Roles Overview¶
Alation Cloud Service Applies to Alation Cloud Service instances of Alation
Customer Managed Applies to customer-managed instances of Alation
There are seven roles that can be assigned to users in the Alation Catalog:
Server Admin
Catalog Admin
Source Admin
Composer
Steward
Explorer (cloud-only)
Viewer
The Viewer role is the default role. All new users who sign up for an Alation account are automatically assigned the Viewer role. The Explorer role and license is available only on Alation Cloud Service deployments from Alation version 2023.1 on cloud-native architecture.
When the Viewer role is enforced (the default), the roles function in the following way:
Server Admins have access to all functionality including Admin Settings. The Server Admin role requires a Creator license.
Catalog Admins can create and edit Catalog objects; manage Data Sources as Data Source Admin; have access to group management, catalog customization, and Compose. No access to Admin Settings. The Catalog Admin role requires a Creator license.
Source Admins can create and edit documents, folders, and articles, edit fields on catalog pages, and use Compose. They can be assigned as Data Source Admins to data sources. They do not have access to group management, Catalog customization pages, or Admin Settings. The Source Admin role requires a Creator license.
Composers can create and edit documents, folders, and articles, edit fields on the catalog pages, and use Compose. They cannot be assigned as Data Source Admins. The Composer role requires a Creator license.
Stewards can create and edit documents and articles, edit folders, edit fields on the catalog pages, and access Compose. They cannot be assigned as Data Source Admins to data sources. The Steward role requires a Creator license.
Explorers (cloud-only) can use the catalog in much the same way as Viewers, but can also run query forms and use Alation Connected Sheets. The Explorer role requires an Explorer license.
Viewers can use the catalog in read-only mode. Viewers can search, view catalog objects that they are given access to, and use conversations. They cannot create new objects or edit fields. The Viewer role requires a Viewer license.
In releases prior to 2021.4, the Viewer role was not enforced by default. When the Viewer role is not enforced, the Alation roles function in the following way:
Server Admins have access to all functionality including Admin Settings.
Catalog Admins can create and edit Catalog objects; manage Data Sources as Data Source Admin; have access to group management, catalog customization, and Compose. No access to Admin Settings.
The Source Admin, Steward, Composer, Viewer roles all have the same level of permissions. Users with any of these roles can view catalog objects, edit fields, and use Compose.
Important
From version 2021.2, it is possible to give Catalog Admins and Source Admins permission to add new RDBMS data sources (data sources and virtual data sources) in Alation. This can be configured by a Server Admin with server-side access to the Alation application. See Enable Permission for Data Source Admin to Add Sources for more details.
Catalog and Source Admins cannot add BI or file system sources.
What Role Do I Have?¶
You can check your current role in your User Profile.
On the upper right, hover over the user avatar and in the menu that opens, click User Profile:
Your role will be displayed under your display name:
Access to Functionality By Role¶
Actions |
Server Admin |
Catalog Admin |
Steward, Composer, Source Admin |
Explorer |
Viewer |
|---|---|---|---|---|---|
USERS |
|||||
Manage users |
|
|
|
|
|
Assign roles |
|
|
|
|
|
Manage groups |
|
|
|
|
|
View and edit own User Profile |
|
|
|
|
|
SYSTEM |
|||||
Manage system settings |
|
|
|
|
|
Monitor tasks and user activity |
|
|
|
|
|
Use public APIs |
* |
* |
* |
* |
* |
CATALOG CUSTOMIZATION |
|||||
Create custom fields |
|
|
|
|
|
Edit object and custom templates |
|
|
|
|
|
Create and edit catalog sets |
|
|
|
|
|
Create, edit, and unpublish document hubs |
|
|
|
|
|
Create folders and glossaries |
|
|
|
|
|
Edit and delete folders and glossaries |
|
|
|
|
|
Modify folder and document permissions |
|
|
|
|
|
Add and remove documents from folders |
|
|
|
|
|
Create, edit, and delete documents |
|
|
|
|
|
View and generate suggested terms |
|
|
|
|
|
Manage Lexicon |
|
|
|
|
|
COMPOSE |
|||||
Access and use Compose |
|
|
|
|
|
CONNECTED SHEETS |
|||||
Access and use Connected Sheets |
|
|
|
|
|
CATALOG USAGE |
|||||
View homepage |
|
|
|
|
|
Use Catalog Browser |
|
|
|
|
|
Use Search |
|
|
|
|
|
Access Analytical Stewardship reports |
|
|
|
|
|
Upload data dictionaries |
|
|
|
|
|
Download data dictionaries |
|
|
|
|
|
Find and view permitted data sources and data objects |
|
|
|
|
|
Run table and column profiles when Dynamic Profiling is off |
|
|
|
|
|
Run table and column profiles when Dynamic Profiling is on |
|
|
|
|
|
Find and view BI server sources |
|
|
|
|
|
Find and view file system sources |
|
|
|
|
|
Find and view API resources functions |
|
|
|
|
|
Edit custom field values |
|
|
|
|
|
Find and view user and group profiles |
|
|
|
|
|
Apply data quality flags |
|
|
|
|
|
View articles |
|
|
|
|
|
Create new articles |
|
|
|
|
|
Edit articles when provided access |
|
|
|
|
|
Collaborate on articles as Reviewers |
|
|
|
|
|
Delete articles as authors |
|
|
|
|
|
View glossaries |
|
|
|
|
|
Add terms to glossaries |
|
|
|
|
|
View Catalog sets |
|
|
|
|
|
View Alation Help |
|
|
|
|
|
Star and watch Catalog objects |
|
|
|
|
|
Use Inbox and conversations |
|
|
|
|
|
Find and view queries on accessible data sources** |
|
|
|
|
|
Run query forms on accessible data sources** |
|
|
|
|
|
* Different Public APIs are available to different roles; see APIs by Roles for a complete listing.
** Starting in 2023.1, the ability to find, view, and run queries can be assigned to individuals and groups. See Share and Access Queries - 2023.1 and Later for details.
Access to Data Sources¶
Public data sources can be viewed by all users.
To view a private data source, you need to explicitly be given access.
Server Admins can view all sources (both public and private) and can give access to themselves and other users.
Although all users can view public data sources, only users assigned as Data Source Admins to a data source can access the settings of this data source.
Note
If the Viewer role is enforced, only admin-level users can function as Data Source Admins. If the Viewer role is not enforced, users with any role can be assigned as Data Source Admins.
When the Viewer role is enforced, Viewer users cannot run table or column profiles.
Access to Data Sources with the Viewer Role Enforced¶
Actions |
Server Admin |
Catalog Admin |
Source Admin |
Steward, Composer |
Viewer, Explorer |
|---|---|---|---|---|---|
View Catalog pages of data objects |
|
(only public data sources and data sources I have access to) |
(only public data sources and data sources I have access to) |
(only public data sources and data sources I have access to) |
(only public data sources and data sources I have access to) |
Add a data source |
|
** |
** |
|
|
Manage Sources page |
|
(only sources I manage as Data Source Admin) |
(only sources I manage as Data Source Admin) |
|
|
Give viewer access to a data source |
|
(only sources I manage as Data Source Admin) |
(only sources I manage as Data Source Admin) |
|
|
Give admin access to a data source |
|
(only sources I manage as Data Source Admin) |
(only sources I manage as Data Source Admin) |
|
|
Be added as Data Source Admin |
|
|
|
|
|
Comes up in search when adding a data source admin * |
|
|
|
(will not be able to access the settings) |
(will not be able to access the settings) |
Access and change data source settings |
|
(only sources I manage as Data Source Admin) |
(only sources I manage as Data Source Admin) |
|
|
Add and remove Stewards |
|
|
|
|
|
Be added as Steward |
|
|
|
|
|
* In V R7 and later releases, even though there is a possibility to add users with the Viewer, Composer, and Steward roles as Data Source Admins in the user interface, these users will not be able to access the data source settings. This only applies when the Viewer role is enforced.
** From 2021.2, the scope of the Source Admin and Catalog Admin roles can be extended by enabling the ability to add sources.
Access to Data Sources with the Viewer Role NOT Enforced¶
Actions |
Server Admin |
Catalog Admin |
Source Admin, Steward, Composer, Explorer, Viewer |
|---|---|---|---|
View Catalog pages of data objects |
|
(only public data sources and data sources I have access to) |
(only public data sources and data sources I have access to) |
Add a data source |
|
* |
* |
Manage Sources page |
|
(only sources I manage as Data Source Admin) |
(only sources I manage as Data Source Admin) |
Give Viewer access to a data source |
|
(only sources I manage as Data Source Admin) |
(only sources I manage as Data Source Admin) |
Give Admin access to a data source |
|
(only sources I manage as Data Source Admin) |
(only sources I manage as Data Source Admin) |
Be added as Data Source Admin |
|
|
|
Comes up in search when adding a data source admin |
|
|
|
Access and change data source settings |
|
(only sources I manage as Data Source Admin) |
(only sources I manage as Data Source Admin) |
Add and remove Stewards |
|
|
|
Be added as Steward |
|
|
|
* From 2021.2, the scope of the Source Admin and Catalog Admin roles can be extended by enabling the ability to add sources.
License Consumption¶
Roles correlate with licenses. Assignment of a specific role consumes a license of a specific type. For details about the types of licenses, see License.