Roles & Permissions
Managing access through roles and rights.
The Data Mesh Manager implements role-based access control (RBAC).
Organization
An organization is a logical unit (tenant) that covers the data mesh of a company. To implement different environments, e.g. development and production, we recommend creating a separate organization for each environment.
Roles
The Data Mesh Manager offers the following roles for its users:
- Organization Member
- can view data products, data contracts, global policies and governance meetings
- Organization Owner
- can view and edit all resources
- can edit organization members (invite new members, remove members, change roles)
- can create and delete teams
- can create API keys that have the same rights as an organization owner
- Team Member (Domain Team)
- can edit data products for their team
- can edit data contracts for their team
- can request access to other data products as a data consumer
- can cancel data usage agreements as a data consumer
- can approve/reject/cancel data usage agreements for their team's data products as a data provider
- can invite other Organization Members to their team
- Team Member (Governance Group)
- can edit policies and governance meetings
A user can be a member of multiple organizations, and multiple teams per organization.
Permissions
- Data Products
- All organization members can view them
- Only the members of the team that owns the data product can edit them
- Data Usage Agreements
- All organization members can view them
- Only the members of the consuming team can request access to a provider's data product output port
- Only the members of the providing team can approve or reject requested data usage agreements
- Only the members of the providing and consuming teams can cancel approved data usage agreements
- Only the members of the providing and consuming teams can edit data usage agreements, with changes captured in audit trail