Roles
Managing Optable DCN roles and permissions for users and service accounts
Getting Started
Roles let you assign granular permissions to specific Optable objects and prevent unwanted access to other objects. By granting only the necessary permissions to an account, you ensure maximum privacy, security and data governance.
Roles management can be done:
by navigating to
https://<your DCN>.optable.co/admin/roles
or by using the
role
command in the Optable CLI
Default Roles
Default roles are system roles created by Optable. They cannot be modified or deleted in any way.
Admin
is the default role the original platform admin is assigned to at the DCN creation time. An admin has all permissions. Future permissions added to Optable will automatically be granted to admins.
Guest
is the default role that is suggested when inviting a new user to your Optable DCN. It has view-only permissions, on a limited set of features, excluding settings such as accounts
and roles
. Guests will be granted view-only access when Optable adds new permissions to the platform, unless the permission is a DCN setting, or is considered sensitive (e.g. privacy budget management).
Creating a Role
You must give the role a name
, a description
(both mandatory fields) and at least one permission
.
View permissions are enforced in the UI however it is possible to create roles without these permissions through the CLI. Please refer to Permissions for more details.
Using the CLI, the command is optable-cli role create <title> <description> <role-id> <permissions>
, where all permissions are listed individually.
E.g. optable-cli role create "ad ops" "ad ops can only access audiences." "ops-1" "permissions/audiences.view" "permissions/audiences.edit"
You will receive a confirmation message similar to this one:
Please note that future permissions added to an Optable DCN will not automatically be granted to user-created roles.
Updating a Role
If the updated role is assigned to a user, you will get a prompt asking you to confirm your choice.
With the CLI, the command is optable-cli role update <name> <title> <description> <permissions>
.
As an example, suppose you want to change only the description of the ad ops role mentioned above, and remove its audiences.edit
permission, you would use the following command:
optable-cli role update "nodes/acmeco/roles/ops-1" "ad ops" "this is a new description" "permissions/audiences.view"
The name has to be the exact name shown in the optable-cli role list
command, or as per the JSON example printed above. the name structure always is nodes/<your node name>/roles/<role id>
. All fields are required, and partial updates are not supported.
Deleting a Role
With the CLI, the command is optable-cli role delete <name>
. Note that the name has to be the exact name shown in the optable-cli role list
command, or as per the JSON example printed above. The name structure always is nodes/<your node name>/roles/<role id>
.
For instance, the command to delete the ad ops role would be optable-cli role delete "nodes/staging1/roles/ops-1"
Assigning a Role
Roles can be assigned when inviting a user, creating a service account, or by updating accounts.
Last updated