RBAC Roles and Permissions
Table Key
- Read(R) - A user can view the data, but not create or update the data.
- Write (W) - A user can create something new or modify existing information. This includes, creating, updating, and deleting.
Organization Level Roles
| Role | Permissions Summary | Recommended For |
|---|---|---|
| Organization Administrator | The creator of the Coalesce App is automatically assigned as organization administrator. Only organization administrators can add other users, including other organization administrators. They have full access to all functionality in Coalesce. | Full administrative control |
| Organization Contributor | They can’t add new users to the organization. They have access to read documentation, create API tokens, user settings, and Git account information. They will be able to set up a project, configure Git, add members to projects,and oversee work. Only have access to the projects created by them. If there are multiple organization contributors, they will need to share access with the organization contributor. | Managers who decide how each person will contribute to a project. |
| Organization Member | This is the default role. They can edit Git account information, create API tokens, and read documentation. | Default Role |
Organization Roles Permissions
| Permissions | Org Admin | Org Contributor | Org Member |
|---|---|---|---|
Organization Settings | |||
| Users | W | ||
| SSO | W | ||
| Preferences | W | ||
User Settings | |||
| Git Account | W | W | W |
| Support Information | W | W | W |
| Account Security | W | W | W |
Project Management | |||
| Create New Project | W | W | |
Documentation | |||
| Org Level Documentation | R | R | R |
Project Management | |||
| List Projects | R | ||
| Delete Project | W | ||
| Configure Git Account | W | ||
Project Settings | |||
| Project Details | W | ||
| Git Repository | W | ||
| Members | W | ||
Build Settings | |||
| Storage Locations | W | ||
| Workspace Settings | W | ||
| Create a new Environment | W | ||
| Macros | W | ||
| Node Types | W | ||
| Packages | W | ||
Build Interface Sidebar | |||
| Add Source | W | ||
| Nodes | W | ||
| Subgraphs | W | ||
| Jobs | W | ||
| Problem Scanner | W | ||
| Git Settings | W | ||
Workspace Settings | |||
| Workspace | W | ||
| User Credentials | W | ||
| Storage Mapping | W | ||
| Parameters | W | ||
| OAuth Settings | W | ||
| Duplicate Settings | W | ||
| Copy workspace objects | W | ||
Documentation | |||
| Workspace Documentation | R | ||
Deploy Interface | |||
| Generate Access Token | W | W | W |
| Deploy | W | ||
| Cancel Run | W | ||
| View Run | R | ||
| View Run History - Deploy/Refresh | R | ||
Environment Settings | |||
| Settings | W | ||
| User Credentials | W | ||
| Parameters | W | ||
| OAuth Settings | W | ||
| Members | W | ||
Documentation | |||
| Environment Level Documentation | R | ||
API/CLI - Environments | |||
| GET All Environments | R | ||
| GET a Environment | R | ||
API/CLI - Nodes | |||
| GET a Node | R | ||
| GET All Nodes | R | ||
API/CLI - Jobs | |||
| POST Start Job | W | ||
| GET Job Status | R | ||
| POST Job Refresh | W | ||
| POST Cancel Job | W | ||
API/CLI - Runs (and rerun) | |||
| GET a Run | R | ||
| GET All Runs | R | ||
| GET Run Results | R | ||
Project Level Roles
| Role | Permissions Summary | Recommended For |
|---|---|---|
| Project Administrator |
| Team manager or senior team member to manage projects. |
| Project Architect |
| Senior data architects. |
| Project Contributor |
| Team members who need access to project information without making changes. |
Project Roles Permissions
- Project roles have no Organization permissions.
| Permissions | Project Admin | Project Architect | Project Contributor | Project Member |
|---|---|---|---|---|
Organization Settings | ||||
| Users | ||||
| SSO | ||||
| Preferences | ||||
User Settings | ||||
| Git Account | ||||
| Support Information | ||||
| Account Security | ||||
Project Management | ||||
| Create New Project | ||||
Documentation | ||||
| Org Level Documentation | ||||
Project Management | ||||
| List Projects | R | R | R | R |
| Delete Project | W | |||
| Configure Git Account | W | W | W | |
Project Settings | ||||
| Project Details | W | R | R | |
| Git Repository | W | R | R | |
| Members | W | R | R | |
Build Settings | ||||
| Storage Locations | W | W | W | |
| Workspace Settings | W | W | W | |
| Create a new Environment | W | |||
| Macros | W | W | R | |
| Node Types | W | W | R | |
| Packages | W | W | R | |
Build Interface Sidebar | ||||
| Add Source | W | W | W | |
| Nodes | W | W | W | |
| Subgraphs | W | W | W | |
| Jobs | W | W | W | |
| Problem Scanner | W | W | W | |
| Git Settings | W | W | W | |
Workspace Settings | ||||
| Workspace | W | W | W | |
| User Credentials | W | W | W | |
| Storage Mapping | W | W | W | |
| Parameters | W | W | W | |
| OAuth Settings | W | W | W | |
| Duplicate Settings | W | W | W | |
| Copy workspace objects | W | W | W | |
Documentation | ||||
| Workspace Documentation | R | R | R | |
Deploy Interface | ||||
| Generate Access Token | W | W | W | |
| Deploy | W | |||
| Cancel Run | W | |||
| View Run | R | |||
| View Run History - Deploy/Refresh | R | |||
Environment Settings | ||||
| Settings | W | |||
| User Credentials | W | |||
| Parameters | W | |||
| OAuth Settings | W | |||
| Members | W | |||
Documentation | ||||
| Environment Level Documentation | R | R | R | |
API/CLI - Environments | ||||
| GET All Environments | R | |||
| GET a Environment | R | |||
API/CLI - Nodes | ||||
| GET a Node | R | |||
| GET All Nodes | R | |||
API/CLI - Jobs | ||||
| POST Start Job | W | |||
| GET Job Status | R | |||
| POST Job Refresh | W | |||
| POST Cancel Job | W | |||
API/CLI - Runs (and rerun) | ||||
| GET a Run | R | |||
| GET All Runs | R | |||
| GET Run Results | R | |||
Environment Level Roles
| Role | Permissions Summary | Recommended For |
|---|---|---|
| Environment Admin | This role manages environment settings, reads project documentation, and deploys either through the API, CLI, or Coalesce App. | Data platform engineer or operations who would approve deployments and schedule jobs. |
| Environment Reader |
| Business analyst or data analyst. |
Environment Roles Permissions
- Environment roles have no organization permissions.
- Environment roles have access to view a list of projects only
| Permissions | Environment Admin | Environment Reader |
|---|---|---|
Organization Settings | ||
| Users | ||
| SSO | ||
| Preferences | ||
User Settings | ||
| Git Account | ||
| Support Information | ||
| Account Security | ||
Project Management | ||
| Create New Project | ||
Documentation | ||
| Org Level Documentation | ||
Project Management | ||
| List Projects | ||
| Delete Project | ||
| Configure Git Account | ||
Project Settings | ||
| Project Details | ||
| Git Repository | ||
| Members | ||
Build Settings | ||
| Storage Locations | ||
| Workspace Settings | ||
| Create a new Environment | ||
| Macros | ||
| Node Types | ||
| Packages | ||
Build Interface Sidebar | ||
| Add Source | ||
| Nodes | ||
| Subgraphs | ||
| Jobs | ||
| Problem Scanner | ||
| Git Settings | ||
Workspace Settings | ||
| Workspace | ||
| User Credentials | ||
| Storage Mapping | ||
| Parameters | ||
| OAuth Settings | ||
| Duplicate Settings | ||
| Copy workspace objects | ||
Documentation | ||
| Workspace Documentation | ||
Deploy Interface | ||
| Generate Access Token | W | W |
| Deploy | W | |
| Cancel Run | W | |
| View Run | R | R |
| View Run History - Deploy/Refresh | R | R |
Environment Settings | ||
| Settings | W | |
| User Credentials | W | |
| Parameters | W | R |
| OAuth Settings | W | |
| Members | W | R |
Documentation | ||
| Environment Level Documentation | R | R |
API/CLI - Environments | ||
| GET All Environments | R | R |
| GET a Environment | R | R |
API/CLI - Nodes | ||
| GET a Node | R | R |
| GET All Nodes | R | R |
API/CLI - Jobs | ||
| POST Start Job | W | |
| GET Job Status | R | R |
| POST Job Refresh | W | |
| POST Cancel Job | W | |
API/CLI - Runs (and rerun) | ||
| GET a Run | R | R |
| GET All Runs | R | R |
| GET Run Results | R | R |