Permissions
Each role in DX is mapped to a set of permissions. Permissions define the level of access that a user is granted to each feature within the platform.
Permissions are mapped per role below, broken down by Core Persona roles, Elevated roles, and Sensitive Data roles. For more on roles and the various types, see Roles.
Note: Permission availability is contingent on which product features are enabled for your account. For example, scorecard, catalog, and self-service workflow permissions are only available to Fabric customers.
Data Studio permissions: Access to Data Studio (to both view and create reports) is defined for your entire organization in Admin > Access & Visibility. By default, everyone in your organization with Data Cloud access will also have access to Data Studio. You can limit the access of Data Studio to one of the following groups of roles:
- Everyone
- Workspace admins and privileged users
- Workspace admins, privileged users, and team leads
- Nobody
Permissions for Core Persona roles
The table below breaks down the permissions available for each Core Persona role. Each user in DX must be assigned one of the three Core Persona roles.
| Permission | Contributor | Team Lead | Workspace Admin |
|---|---|---|---|
| Bulk nudge | ✓ | ||
| Close snapshots | ✓ | ||
| Create entity reports | ✓ | ||
| Create private scorecards | ✓ | ✓ | ✓ |
| Create studies/PlatformX | ✓ | ||
| Edit teams in UI when admins have permission | ✓ | ||
| Edit teams in UI when managers have permission | ✓ | ✓ | |
| Export PDF reports | ✓ | ||
| Manage all scorecards | ✓ | ||
| Manage API tokens (data cloud) | ✓ | ||
| Manage catalog | ✓ | ||
| Manage data connectors | ✓ | ||
| Manage database users | ✓ | ||
| Manage deploy rules | ✓ | ||
| Manage onboarding | ✓ | ||
| Manage report collections | ✓ | ||
| Manage report defaults | ✓ | ||
| Manage self-service workflows | ✓ | ||
| Manage Slack / Teams / Webex / SSO | ✓ | ||
| Manage snapshot settings | ✓ | ||
| Manage tag groups, directory sync, data files | ✓ | ||
| Manage user roles | ✓ | ||
| Manage versioned teams | ✓ | ||
| Org settings (access & visibility) | ✓ | ||
| Preview snapshot results | ✓ | ||
| Review quarantined comments | |||
| Triage (own team) | ✓ | ✓ | |
| Upload CapEx salary data | |||
| Upload org CSV/change team hierarchy | ✓ | ||
| View attrition risk | ✓ | ||
| View benchmark reports | ✓ | ||
| View CapEx | ✓ | ||
| View snapshot settings (read-only) | ✓ | ||
| View snapshot status | ✓ | ✓ |
Permissions for Elevated roles
The table below breaks down the permissions available for each Elevated role. Users may be assigned any combination of elevated roles in addition to their Core Persona role.
| Permission | Snapshot Admin | Snapshot Analyst | Snapshot Observer | Database Admin | Data Integrator | Scorecard Admin | Self-Service Admin |
|---|---|---|---|---|---|---|---|
| Bulk nudge | ✓ | ||||||
| Close snapshots | ✓ | ||||||
| Create entity reports | ✓ | ||||||
| Create private scorecards | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |
| Create studies/PlatformX | ✓ | ||||||
| Edit teams in UI when admins have permission | ✓ | ||||||
| Edit teams in UI when managers have permission | ✓ | ||||||
| Export PDF reports | ✓ | ✓ | |||||
| Manage all scorecards | ✓ | ✓ | |||||
| Manage API tokens (data cloud) | ✓ | ||||||
| Manage catalog | ✓ | ||||||
| Manage data connectors | ✓ | ||||||
| Manage database users | ✓ | ||||||
| Manage deploy rules | ✓ | ✓ | |||||
| Manage onboarding | ✓ | ||||||
| Manage report collections | ✓ | ||||||
| Manage report defaults | ✓ | ||||||
| Manage self-service workflows | ✓ | ✓ | |||||
| Manage Slack / Teams / Webex / SSO | ✓ | ||||||
| Manage snapshot settings | ✓ | ||||||
| Manage tag groups, directory sync, data files | ✓ | ✓ | |||||
| Manage user roles | ✓ | ✓ | |||||
| Manage versioned teams | ✓ | ✓ | |||||
| Org settings (access & visibility) | ✓ | ||||||
| Preview snapshot results | ✓ | ✓ | |||||
| Review quarantined comments | ✓ | ||||||
| Triage (own team) | ✓ | ||||||
| Upload CapEx salary data | |||||||
| Upload org CSV/change team hierarchy | ✓ | ✓ | |||||
| View attrition risk | ✓ | ||||||
| View benchmark reports | ✓ | ✓ | |||||
| View CapEx | ✓ | ✓ | |||||
| View snapshot settings (read-only) | ✓ | ✓ | |||||
| View snapshot status | ✓ | ✓ | ✓ |
Permissions for Sensitive Data roles
The table below breaks down the permissions available for each Sensitive Data role. Users may be assigned Sensitive Data roles in addition to their Core Persona and Elevated role(s).
| Permission | Privileged | Interviewer | Finance Manager |
|---|---|---|---|
| Bulk nudge | ✓ | ||
| Close snapshots | |||
| Create entity reports | |||
| Create private scorecards | ✓ | ✓ | ✓ |
| Create studies/PlatformX | ✓ | ||
| Edit teams in UI when admins have permission | |||
| Edit teams in UI when managers have permission | |||
| Export PDF reports | |||
| Manage all scorecards | |||
| Manage API tokens (data cloud) | |||
| Manage catalog | |||
| Manage data connectors | |||
| Manage database users | |||
| Manage deploy rules | |||
| Manage onboarding | |||
| Manage report collections | |||
| Manage report defaults | |||
| Manage self-service workflows | |||
| Manage Slack / Teams / Webex / SSO | |||
| Manage snapshot settings | |||
| Manage tag groups, directory sync, data files | |||
| Manage user roles | |||
| Manage versioned teams | |||
| Org settings (access & visibility) | |||
| Preview snapshot results | |||
| Review quarantined comments | |||
| Triage (own team) | |||
| Upload CapEx salary data | ✓ | ||
| Upload org CSV/change team hierarchy | |||
| View attrition risk | ✓ | ||
| View benchmark reports | |||
| View CapEx | ✓ | ✓ | |
| View snapshot settings (read-only) | |||
| View snapshot status |