Roles
Managing Optable DCN roles and permissions for users and service accounts
Roles let you assign granular permissions to specific Optable objects and prevent unwanted access to other objects. By granting only the necessary permissions to an account, you ensure maximum privacy, security and data governance.
Roles management can be done:
- by navigating to
https://<your DCN>.optable.co/admin/roles
Default roles are system roles created by Optable. They cannot be modified or deleted in any way.
Admin
is the default role the original platform admin is assigned to at the DCN creation time. An admin has all permissions. Future permissions added to Optable will automatically be granted to admins.Guest
is the default role that is suggested when inviting a new user to your Optable DCN. It has view-only permissions, on a limited set of features, excluding settings such as accounts
and roles
. Guests will be granted view-only access when Optable adds new permissions to the platform, unless the permission is a DCN setting, or is considered sensitive (e.g. privacy budget management).From the Roles page, click the "Create Role" button at the top-right of the page. Alternatively, you can click the
button of an existing role and duplicate it. The duplicated role is identical, except for the role

name
, which will be suffixed with -copy

You must give the role a
name
, a description
(both mandatory fields) and at least one permission
.View permissions are enforced in the UI however it is possible to create roles without these permissions through the CLI. Please refer to Permissions for more details.
Using the CLI, the command is
optable-cli role create <title> <description> <role-id> <permissions>
, where all permissions are listed individually. E.g.
optable-cli role create "ad ops" "ad ops can only access audiences." "ops-1" "permissions/audiences.view" "permissions/audiences.edit"
You will receive a confirmation message similar to this one:
{
"name": "nodes/acmeco/roles/ops-1",
"title": "ad ops",
"description": "ad ops can only access audiences.",
"permissions": [
"permissions/audiences.view",
"permissions/audiences.edit"
],
"created_at": "2022-08-30T20:43:20.010655650Z",
"updated_at": "2022-08-30T20:43:20.010655650Z",
"details": {}
}
Please note that future permissions added to an Optable DCN will not automatically be granted to user-created roles.
From the Roles page, click the
beside the relevant role and click "edit". Apply desired changes and save.


If the updated role is assigned to a user, you will get a prompt asking you to confirm your choice.

With the CLI, the command is
optable-cli role update <name> <title> <description> <permissions>
. As an example, suppose you want to change only the description of the ad ops role mentioned above, and remove its
audiences.edit
permission, you would use the following command:optable-cli role update "nodes/acmeco/roles/ops-1" "ad ops" "this is a new description" "permissions/audiences.view"
The name has to be the exact name shown in the
optable-cli role list
command, or as per the JSON example printed above. the name structure always is nodes/<your node name>/roles/<role id>
. All fields are required, and partial updates are not supported. From the Roles page, click the
beside the relevant role and click "delete". Please note that a role cannot be deleted if it is assigned to an account.


With the CLI, the command is
optable-cli role delete <name>
. Note that the name has to be the exact name shown in the optable-cli role list
command, or as per the JSON example printed above. The name structure always is nodes/<your node name>/roles/<role id>
.For instance, the command to delete the ad ops role would be
optable-cli role delete "nodes/staging1/roles/ops-1"
Last modified 9mo ago