RBAC Roles and Permissions
Table Key
- Read(R) - A user can view the data, but not create or update the data.
- Write (W) - A user can create something new or modify existing information. This includes, creating, updating, and deleting.
Organization Level Roles
| Role | Permissions Summary | Recommended For |
|---|---|---|
| Organization Administrator | The creator of the Coalesce App is automatically assigned as organization administrator. Only organization administrators can add other users, including other organization administrators. They have full access to all functionality in Coalesce. | Full administrative control |
| Organization Contributor | They can’t add new users to the organization. They have access to read documentation, create API tokens, user settings, and Git account information. They will be able to set up a project, configure Git, add members to projects,and oversee work. Only have access to the projects created by them. If there are multiple organization contributors, they will need to share access with the organization contributor. | Managers who decide how each person will contribute to a project. |
| Organization Member | This is the default role. They can edit Git account information, create API tokens, and read documentation. | Default Role |
Organization Roles Permissions
Project Level Roles
| Role | Permissions Summary | Recommended For |
|---|---|---|
| Project Administrator | This role can manage projects, but not create them. An organization administrator or contributor can create projects. The role has access to projects, deployments, and environments. | Team manager or senior team member to manage projects. |
| Project Architect | This role can manage certain project information, build nodes, and generate API tokens. Assign this role to a data architect so they can build the needed node types, set storage locations, and create macros. | Senior data architects. |
| Project Contributor | A project contributor can’t edit or create custom nodes or macros. They have read-only access to certain project settings. They have read access to projects, deployments, and environments. | Team members who need access to project information without making changes. |
| Project Member | Assign this role if you want to add them to the environment. | This role could be either a data engineer or a data platform engineer. The project member would not be actively involved in creating or maintaining data pipelines, but would need access to the environment level. |
Project Roles Permissions
- Project roles have no Organization permissions.
- Project roles must be added to the org first, then the project.
Environment Level Roles
| Role | Permissions Summary | Recommended For |
|---|---|---|
| Environment Admin | This role manages environment settings, reads project documentation, and deploys either through the API, CLI, or Coalesce App. | Data platform engineer or operations who would approve deployments and schedule jobs. |
| Environment Reader | This role only has access to the documentation for the environment they are added to. They have access to certain API functions to get deployment information. | Business analyst or data analyst. |
Environment Roles Permissions
- Environment roles have no organization permissions.
- Environment roles have access to view a list of projects.
- Environment roles must be added to the org, project, and then the environment.