Access Control for Connection
Connection roles, operations, access control rules.
Access Levels for Connections
The access control for connections vary depending on the access level. There are three types of access levels for connections:
| Scope | Description |
|---|---|
Workspace | All users can access workspace connections. |
Protected | Only users who have been granted access can access protected connections. Workspace owners can edit permissions. |
Private | Only users who have been granted access can access private connections. Workspace owners cannot edit permissions. |
Roles for Connections
The following roles determine the operations users can perform on connections.
| Role Name | Summary |
|---|---|
connection.Owner | Can edit and delete connections and change sharing settings |
connection.User | Can execute queries and view query results and tables Can publish reports associated with the connection |
connection.Viewer | Can view query results and tables |
Connection Operations and Access Control Rules
Here are the operations that can be performed on connections and the roles required for each level.
| Operations | level: Workspace | level: Protected | level: Private |
|---|---|---|---|
Create a connection. | workspace.Editor | workspace.Editor | workspace.Editor |
View a list of connection names. | workspace.Viewer | workspace.Viewer | workspace.Editor AND connection.Viewer |
Edit and delete a connection. | workspace.Owner OR connection.Owner | workspace.Owner OR (workspace.Viewer AND connection.Owner) | workspace.Editor AND connection.Owner |
Change permission settings of a connection. | N/A | workspace.Owner OR (workspace.Viewer AND connection.Owner) | workspace.Editor AND connection.Owner |
Execute any SQL codes Download SQL job results | workspace.Editor | workspace.Editor AND connection.User | workspace.Editor AND connection.User |
Get SQL job results and table information. | workspace.Viewer | workspace.Viewer and connection.Viewer | workspace.Editor AND connection.Viewer |
Last updated