Predefined Roles for Workspace Groups in an Organization

Workspace Group Roles

Role

Description

Permissions

Owner

  • Owners are granted full access to the workspace group, including the ability to create and terminate workspaces or terminate the workspace group.

  • Users granted the Owner role in the organization inherit the Owner role on all workspace groups in the organization.

  • ACTIVATE SMARTDR

  • CONFIGURE ALERTS

  • CONFIGURE SMARTDR

  • CONTROL ACCESS

  • CREATE DATABASE

  • CREATE WORKSPACE

  • DROP DATABASE

  • LOAD DATA

  • MONITOR

  • OPERATE

  • TERMINATE

  • USE

  • VIEW

  • VIEW SMARTDR

Operator

  • Operators are granted access to administrative actions for the workspace group including scale, suspend, resume, backup, recover, and configure network policies, passwords, update windows or certificates.

  • Operators have some ability to access and modify data in workspace groups including creating or dropping databases.

  • Users granted the Operator role in the organization inherit the Operator role on all workspace groups in the organization.

  • ACTIVATE SMARTDR

  • CONFIGURE ALERTS

  • CONFIGURE SMARTDR

  • MONITOR

  • OPERATE

  • USE

  • VIEW

  • VIEW SMARTDR

Observer

  • Observers are granted the ability to view the monitoring details of the workspace group and inspect its configuration without granting access to the data.

  • Users granted the Observer role in the organization inherit the Observer role on all workspace groups in the organization.

  • MONITOR

  • VIEW

  • VIEW SMARTDR

Writer

  • Writers are granted full access to data in the workspace group, including the ability to create and drop databases.  

  • Users granted the Writer role in the organization inherit the Writer role on all workspace groups in the organization.

  • CONFIGURE SMARTDR

  • CREATE DATABASE

  • DROP DATABASE

  • LOAD DATA

  • MONITOR

  • USE

  • VIEW

  • VIEW SMARTDR

Reader

  • Readers are granted read access to all databases in the workspace group. 

  • Users granted the Reader role in the organization inherit the Reader role on all workspace groups in the organization.

  • MONITOR

  • USE

  • VIEW

  • VIEW SMARTDR

Limited Access

  • The Limited Access role grants no specific access beyond the ability to see the workspace group and its member workspaces.

  • Users with the Limited Access role are synchronized to the workspace group where they may be granted access to specific databases or tables using database RBAC commands

  • VIEW

All Roles

  • Any user granted any role on a workspace group will be synchronized to that workspace group and added to a group granted a role with appropriate permissions. See the User Synchronization section below for more details.

Synchronization Between Cloud Roles and Database Engine Roles

When a user is added to a workspace group, that user is automatically assigned to the corresponding engine user group and role as per the following table. Refer to Cloud User and Role Synchronization with the Database Engine for a detailed explanation..

Cloud Role

Engine User Group

Engine Role

Engine Permissions

Owner

CloudOwners

CloudOwner

  • USAGE

  • SELECT

  • INSERT

  • UPDATE

  • DELETE

  • CREATE

  • DROP

  • PROCESS

  • INDEX

  • ALTER

  • SHOW METADATA

  • CREATE TEMPORARY TABLES

  • LOCK TABLES

  • CREATE VIEW

  • ALTER VIEW

  • DROP VIEW

  • SHOW VIEW

  • CREATE DATABASE

  • DROP DATABASE

  • CREATE ROUTINE

  • ALTER ROUTINE

  • EXECUTE

  • CREATE PIPELINE

  • DROP PIPELINE

  • START PIPELINE

  • ALTER PIPELINE

  • SHOW PIPELINE

  • CREATE USER

  • GRANT OPTION

  • BACKUP

  • RELOAD

Operator

CloudOperators

CloudOperator

  • USAGE

  • SELECT

  • PROCESS

  • CREATE

  • DROP

  • ALTER

  • SHOW METADATA

  • CREATE TEMPORARY TABLES

  • CREATE DATABASE

  • DROP DATABASE

  • START PIPELINE

  • SHOW PIPELINE

  • BACKUP

  • RELOAD

Writer

CloudWriters

CloudWriter

  • USAGE

  • SELECT

  • INSERT

  • UPDATE

  • DELETE

  • CREATE

  • DROP

  • INDEX

  • ALTER

  • SHOW METADATA

  • CREATE TEMPORARY TABLES

  • LOCK TABLES

  • CREATE VIEW

  • ALTER VIEW

  • DROP VIEW

  • SHOW VIEW

  • CREATE DATABASE

  • ALTER ROUTINE

  • CREATE ROUTINE

  • ALTER ROUTINE

  • EXECUTE

  • CREATE PIPELINE

  • DROP PIPELINE

  • START PIPELINE

  • ALTER PIPELINE

  • SHOW PIPELINE

Reader

CloudReaders

CloudReader

  • USAGE

  • SELECT

  • SHOW METADATA

  • SHOW VIEW

  • SHOW ROUTINE

Observer

CloudObservers

None

None

Limited Access

CloudLimitedAccessUsers

None

None

Billing AdministratorCloud

LimitedAccessUsers

None

None

All Roles

CloudUsers

None

None

Last modified: November 22, 2024

Was this article helpful?