User Permissions are managed within the Console > Admin. Also, see Access Control for other mechanisms that manage access to resources and capabilities.
The Team page displays the users associated with an account and visible to all users. The Treasure Data permission system has 3 levels:
There can be only one ‘Owner’ user for each account – it’s the user that originally created the account. This user has permission to perform any permission on the account, including closing it.
All users in the account are initially added as ‘Restricted’ (see below for definition). Any of these users can be promoted as account ‘Administrator’. An account administrator can perform practically any operation on an account. This includes managing other Restricted users' settings but excludes managing other Administrator and Owner users' settings.
‘Restricted’ is the permission level associated with any new user by default. Restricted users need to be explicitly granted access to specific areas of the platform. Restricted users cannot change their permissions or whitelist settings.
In the Profile view of Restricted users, there is a Permissions tab that only owners and administrators can edit.
Profile users with the role of Restricted must be assigned specific permissions in the following areas:
Audience Suite: ability to access profiles and segmentation pages and features.
- No access
- Full access
User-Defined Workflows: ability to view, edit workflows and run workflows.
- View Only
- View and Run
- Full Access
Local Database: access level to any of the databases in the account.
- Import Only
- Query Only
- Full Access
The access levels for database mimic ‘read & write’, ‘read’, and ‘write’ permissions.
Audience Suite and Workflow are visible only if the features are included as part of your account.
If your role is ‘owner’ or ‘administrator’, you do not see a Permissions tab on in your own profile view and have full access to the account platform.