G03.03.01. Категории разрешений
Редактировал(а) Ирина Сафонова 22.03.2024, 15:20
Категории разрешений
Роли состоят из разрешений. Разрешения имеют категории.
| Категория разрешения | Описание |
| Модель и действие | Модели — объекты. Примеры:
Каждая модель имеет фиксированный набор разрешений. Примеры:
Например, для удаления пользователями дашбордов добавьте разрешение can_delete и укажите необходимых пользователи в роли. |
| Представления | Представления — отдельные веб-страницы, такие как, представление Исследование или Лаборатория SQL. |
| Источник данных | Для каждого источника данных создается разрешение. Если не предоставлено разрешение all_datasource_access, пользователь сможет только просматривать срезы или исследовать источники данных, к которым есть доступ. |
| База данных (БД) | Доступ к БД означает доступ ко всем источникам данных БД. Пользователь сможет запрашивать БД в лаборатории SQL при наличии разрешения к лаборатории. Узнайте, как настроить интеграцию БД и Cloud BI. |
Основные разрешения и описания ролей
В таблице основные разрешения и описание ролей.
| Admin | Alpha | Gamma | SQL_LAB | ||
| Разрешение/Описание роли | Пользователи группы доступа Admin имеют все возможные права, включая предоставление или отзыв прав у других пользователей и изменение чужих срезов и дашбордов. | Пользователи группы доступа Alpha имеют доступ ко всем источникам данных. Пользователи группы могут добавлять и изменять источники данных, но не предоставлять или отзывать доступ другим пользователям. Пользователи Alpha ограничены в изменении объектов, которыми владеют. | Пользователи группы доступа Gamma создают срезы и дашборды. Пользователи группы имеют ограниченный доступ. Они используют только данные, поступающие из источников данных, к которым им предоставлен доступ, через другую дополнительную роль. У пользователей группы есть доступ только для просмотра срезов и дашбордов, созданных из источников данных. При этом у пользователей должен быть доступ к источникам. Пользователи группы не могут изменять или добавлять источники. | Пользователи группы доступа sql_lab имеют доступ к SQL Lab. | |
| can read on SavedQuery |  | | | ||
| can write on SavedQuery | | | | | |
| can read on CssTemplate |
| | | O | |
| can write on CssTemplate | | | | O | |
| can read on ReportSchedule | | | | O | |
| can write on ReportSchedule | | | | O | |
| can read on Chart | | | | O | |
| can write on Chart | | | | O | |
| can read on Annotation | | | | O | |
| can write on Annotation | | | | O | |
| can read on Dataset | | | | O | |
| can write on Dataset | | | O | O | |
| can read on Log | | O | O | O | |
| can write on Log | | O | O | O | |
| can read on Dashboard | | | | O | |
| can write on Dashboard | | | | O | |
| can read on Database | | | | | |
| can write on Database | | O | O | O | |
| can read on Query | | | | | |
| can this form get on ResetPasswordView | | O | O | O | |
| can this form post on ResetPasswordView | | O | O | O | |
| can this form get on ResetMyPasswordView | | | | O | |
| can this form post on ResetMyPasswordView | | | | O | |
| can this form get on UserInfoEditView | | | | O | |
| can this form post on UserInfoEditView | | | | O | |
| can show on UserDBModelView | | O | O | O | |
| can edit on UserDBModelView | | O | O | O | |
| can delete on UserDBModelView | | O | O | O | |
| can add on UserDBModelView | | O | O | O | |
| can list on UserDBModelView | | O | O | O | |
| can userinfo on UserDBModelView | | | | O | |
| resetmypassword on UserDBModelView | | | | O | |
| resetpasswords on UserDBModelView | | O | O | O | |
| userinfoedit on UserDBModelView | | O | O | O | |
| can show on RoleModelView | | O | O | O | |
| can edit on RoleModelView | | O | O | O | |
| can delete on RoleModelView | | O | O | O | |
| can add on RoleModelView | | O | O | O | |
| can list on RoleModelView | | O | O | O | |
| copyrole on RoleModelView | | O | O | O | |
| can get on OpenApi | | | | O | |
| can show on SwaggerView | | | | O | |
| can get on MenuApi | | | | O | |
| can list on AsyncEventsRestApi | | | | O | |
| can invalidate on CacheRestApi | | | | O | |
| can function names on Database | | O | O | O | |
| can query form data on Api | | | | O | |
| can query on Api | | | | O | |
| can time range on Api | | | | O | |
| can this form get on CsvToDatabaseView | | | | O | |
| can this form post on CsvToDatabaseView | | | | O | |
| can this form get on ExcelToDatabaseView | | | | O | |
| can this form post on ExcelToDatabaseView | | | | O | |
| can external metadata on Datasource | | | | O | |
| can save on Datasource | | | O | O | |
| can get on Datasource | | | | O | |
| can shortner on R | | | | O | |
| can my queries on SqlLab | | | | | |
| can log on Superset | | | | O | |
| can schemas access for csv upload on Superset | | | | O | |
| can import dashboards on Superset | | | | O | |
| can schemas on Superset | | | | O | |
| can sqllab history on Superset | | | | | |
| can publish on Superset | | | | O | |
| can csv on Superset | | | | | |
| can slice on Superset | | | | O | |
| can sync druid source on Superset | | O | O | O | |
| can explore on Superset | | | | O | |
| can approve on Superset | | O | O | O | |
| can explore json on Superset | | | | O | |
| can fetch datasource metadata on Superset | | | | O | |
| can csrf token on Superset | | | | O | |
| can sqllab on Superset | | | | | |
| can select star on Superset | | | | O | |
| can warm up cache on Superset | | | | O | |
| can sqllab table viz on Superset | | | | | |
| can profile on Superset | | | | O | |
| can available domains on Superset | | | | O | |
| can request access on Superset | | | | O | |
| can dashboard on Superset | | | | O | |
| can post on TableSchemaView | | | | O | |
| can expanded on TableSchemaView | | | | O | |
| can delete on TableSchemaView | | | | O | |
| can get on TabStateView | | | | | |
| can post on TabStateView | | | | | |
| can delete query on TabStateView | | | | | |
| can migrate query on TabStateView | | | | | |
| can activate on TabStateView | | | | | |
| can delete on TabStateView | | | | | |
| can put on TabStateView | | | | | |
| can read on SecurityRestApi | | | | | |
| menu access on Security | | O | O | O | |
| menu access on List Users | | | | O | |
| menu access on List Roles | | | | O | |
| menu access on Action Log | | | | O | |
| menu access on Manage | | | O | O | |
| menu access on Annotation Layers | | | | O | |
| menu access on CSS Templates | | | O | O | |
| menu access on Import Dashboards | | | | O | |
| menu access on Data | | | | O | |
| menu access on Databases | | | | O | |
| menu access on Datasets | | | | O | |
| menu access on Upload a CSV | | | O | O | |
| menu access on Upload Excel | | | | O | |
| menu access on Charts | | | | O | |
| menu access on Dashboards | | | | O | |
| menu access on SQL Lab | | O | O | | |
| menu access on SQL Editor | | | | | |
| menu access on Saved Queries | | | | | |
| menu access on Query Search | | | | | |
| all datasource access on all_datasource_access | | | O | O | |
| all database access on all_database_access | | | O | O | |
| all query access on all_query_access | | O | O | O | |
| can edit on UserOAuthModelView | | O | O | O | |
| can list on UserOAuthModelView | | O | O | O | |
| can show on UserOAuthModelView | | O | O | O | |
| can userinfo on UserOAuthModelView | | | | O | |
| can add on UserOAuthModelView | | O | O | O | |
| can delete on UserOAuthModelView | | O | O | O | |
| userinfoedit on UserOAuthModelView | | O | O | O | |
| can write on DynamicPlugin | | O | O | O | |
| can edit on DynamicPlugin | | O | O | O | |
| can list on DynamicPlugin | | | | O | |
| can show on DynamicPlugin | | | | O | |
| can download on DynamicPlugin | | O | O | O | |
| can add on DynamicPlugin | | O | O | O | |
| can delete on DynamicPlugin | | O | O | O | |
| can edit on RowLevelSecurityFiltersModelView | | O | O | O | |
| can list on RowLevelSecurityFiltersModelView | | O | O | O | |
| can show on RowLevelSecurityFiltersModelView | | O | O | O | |
| can download on RowLevelSecurityFiltersModelView | | O | O | O | |
| can add on RowLevelSecurityFiltersModelView | | O | O | O | |
| can delete on RowLevelSecurityFiltersModelView | | O | O | O | |
| muldelete on RowLevelSecurityFiltersModelView | | O | O | O | |
| can external metadata by name on Datasource | | | | O | |
| can get value on KV | | | | O | |
| can store on KV | | | | O | |
| can tagged objects on TagView | | | | O | |
| can suggestions on TagView | | | | O | |
| can get on TagView | | | | O | |
| can post on TagView | | | | O | |
| can delete on TagView | | | | O | |
| can edit on DashboardEmailScheduleView | | | | O | |
| can list on DashboardEmailScheduleView | | | | O | |
| can show on DashboardEmailScheduleView | | | | O | |
| can add on DashboardEmailScheduleView | | | | O | |
| can delete on DashboardEmailScheduleView | | | | O | |
| muldelete on DashboardEmailScheduleView | | | O | O | |
| can edit on SliceEmailScheduleView | | | | O | |
| can list on SliceEmailScheduleView | | | | O | |
| can show on SliceEmailScheduleView | | | | O | |
| can add on SliceEmailScheduleView | | | | O | |
| can delete on SliceEmailScheduleView | | | | O | |
| muldelete on SliceEmailScheduleView | | | O | O | |
| can edit on AlertModelView | | | | O | |
| can list on AlertModelView | | | | O | |
| can show on AlertModelView | | | | O | |
| can add on AlertModelView | | | | O | |
| can delete on AlertModelView | | | | O | |
| can list on AlertLogModelView | | | | O | |
| can show on AlertLogModelView | | | | O | |
| can list on AlertObservationModelView | | | | O | |
| can show on AlertObservationModelView | | | | O | |
| menu access on Row Level Security | | O | O | O | |
| menu access on Access requests | | | | O | |
| menu access on Home | | | | O | |
| menu access on Plugins | | | | O | |
| menu access on Dashboard Email Schedules | | | | O | |
| menu access on Chart Emails | | | | O | |
| menu access on Alerts | | | | O | |
| menu access on Alerts & Report | | | | O | |
| menu access on Scan New Datasources | | | | O | |
| can share dashboard on Superset | | | | O | |
| can share chart on Superset | | | | O | |
| can list on FilterSets | | | | O | |
| can add on FilterSets | | | | O | |
| can delete on FilterSets | | | | O | |
| can edit on FilterSets | | | | O | |
| can this form get on ColumnarToDatabaseView | | | | O | |
| can this form post on ColumnarToDatabaseView | | | | O | |
| menu access on Upload a Columnar file | | | | O | |
| can export on Chart | | | | O | |
| can write on DashboardFilterStateRestApi | | | | O | |
| can read on DashboardFilterStateRestApi | | | | O | |
| can write on DashboardPermalinkRestApi | | | | O | |
| can read on DashboardPermalinkRestApi | | | | O | |
| can delete embedded on Dashboard | | | | O | |
| can set embedded on Dashboard | | O | O | O | |
| can export on Dashboard | | | | O | |
| can get embedded on Dashboard | | | | O | |
| can export on Database | | O | O | O | |
| can export on Dataset | | | O | O | |
| can write on ExploreFormDataRestApi | | | | O | |
| can read on ExploreFormDataRestApi | | | | O | |
| can write on ExplorePermalinkRestApi | | | | O | |
| can read on ExplorePermalinkRestApi | | | | O | |
| can export on ImportExportRestApi | | | | O | |
| can import on ImportExportRestApi | | | | O | |
| can export on SavedQuery | | | | | |
| can dashboard permalink on Superset | | | | O | |
| can grant guest token on SecurityRestApi | | O | O | O | |
| can read on AdvancedDataType | | | | O | |
| can read on EmbeddedDashboard | | | | O | |
| can duplicate on Dataset | | | O | O | |
| can read on Explore | | | | O | |
| can samples on Datasource | | | O | O | |
| can read on AvailableDomains | | | | O | |
| can get or create dataset on Dataset | | | O | O | |
| can get column values on Datasource | | | O | O | |
| can export csv on SQLLab | | O | O | | |
| can get results on SQLLab | | O | O | | |
| can execute sql query on SQLLab | | O | O | | |
| can recent activity on Log | | | | O |