Cloud Portal ONE Desktop ONE DQ&C ONE MDM ONE RDM ONE Runtime Server
User Community Service Desk Downloads

Access Levels

Access levels define what actions a user can perform on an asset.

When you share an asset or assign stewardship, access levels determine the depth of access granted.

What access levels are for

Access levels let you finetune what users can do with an asset, not just whether they can see it. For example, you might want:

  • Your whole organization to view approved business terms (view metadata access).

  • Data stewards to edit catalog item descriptions (editing access).

  • Asset owners to manage who else can access their assets (full access).

Default access levels

ONE includes the following access levels, from most to least restrictive:

View metadata access

View an asset’s metadata but not the underlying data. Useful for users who need to understand what data exists without seeing actual values.

View data access

View both metadata and data. Useful for reviewers or analysts who need to see actual values.

Operate access

Run technical actions on the platform without editing the asset itself. Useful for operations teams.

Editing access

View and edit the asset, but cannot delete, publish, or manage who else has access. Useful for contributors who work on assets but don’t own them.

Full access

Complete control over the asset, including editing, deleting, publishing, and managing access. Typically reserved for asset owners.

These defaults work well for most organizations and typically don’t need to be changed. However, you can create, edit, or delete access levels to fit your needs. See Create access level.

To view all configured access levels, go to Global settings > Application settings > Global access levels. To access Global settings, select the Ataccama logo.

How access levels work

With sharing

When you share an asset with a group or user, you select an access level. This determines the baseline access for everyone you’re sharing with.

However, each recipient’s effective access also depends on their governance role. The recipient gets whichever is lower: the shared access level or what their governance role allows.

For example, if you share a catalog item with the Analytics group at editing access level:

  • A Data Consumer in that group can only view as their role caps them at view access.

  • A Data Steward in that group can edit as their role allows editing.

Similarly, if you share a source at full access with a group, a Data Consumer in that group still only gets view access. Their role limits what they can do regardless of what was shared.

With stewardship

When you assign stewardship to a group, members automatically receive access based on their governance role within that group. You don’t select an access level; it’s determined by how governance roles are configured.

Multiple access paths

If a user receives access to the same asset through multiple paths (different groups, direct sharing, stewardship), they get the highest access level available to them.

For example, if someone has:

  • View access through Group A

  • Edit access through Group B

They can edit the asset.

Create access level

To create a new access level:

  1. Go to Global settings > Application settings > Groups.

  2. Select Create.

  3. Enter a Name for the access level (for example, "edit-eu"). Use a short name without spaces or special characters.

  4. Enter a Display name that will be shown to users (for example, "Editing access - EU subsidiaries").

  5. In Order, specify where this access level appears in lists (lower numbers appear first).

  6. Select Save.

  7. Publish your changes.

From this screen you can also edit or remove an access level using the three dots menu.

To start using the access level:

  1. Assign the access level to your asset

  2. Optionally, configure it as the default access level for new or shared assets

  3. Customize access level allowed actions

Configure default access levels for new or shared assets

You can set which access level is applied by default when you:

  • Create a new asset.

  • Share an asset with other users.

This is controlled on the asset type level.

As a best practice, grant full access to asset creators and use the most restrictive level (such as view metadata) as the default for sharing. You can later grant higher access levels to specific groups and users as needed.

To set a default access level:

  1. Go to Global settings > Maintenance > Metadata model.

  2. Find and open the asset type you want to edit, for example, source.

  3. On the Access Levels tab, open the access level you want to edit.

    If no access levels are shown, see [Assign global access level].

  4. Select Edit.

  5. In General information, select as needed:

    • Assign when asset is created

    • Select as default when sharing assets

To customize which actions you’re allowed to do with a specific access level, see Customize access level allowed actions.

Assign access levels to asset types

Global access levels define the names of access levels available in the platform, but they don’t grant any permissions on their own. Think of them as labels that designate a similar level of permissions across different assets.

Before you can use a global access level for sharing or stewardship, you must first assign it to an asset type in the Metadata model, where you also define the actual allowed operations.

If you’ve created an access level but don’t see it when sharing or assigning stewardship, you need to assign it to the relevant asset type first.

  1. Navigate to the Metadata model and open an asset type.

  2. On the Access levels tab, select Assign global access level and choose all access levels you intend to use.

  3. Publish your changes:

    1. Select Review and apply the changes.

    2. This takes you to System changes, where you can determine when to update the application. When ready, select Apply changes.

    3. Reload page to start using the latest version of the application.

The access level can now be further customized or assigned as default for creating or sharing assets.

Customize access level allowed actions

Each access level allows you to perform specific actions on an asset type. Use this to restrict or expand what users can do.

The available actions vary by asset type. "Editing access" includes different operations for a DQ dimension than for a report catalog item, reflecting how these assets are used in the platform.

For example, you might want a certain group to publish their own edits to catalog item descriptions without being able to delete assets or manage who else has access. This would help prevent bottlenecks if you want contributors to finalize their own work without giving them delete and share permissions.

To customize the actions for a specific access level, navigate to the Metadata model and open an asset type.

  1. On the Access Levels tab, open the access level you want to edit.

  2. Select Edit.

  3. In General information, review the available actions and select all that apply. The available actions vary by asset type.

Was this page useful?