Skip to main content

Planning user groups and their access levels

Danger

data.world University!

Check out our Managing User Groups video!

User groups can be assigned different levels of access to datasets and projects, and to the catalog. Also, different levels of permissions can be granted directly to individual resources. This section will help you plan the user groups for your organization.

Important

Note that ddw-catalog is a special system used dataset (available in all Enterprise organizations) and users and user groups who have Manage access to this dataset, automatically get authorized to manage the catalog resources of the organization.

group_access.png

For access to datasets and projects

  • You can create a user group and assign different access levels to all datasets and projects within the organization. This approach ensures that users in this group automatically inherit permission rules for any new dataset or project added to the organization.

  • You can also grant access directly from the individual resource to users, groups, or the organization. This method allows you to manage the permissions of the specific resource efficiently.

Note

Don't add users to any groups and give them direct access to a specific datasets and projects. This is not a recommended approach as it creates a maintenance overhead especially when you are managing large numbers of users and resources. Also, when someone leaves a company, it is much easier to remove the user from the various groups instead of going to each resource and revoking their access.

For access to catalog resources

  • Create user groups and assign them following level of access to all catalog resources in the organization. This way users in this group will automatically inherit access to any new catalog resources that are added to the organization.

  • You can also grant access to users, groups, or the organization directly from the individual catalog resource. This approach enables you to manage the permissions of the specific collection effectively.

    Important

    Note that when members are not given Edit or Manager access to catalog resources at the organization level and have access to specific collections only, they can only create the catalog resources from the Collections Details page and not from the Overview tab or the Resources or Glossary tab of the Organization Profile page.

Note

Don't add users to any groups and give them direct access to specific collections. This is not a recommended approach as it creates a maintenance overhead especially when you are managing large numbers of users and resources. Also, when someone leaves a company, it is much easier to remove the user from the various groups instead of going to each resource and revoking their access.

For more details about planning access control for collections, please see Planning collection & permissions for collections.

For managing organizations

A user group with the This group can manage organization settings, billing, and member groups access enabled will be able to manage organization settings available from the Settings tab of the Organization profile page, members and member groups from the Members tab.

Important

Users need to have Manage access to Datasets and projects to manage the Connection Manager configuration available in the Settings tab. And, users need to have Manage access to Catalog resources to manage the tasks for the configured connections.

How do permissions work when users belong to more than one group?

When you belong to multiple groups, we aggregate the permissions and the highest level of permissions are honored.

Table 16. A few examples to show you how permissions work

Configuration

Results

A user belongs to two groups:

  • Super admins group is given permission to administer users and settings of the organization.

  • All members group is not allowed to do the task.

Users in the Super admin group will be able to do the task as the highest level of access is honored.

A user belongs to two groups:

  • Sale group is set to not have access to the catalog resources.

  • All members group is allowed to view all catalog resources.

Users in the Sales group will still be able to view the catalog resources as the All members group has that permission.

  • User belongs to Marketing group that is set to not have access to Dataset and project in the organization.

  • You give the Marketing group Manage access to a specific dataset directly.

Users in the Marketing group will be able to manage that specific dataset.