Skip to main content

RBAC Roles and Permissions

Table Key

  • Read(R) - A user can view the data, but not create or update the data.
  • Write (W) - A user can create something new or modify existing information. This includes, creating, updating, and deleting.

Organization Level Roles

RolePermissions SummaryRecommended For
Organization AdministratorThe creator of the Coalesce App is automatically assigned as organization administrator.

Only organization administrators can add other users, including other organization administrators.

They have full access to all functionality in Coalesce.
Full administrative control
Organization ContributorThey can’t add new users to the organization.

They have access to read documentation, create API tokens, user settings, and Git account information.

They will be able to set up a project, configure Git, add members to projects,and oversee work.

Only have access to the projects created by them. If there are multiple organization contributors, they will need to share access with the organization contributor.
Managers who decide how each person will contribute to a project.
Organization MemberThis is the default role. They can edit Git account information, create API tokens, and read documentation.Default Role

Organization Roles Permissions

PermissionsOrg AdminOrg ContributorOrg Member

Organization Settings

UsersW
SSOW
PreferencesW

User Settings

Git AccountWWW
Support InformationWWW
Account SecurityWWW

Project Management

Create New ProjectWW

Documentation

Org Level DocumentationRRR

Project Management

List ProjectsR
Delete ProjectW
Configure Git AccountW

Project Settings

Project DetailsW
Git RepositoryW
MembersW

Build Settings

Storage LocationsW
Workspace SettingsW
Create a new EnvironmentW
MacrosW
Node TypesW
PackagesW

Build Interface Sidebar

Add SourceW
NodesW
SubgraphsW
JobsW
Problem ScannerW
Git SettingsW

Workspace Settings

WorkspaceW
User CredentialsW
Storage MappingW
ParametersW
OAuth SettingsW
Duplicate SettingsW
Copy workspace objectsW

Documentation

Workspace DocumentationR

Deploy Interface

Generate Access TokenWWW
DeployW
Cancel RunW
View RunR
View Run History - Deploy/RefreshR

Environment Settings

SettingsW
User CredentialsW
ParametersW
OAuth SettingsW
MembersW

Documentation

Environment Level DocumentationR

API/CLI - Environments

GET All EnvironmentsR
GET a EnvironmentR

API/CLI - Nodes

GET a NodeR
GET All NodesR

API/CLI - Jobs

POST Start JobW
GET Job StatusR
POST Job RefreshW
POST Cancel JobW

API/CLI - Runs (and rerun)

GET a RunR
GET All RunsR
GET Run ResultsR

Project Level Roles

RolePermissions SummaryRecommended For
Project Administrator
  • This role can manage projects, but not create them.
  • An organization administrator or contributor can create projects.
  • The role has access to projects, deployments, and environments.
Team manager or senior team member to manage projects.
Project Architect
  • This role can manage certain project information, build nodes, and generate API tokens.
  • Assign this role to a data architect so they can build the needed node types, set storage locations, and create macros.
Senior data architects.
Project Contributor
  • A project contributor can’t edit or create custom nodes or macros.
  • They have read-only access to certain project settings.
  • They have read access to projects, deployments, and environments.
Team members who need access to project information without making changes.

Project Roles Permissions

  • Project roles have no Organization permissions.
PermissionsProject AdminProject ArchitectProject ContributorProject Member

Organization Settings

Users
SSO
Preferences

User Settings

Git Account
Support Information
Account Security

Project Management

Create New Project

Documentation

Org Level Documentation

Project Management

List ProjectsRRRR
Delete ProjectW
Configure Git AccountWWW

Project Settings

Project DetailsWRR
Git RepositoryWRR
MembersWRR

Build Settings

Storage LocationsWWW
Workspace SettingsWWW
Create a new EnvironmentW
MacrosWWR
Node TypesWWR
PackagesWWR

Build Interface Sidebar

Add SourceWWW
NodesWWW
SubgraphsWWW
JobsWWW
Problem ScannerWWW
Git SettingsWWW

Workspace Settings

WorkspaceWWW
User CredentialsWWW
Storage MappingWWW
ParametersWWW
OAuth SettingsWWW
Duplicate SettingsWWW
Copy workspace objectsWWW

Documentation

Workspace DocumentationRRR

Deploy Interface

Generate Access TokenWWW
DeployW
Cancel RunW
View RunR
View Run History - Deploy/RefreshR

Environment Settings

SettingsW
User CredentialsW
ParametersW
OAuth SettingsW
MembersW

Documentation

Environment Level DocumentationRRR

API/CLI - Environments

GET All EnvironmentsR
GET a EnvironmentR

API/CLI - Nodes

GET a NodeR
GET All NodesR

API/CLI - Jobs

POST Start JobW
GET Job StatusR
POST Job RefreshW
POST Cancel JobW

API/CLI - Runs (and rerun)

GET a RunR
GET All RunsR
GET Run ResultsR

Environment Level Roles

RolePermissions SummaryRecommended For
Environment Admin

This role manages environment settings, reads project documentation, and deploys either through the API, CLI, or Coalesce App.

Data platform engineer or operations who would approve deployments and schedule jobs.

Environment Reader
  • This role only has access to the documentation for the environment they are added to.
  • They have access to certain API functions to get deployment information.

Business analyst or data analyst.

Environment Roles Permissions

  • Environment roles have no organization permissions.
  • Environment roles have access to view a list of projects only
PermissionsEnvironment AdminEnvironment Reader

Organization Settings

Users
SSO
Preferences

User Settings

Git Account
Support Information
Account Security

Project Management

Create New Project

Documentation

Org Level Documentation

Project Management

List Projects
Delete Project
Configure Git Account

Project Settings

Project Details
Git Repository
Members

Build Settings

Storage Locations
Workspace Settings
Create a new Environment
Macros
Node Types
Packages

Build Interface Sidebar

Add Source
Nodes
Subgraphs
Jobs
Problem Scanner
Git Settings

Workspace Settings

Workspace
User Credentials
Storage Mapping
Parameters
OAuth Settings
Duplicate Settings
Copy workspace objects

Documentation

Workspace Documentation

Deploy Interface

Generate Access TokenWW
DeployW
Cancel RunW
View RunRR
View Run History - Deploy/RefreshRR

Environment Settings

SettingsW
User CredentialsW
ParametersWR
OAuth SettingsW
MembersWR

Documentation

Environment Level DocumentationRR

API/CLI - Environments

GET All EnvironmentsRR
GET a EnvironmentRR

API/CLI - Nodes

GET a NodeRR
GET All NodesRR

API/CLI - Jobs

POST Start JobW
GET Job StatusRR
POST Job RefreshW
POST Cancel JobW

API/CLI - Runs (and rerun)

GET a RunRR
GET All RunsRR
GET Run ResultsRR