be overridden by the Access Directory right) for Enterprise Edition only.

Available types of rights. All: all available rights. Automatically enables rights to create, display, update and delete (if exists).

Data Model

Note

When setting up rights to the data model, read the Notes below

Model Administration group of rights defines access to:

1. Data quality model administration right defines access to the «Data Quality» section. Nested resources define access to:

   • "Simple mode" of creating rules (defined by resources: Categories, Rule Sets, Assignments, Quality Rules, Functions)

   • "Rules" tab (defined by resources: Categories, Quality Rules, Functions)

   • "Rule Sets" tab (defined by resources: Categories, Rules Sets, Quality Rules and Functions)

   • "Assignments" tab (defined by resources: Categories, Rule Sets, Assignments, Quality Rules, Functions)

   • "Functions" tab (defined by the Functions resource)

   • "Execution Phase" tab (defined by resources: Categories, Rule Sets, Assignments, Quality Rules, Functions)

   • "Quality Category" tab (defined by the Categories resource)

2. Matching model administration right determines access to editing matching rules.

3. Data model right defines access to:

   • «Data Model» section;

   • «Source Systems» section;

   • «Units» section;

   • «Enumerations» section;

   • «Import/Export» section.

4. Workflow model administration right defines access to the «Workflows» section.

5. Classifiers model administration right defines access to the «Classifiers» section (for Enterprise Edition only). It counts the rights granted in the "Classifiers" tab. In the list of classifiers, the user will have access only to those classifiers, to which access is granted.

   • Select All: aggregate rights to Read + Update

   • Read: defines access to the "Classifiers" section, as well as viewing meta-information, versions and nodes, and exporting classifiers.

   • Update: defines access to edit meta-information, versions and nodes, and importing classifiers. Creating a new classifier is available if top-level editing access is granted in the "Classifiers" tab.

Notes:

• The rights to tabs in the "Quality Rules" section are interrelated, so access to a particular bookmark is determined by several access rights at once.

• Necessary rights to create quality rules: Data model (read) and Data quality model administration (select all). If there are no rights Data model (read), then entities / reference sets will not be visible in the extended mode, except for existing assignments; in simple mode, entities / reference sets will not be visible.

• To edit the execution phases, you need the right to edit the "Data quality model administration" resource.

• To access the rule simple creation mode you need the rights to read and update the resource "Data quality model administration".

• To import the data quality model: the right to edit "Data quality model administration".

• To export the data quality model: the right to read "Data quality model administration".

Available types of rights:

• Select all: all available rights. Automatically enables rights to create, display, update and delete (if exists).

• Read: viewing existing objects (reading rights).

• Update: editing existing objects. Make sure than the "Read" right enabled.

Data

Data rights group configures access rights for each entity/reference set separately. You can also customize permissions for each attribute of the entity/reference set.

Available types of rights to entity/reference set:

• Select all: all available rights. Automatically enables rights to create, display, update and delete (if exists).

• Read: viewing existing objects (reading rights).

• Create: creating new objects. Make sure than the "Read" right enabled.

• Update: editing existing objects. Make sure than the "Read" right enabled.

• Delete: removing existing objects. Make sure than the "Read" right enabled.

Available types of rights to attributes:

• Select all: the totality of all available rights. Automatically enables the rights to create, view, modify and delete (if any).

• Read: View the attribute in the record card.

• Create: The ability to fill in an attribute for a new record that has not yet been published. Make sure that the right to View is enabled.

• Edit: The ability to edit an attribute for an entry that has already been published. The attribute for the new record cannot be filled in at the same time. This right also allows you to delete attribute values. Make sure that the right to View is enabled.

• Delete does not work for attributes.

Classifiers

Enterprise Edition

Classifiers rights group allows to configure access rights for each classifier separately.

Higher level rights (parent level "Classifiers"):

• Provides rights to all child elements. If read rights on the top level are selected, read rights are automatically added when creating a new classifier.

• Allow you to create and import new classifiers (if the Classifier Model Administration right is granted in the "Data Model" tab).

Child level rights (by classifier names):

• Select All: aggregate of Read + Update rights.

• Read: grants rights to select nodes of the classifier in the record card ("Classification" tab).

• Update: provides rights to edit and import the selected classifier, its versions and nodes (if the Classifier Model Administration access is provided in the "Data Model» tab).

Notes:

• Viewing and editing a classifier is available if you have Classifier Model Administration right to read + edit, and rights to a particular classifier (only rights to a particular classifier do not give you the ability to edit it).

• The read-only rights for specific classifiers without the Administer Classifier Model right allow you to see the information in the records in the "Classification" tab related only to the classifiers that you have access to, and to add/delete this information if you have the necessary rights to edit a record.

Security

Security subsystem administration group of rights defines access to:

• «Users» section (can be overridden by the Users right). The right to read does not give access to the Users section;

• «Roles» section (can be overridden by the Roles right provided that the reading of the right Security Labels is enabled).

• «Security Labels» section (can be overridden by the Security Labels right);

• Function "User substitution" in the "Users" section (can be overridden by the right User replacement management);

• «User Groups» section (can be overridden by the User Groups permission) Only for Enterprise Edition:

  • The right to read gives access to the "User Groups" section.

  • The right to edit gives access to creating groups, changing users in groups, adding roles to a group, and deleting a group. Groups that come from LDAP are not editable, but adding roles and users is available.

Available types of rights:

• Select all: all available rights. Automatically enables rights to create, display, update and delete (if exists).

• Read: viewing existing objects (reading rights).

• Update: editing existing objects. Make sure than the "Read" right enabled.

Workflow

Workflow group allows you to configure the rights to actions for each process separately. Every existing process has a list of rights:

• Working with processes ("Process" tab in the "Tasks" section);

• Working with tasks ("Tasks" tab in the "Tasks" section);

• Selecting task performer;

• Reassigning tasks;

• Editing comments and attachments;

Available types of rights. All: all available rights. Automatically enables rights to create, display, update and delete (if exists).

Record Management

Record Management group of rights defines access to:

• Disabling the limit on batch operations (overridden by the Disable bulk operations limit with records right); Cancels the data operator's limit on one-time processing of up to 30 records per operation.

• Record history in the record card (redefined by the Record history right);

• "Duplicates" section (can be overridden by the Duplicates right):

  • The All rights give access to working with the "Duplicates" section, as well as the ability to compare and merge duplicate records.

  • Access to duplicate records is regulated through the "Data" rights group.

• The item "Consolidation History" in the record card (redefined by the Consolidation history right).

The rights group user batch operations defines access to:

• Importing records;

• Exporting records;

• Modifications of records;

• Deleting records.

• In the absence of rights - appropriate actions ("Import", "Export", "Modification", "Deletion") will be inactive.

Available types of rights. All: all available rights. Automatically enables rights to create, display, update and delete (if exists).