Step 6: Adding Users and Setting Permissions

You can add your team to start collaborating on building data pipelines.

User and Permissions Best Practices

• If your service account needs to deploy and refresh, assign the Environment Admin role.

Setting User Permissions

Each user will need a permission level set. Coalesce uses Role-Based Access Control (RBAC) with three permission levels:

Role Types

• Organization - They tend to have access to organization level settings such as being able to create projects for the organization. Review Organization Roles for an in-depth explanation of each organization role.
• Project - These roles can work in the project they are assigned to. This is where data architects and data engineers will be assigned to build out the data pipeline. Review Project Roles for an in-depth explanation of each organization role.
• Environment - Environment roles can deploy pipelines and view documentation. These are good for data and business analysts who need to review information or operations to deploy pipelines. Review Environment Roles for an in-depth explanation of each organization role.

Adding Users

Users must be added to your organization before they can access projects or environments. After a user is added, you'll need to give them user permissions.

Organization Administrators

Only Organization administrators can add users.

Username and Password

1. Go to Org Settings > Users.
2. Click Add New User.
3. Fill in user details and select an initial role.
4. Users will receive an email to set their password.

SSO

If you are using SSO, they are provisioned when first logging into Coalesce. New SSO users are given the role of Org Member.

1. Go to Org Settings > Users.
2. Click on Actions next to the user, and select Edit.
3. Select the role the user should have.

Learn more about SSO

Service Account Users

Service accounts are non-human accounts used to run automated processes, deployments, and scheduled jobs in Coalesce. They are usually assigned an email address such as automated-coalesce@yourcompany.com. We recommend using another authentication method, such as key pair or machine-to-machine authentication. For initial setup, using a username and password is sufficient. Make sure to change it before moving to production.

1. Go to Org Settings > Users.
2. Click Add New User.
3. Fill in user details and select an initial role.
4. The service account will receive an email to set the password.

Role and Permission Recommendations

Service accounts should follow the principle of least privilege. Only assign the roles needed for their intended purpose.

Recommended roles:

• Org Contributor
• Org Member
• Project Member
• Environment Reader
• Environment Admin (only if the service account must deploy or refresh)

If a service account is responsible for deployments or refreshes, it must have the Environment Admin role.

Learn more about service accounts

---

What's Next?

• Role-Based Access Control (RBAC) - Go over all roles before assigning to users.
• SSO - Review our SSO implementations.
• Organization Management - Learn about authentication methods, SSO, and account management.

---