Predefined Roles for Workspace Groups in an Organization

Owner

• Owners are granted full access to the workspace group, including the ability to create and terminate workspaces or terminate the workspace group.

• Users granted the Owner role in the organization inherit the Owner role on all workspace groups in the organization.

• ACTIVATE SMARTDR

• CONFIGURE ALERTS

• CONFIGURE SMARTDR

• CONTROL ACCESS

• CREATE DATABASE

• CREATE WORKSPACE

• DROP DATABASE

• LOAD DATA

• MONITOR

• OPERATE

• TERMINATE

• USE VIEW

• VIEW SMARTDR

Operator

• Operators are granted access to administrative actions for the workspace group including scale, suspend, resume, backup, recover, and configure network policies, passwords, update windows or certificates.

• Operators have some ability to access and modify data in workspace groups including creating or dropping databases.

• Users granted the Operator role in the organization inherit the Operator role on all workspace groups in the organization.

• ACTIVATE SMARTDR

• CONFIGURE ALERTS

• CONFIGURE SMARTDR

• MONITOR

• OPERATE

• USE VIEW

• VIEW SMARTDR

Observer

• Observers are granted the ability to view the monitoring details of the workspace group and inspect its configuration without granting access to the data.

• Users granted the Observer role in the organization inherit the Observer role on all workspace groups in the organization.

• MONITOR

• VIEW

• VIEW SMARTDR

Writer

• Writers are granted full access to data in the workspace group, including the ability to create and drop databases.  

• Users granted the Writer role in the organization inherit the Writer role on all workspace groups in the organization.

• CONFIGURE SMARTDR

• CREATE DATABASE

• DROP DATABASE

• LOAD DATA

• MONITOR

• USE

• VIEW

• VIEW SMARTDR

Reader

• Readers are granted read access to all databases in the workspace group. 

• Users granted the Reader role in the organization inherit the Reader role on all workspace groups in the organization.

• MONITOR

• USE

• VIEW

• VIEW SMARTDR

Limited Access

• The Limited Access role grants no specific access beyond the ability to see the workspace group and its member workspaces.

• Users with the Limited Access role are synchronized to the workspace group where they may be granted access to specific databases or tables using database RBAC commands

• VIEW

All Roles

• Any user granted any role on a workspace group will be synchronized to that workspace group and added to a group granted a role with appropriate permissions. See the User Synchronization section below for more details.

Owner

CloudOwners

CloudOwner

• USAGE

• SELECT

• INSERT

• UPDATE

• DELETE

• CREATE

• DROP

• PROCESS

• INDEX

• ALTER

• SHOW METADATA

• CREATE TEMPORARY TABLES

• LOCK TABLES

• CREATE VIEW

• ALTER VIEW

• DROP VIEW

• SHOW VIEW

• CREATE DATABASE

• DROP DATABASE

• CREATE ROUTINE

• ALTER ROUTINE

• EXECUTE

• CREATE PIPELINE

• DROP PIPELINE

• START PIPELINE

• ALTER PIPELINE

• SHOW PIPELINE

• CREATE USER

• GRANT OPTION

• BACKUP

• RELOAD

Operator

CloudOperators

CloudOperator

• USAGE

• SELECT

• PROCESS

• CREATE

• DROP

• ALTER

• SHOW METADATA

• CREATE TEMPORARY TABLES

• CREATE DATABASE

• DROP DATABASE

• START PIPELINE

• SHOW PIPELINE

• BACKUP

• RELOAD

Writer

CloudWriters

CloudWriter

• USAGE

• SELECT

• INSERT

• UPDATE

• DELETE

• CREATE

• DROP INDEX

• ALTER

• SHOW METADATA

• CREATE TEMPORARY TABLES

• LOCK TABLES

• CREATE VIEW

• ALTER VIEW

• DROP VIEW

• SHOW VIEW

• CREATE DATABASE

• ALTER ROUTINE

• CREATE ROUTINE

• ALTER ROUTINE

• EXECUTE

• CREATE PIPELINE

• DROP PIPELINE

• START PIPELINE

• ALTER PIPELINE

• SHOW PIPELINE

Reader

CloudReaders

CloudReader

• USAGE

• SELECT

• SHOW METADATA

• SHOW VIEW

• SHOW ROUTINE

Observer

CloudObservers

None

None

Limited Access

CloudLimitedAccessUsers

None

None

Billing AdministratorCloud

LimitedAccessUsers

None

None

All Roles

CloudUsers

None

None