You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: platform-cloud/docs/orgs-and-teams/roles.mdx
+46-7
Original file line number
Diff line number
Diff line change
@@ -18,12 +18,51 @@ You can group **members** and **collaborators** into **teams** and apply a role
18
18
19
19
### Workspace participant roles
20
20
21
-
-**Owner**: The participant has full permissions for all resources within the workspace, including the workspace settings.
22
-
-**Admin**: The participant has full permissions for resources associated with the workspace and access to all the actions associated with all roles, including all data-related roles. They can create, modify, and delete pipelines, compute environments, actions, credentials, and secrets. They can also add/remove users in the workspace and edit the workspace settings. A participant with this role cannot delete a workspace.
23
-
-**Maintain**: The participant can launch pipelines and modify pipeline executions (e.g., change the pipeline launch compute environment, parameters, pre/post-run scripts, Nextflow config), create new pipeline configurations in the Launchpad, and add secrets. They can upload, download, and preview data in Data Explorer, hide/unhide buckets, manage buckets, and manage the metadata associated with buckets.They can also add, update, and delete a Studio session. This includes starting, stopping, and changing the configuration. A participant with this role cannot modify compute environment settings and credentials, but can manage workspace labels and resource labels.
24
-
-**Launch**: The participant can launch pipelines and modify the pipeline input/output parameters in the Launchpad. This includes starting, stopping, and changing the configuration. They cannot modify the launch configuration or other resources. They can list, search and view the status, configuration, and details of Studio sessions and connect to a running session.
25
-
-**Connect**: The participant can list, search, and view the status, configuration, and details of Studio sessions. They cannot add, update (start/stop/change config) or delete Studio sessions. They can also connect to a running sessions and interact with the contents, and access team resources in read-only mode. They cannot launch or maintain pipelines. A participant with this role also cannot manage any data in Data Explorer — uploading, downloading, or previewing data, hiding/unhiding, managing buckets, or managing the metadata associated with buckets.
26
-
-**View**: The participant can only access team resources in read-only mode. This includes the ability to list, search, and view the status, configuration, and details of mounted data in Data Explorer and Studio sessions.
- If the participant role is Admin and the team role is Launch, the user will have Admin rights.
36
75
- If the participant role is Launch and the team role is Launch, the user will have Launch rights.
37
76
38
-
As a best practice, use teams as the primary vehicle for assigning rights within a workspace and only add named participants when one-off privilege escalations are deemed necessary.
77
+
As a best practice, use teams as the primary vehicle for assigning rights within a workspace and only add named participants when one-off privilege escalations are deemed necessary.
Copy file name to clipboardExpand all lines: platform-enterprise_versioned_docs/version-25.1/orgs-and-teams/roles.mdx
+46-7
Original file line number
Diff line number
Diff line change
@@ -18,12 +18,51 @@ You can group **members** and **collaborators** into **teams** and apply a role
18
18
19
19
### Workspace participant roles
20
20
21
-
-**Owner**: The participant has full permissions for all resources within the workspace, including the workspace settings.
22
-
-**Admin**: The participant has full permissions for resources associated with the workspace and access to all the actions associated with all roles, including all data-related roles. They can create, modify, and delete pipelines, compute environments, actions, credentials, and secrets. They can also add/remove users in the workspace and edit the workspace settings. A participant with this role cannot delete a workspace.
23
-
-**Maintain**: The participant can launch pipelines and modify pipeline executions (e.g., change the pipeline launch compute environment, parameters, pre/post-run scripts, Nextflow config), create new pipeline configurations in the Launchpad, and add secrets. They can upload, download, and preview data in Data Explorer, hide/unhide buckets, manage buckets, and manage the metadata associated with buckets.They can also add, update, and delete a Studio session. This includes starting, stopping, and changing the configuration. A participant with this role cannot modify compute environment settings and credentials, but can manage workspace labels and resource labels.
24
-
-**Launch**: The participant can launch pipelines and modify the pipeline input/output parameters in the Launchpad. This includes starting, stopping, and changing the configuration. They cannot modify the launch configuration or other resources. They can list, search and view the status, configuration, and details of Studio sessions and connect to a running session.
25
-
-**Connect**: The participant can list, search, and view the status, configuration, and details of Studio sessions. They cannot add, update (start/stop/change config) or delete Studio sessions. They can also connect to a running sessions and interact with the contents, and access team resources in read-only mode. They cannot launch or maintain pipelines. A participant with this role also cannot manage any data in Data Explorer — uploading, downloading, or previewing data, hiding/unhiding, managing buckets, or managing the metadata associated with buckets.
26
-
-**View**: The participant can only access team resources in read-only mode. This includes the ability to list, search, and view the status, configuration, and details of mounted data in Data Explorer and Studio sessions.
- If the participant role is Admin and the team role is Launch, the user will have Admin rights.
36
75
- If the participant role is Launch and the team role is Launch, the user will have Launch rights.
37
76
38
-
As a best practice, use teams as the primary vehicle for assigning rights within a workspace and only add named participants when one-off privilege escalations are deemed necessary.
77
+
As a best practice, use teams as the primary vehicle for assigning rights within a workspace and only add named participants when one-off privilege escalations are deemed necessary.
0 commit comments