Access Levels by Entity Type

This table outlines the default access levels available for key entity types within the platform. For a detailed overview of different access levels, see Access Levels.

Access level matrix

Entity	Definition	View Metadata	View Data	Editing	Full Access
Catalog Configuration	Entity that manages SQL catalog items. Permissions cascade down from the source entity.	Can view metadata but cannot create or edit SQL catalog items	N/A	Can edit and create SQL catalog items from catalog items they have permissions on	Same as Editing Access but can also delete SQL catalog items
Catalog Item	Child of the source entity. Defines the actions a role can perform related to catalog items.	Can view catalog item metadata but cannot view the Data tab, data quality or profiling insights	Can view the Data tab and export data, run sample profiling and data quality evaluation	Can update metadata, apply DQ rules, add glossary terms, and add new attributes	Can create, edit, and delete catalog items
Component	Defines the actions a role can perform related to creating and applying components from ONE Desktop	Can view existing components but cannot create or edit them	Same as View Metadata Access	Can edit and create new components	Same as Editing Access
Connection	Child entity of the source entity. Defines a data source connection.	Can view that a connection exists but cannot view connection details for any source	Can view connection strings and filter catalog items but cannot test or edit an existing connection	Can edit existing connection metadata, connection string, and add items to the Data Catalog from a connection	Same as Editing Access but can also create a new source
Folder	Child entity of the source entity. Defines the workspace folder of virtual catalog items in the Data Catalog.	Can view metadata for existing folders and associated data catalog items	Same as View Metadata Access but can view data in catalog items unless additional permissions are required for a specific catalog item	Can edit existing folder metadata, add new folders, and nominate folders for deletion	Same as Editing Access but can confirm deletion of folders
Location	Child entity of the source entity. Defines the location of a data source.	Can view location metadata within a source and data in catalog items from that location	Same as View Metadata Access	Can edit metadata of existing locations	Can add new locations in a source and delete existing locations
Monitoring Project	Entity that manages the DQ monitoring projects module, including applying DQ rules, anomaly detection, and notifications.	Can view metadata and DQ configurations, and add notifications for themselves	Same as View Metadata Access but can run monitoring projects	Same as View Data Access but can edit and copy existing monitoring projects	Same as Editing Access but can also delete monitoring projects and their notifications, and add scheduled updates
Rule	Defines the actions a role can perform related to creating data quality rules	Can view existing DQ rules	N/A	Can create, edit, and evaluate rules, and apply them for data quality testing but cannot publish new rules	Same as Editing Access but can also delete and publish rules
Source	Entity that describes the source of catalog items in the application. Permissions from the source entity cascade down to location and folders, which subsequently cascade to catalog items.	Can view a source and its catalog items but cannot view the connection string	Can view data in catalog items, and document or profile data	Same as View Data Access but can create folders in a source	Can edit everything within a source (including delete a source), add a location, edit stewardship, and configure scheduling
Term	Defines the actions a role can perform related to creating business glossary terms	Can view existing terms but cannot edit them or add new terms	Can run data quality evaluation on terms	Can create new terms and edit metadata of existing terms but cannot delete terms or define schedules	Can create, edit, and delete terms, and define scheduled actions on terms
User Management	Determines the actions a role can perform as related to the user and access management features	Can view metadata for users but cannot edit groups or governance roles	N/A	Can update and modify user details and create and edit identity provider roles	Can edit all user management settings, with full access to editing groups and governance roles

Entity

Definition

View Metadata

View Data

Editing

Full Access

Catalog Configuration

Entity that manages SQL catalog items.

Permissions cascade down from the source entity.

Can view metadata but cannot create or edit SQL catalog items

N/A

Can edit and create SQL catalog items from catalog items they have permissions on

Same as Editing Access but can also delete SQL catalog items

Catalog Item

Child of the source entity.

Defines the actions a role can perform related to catalog items.

Can view catalog item metadata but cannot view the Data tab, data quality or profiling insights

Can view the Data tab and export data, run sample profiling and data quality evaluation

Can update metadata, apply DQ rules, add glossary terms, and add new attributes

Can create, edit, and delete catalog items

Component

Defines the actions a role can perform related to creating and applying components from ONE Desktop

Can view existing components but cannot create or edit them

Same as View Metadata Access

Can edit and create new components

Same as Editing Access

Connection

Child entity of the source entity.

Defines a data source connection.

Can view that a connection exists but cannot view connection details for any source

Can view connection strings and filter catalog items but cannot test or edit an existing connection

Can edit existing connection metadata, connection string, and add items to the Data Catalog from a connection

Same as Editing Access but can also create a new source

Folder

Child entity of the source entity.

Defines the workspace folder of virtual catalog items in the Data Catalog.

Can view metadata for existing folders and associated data catalog items

Same as View Metadata Access but can view data in catalog items unless additional permissions are required for a specific catalog item

Can edit existing folder metadata, add new folders, and nominate folders for deletion

Same as Editing Access but can confirm deletion of folders

Location

Child entity of the source entity.

Defines the location of a data source.

Can view location metadata within a source and data in catalog items from that location

Same as View Metadata Access

Can edit metadata of existing locations

Can add new locations in a source and delete existing locations

Monitoring Project

Entity that manages the DQ monitoring projects module, including applying DQ rules, anomaly detection, and notifications.

Can view metadata and DQ configurations, and add notifications for themselves

Same as View Metadata Access but can run monitoring projects

Same as View Data Access but can edit and copy existing monitoring projects

Same as Editing Access but can also delete monitoring projects and their notifications, and add scheduled updates

Rule

Defines the actions a role can perform related to creating data quality rules

Can view existing DQ rules

N/A

Can create, edit, and evaluate rules, and apply them for data quality testing but cannot publish new rules

Same as Editing Access but can also delete and publish rules

Source

Entity that describes the source of catalog items in the application.

Permissions from the source entity cascade down to location and folders, which subsequently cascade to catalog items.

Can view a source and its catalog items but cannot view the connection string

Can view data in catalog items, and document or profile data

Same as View Data Access but can create folders in a source

Can edit everything within a source (including delete a source), add a location, edit stewardship, and configure scheduling

Term

Defines the actions a role can perform related to creating business glossary terms

Can view existing terms but cannot edit them or add new terms

Can run data quality evaluation on terms

Can create new terms and edit metadata of existing terms but cannot delete terms or define schedules

Can create, edit, and delete terms, and define scheduled actions on terms

User Management

Determines the actions a role can perform as related to the user and access management features

Can view metadata for users but cannot edit groups or governance roles

N/A

Can update and modify user details and create and edit identity provider roles

Can edit all user management settings, with full access to editing groups and governance roles

Was this page useful?