Authorization Levels for Repository Items

Introduction

This page gives an overview of the item-related roles and associated privileges that can be assigned in Cadenza Workbooks. If you’re looking for system privileges then you can find them here: System Privileges and Default Roles

Each item (repository, data source, object type, workbook) in Cadenza Workbooks has individual roles that can be assigned to a user. A user can therefore have different roles for different items. This allows a user to have write access to one workbook and edit its contents while having read-only access to another workbook. In addition, there can be workbooks to which he has no access at all.

The item related roles are an addition to the standard roles in Cadenza Workbooks. A user can have different item related roles for different items, but in Cadenza the user has only one standard role, which defines his functionality holistically via application privileges.

The following tables show the roles and privileges for the individual items. All tables are structured in the same way:

  • On the horizontal axis are the hard coded roles of the item

  • On the vertical axis are the privileges that grant certain actions or views in Cadenza

Repository

Use content

Edit content

Manage content

Edit and manage

Owner

Granted Actions

See repository in the repository overview in the Management Center

  • The repository is shown in the list of repositories in the MC

Open repository and see its items

  • Repository items can be loaded from the repository (permissions on the item needed)

  • The detail view of the repository can be opened in the MC

  • If repository has publication control active then user can see only published OTs (permissions on the item needed)

Edit content of repository (add, edit and delete items)

  • Repository items can be written into the repository (additional privilege(s) on the item needed)

  • New items can be created in this Repository. (additional system privileges needed)

    • Workbooks

    • Objecttypes (Self-Service, Routing, Geocoding, etc…​.)

    • Datasources

    • Projects

  • Edit/modify items (additional privilege(s) on the item needed)

  • Delete items (additional privilege(s) on the item needed)

  • If repository has publication control active then user can see dev. and published OTs (additional privilege(s) on the item needed)

Edit repository

  • Change print name of the repository

  • Define CDS data source of repository

  • Define default template for workbook reports of the repository

    • Requires additional privileges on the template

  • In case of projects being active:

    • Change project settings such as project variables

See the items of the repository in the overviews in the Management Center, delete them and see their owners

  • Grants all listing, delete and seeOwner privileges on all items in the repo

  • Import of this repository (Additional system privilege needed)

Access all items of repository without any restrictions

  • Get all privileges of all items in the repo

    • Exclusive the writeData privilege of the OT

  • Export of this repository (Additional system privilege needed)

  • CRUD navigator of repository

  • Execute the test suite tests of the repository

Delete repository

  • Delete the repository

Share repository

  • Access the permission tab in the administration

  • Change the role assignment of this repository

See owner of repository

  • See the owner of repository

Change owner of repository

Project

Use (restricted)

Use (unrestricted)

Edit and manage

Owner

Granted Actions

See project in the project overview in the Management Center

  • The project is listed in the overview list of projects in the Management Center

Use project workbooks in a restricted way

  • Startpage of project accessible (e.g. through navigator)

    • Due to inheritance also workbooks and OTs of the project are accessible with visibleRestricted privileges. See tables below.

Use project workbooks

  • The details page of the project in the Management Center can be accessed

Add, edit and delete workbooks and objecttypes

  • Add/edit/delete workbooks and object types (permissions on the item needed)

Edit project properties

  • Change properties of the project

    • deletion times

Delete project

  • delete the project

Share project

  • share the project

See owner of project

  • See the owner of the project (for example in the overview list in MC)

Change owner of project

Data protection context

Every authorization level: The user can see at the name if a DPC is set.

Use

Edit content

Edit and manage

Owner

Granted Actions

See data protection in the data protection overview in the Management Center

DPC is listed, e.g. in the MC, with limited details

Use data protection context

Details of the DPC can be read (e.g. detail page in MC)

Add projects, workbooks and objecttypes to the data protection context

OT, Workbooks and projects can be assigned to the DPC, DPC can be changed/updated (adding OTs)

Change data protection context properties

Details of an DPC can be changed. DPC can be prolonged/confirmed

Delete data protection context

DPC can be deleted

Share data protection context

DPC can be shared

See owner of data protection context

See the owner of the DPC (for example in the overview list in MC)

Change owner of data protection context

Datasource

Every authorization level:

  • view details of an object type that is based on this data source

  • use object type in workbook that is based on this data source

  • see the name of the data source (e.g. if shown on OT or in data manager or in filters in the Management Center)

  • A CDS data source can be used to import data without any authorization level on it (additional privilege(s) on the repository needed)

Use

Edit and manage

Owner

Granted Actions

See data source in the data source overview in the Management Center

  • Data source is listed, e.g. in the MC, with limited details

Open data source

  • view details of the data source (without URL or authentication)

Create an objecttype from data source

  • Create an OT based on the data source in the Management Center

    • In case of a CDS (Cadenza Data Store) this enables the user to access all database tables and thereby access all data by all users❗

  • See the database table and columns that an OT and its attributes are based on (requires additional permissions on the OT)

  • Change the database table a BOT is based on (requires additional permissions on the OT)

  • Create or edit a function attribute (additional permissions required)

Edit data source

  • view details of the data source (with URL and authentication)

  • edit details of the data source including URL and authentication

Delete data source

  • delete the data source

Share data source

  • Access the permission tab in the administration of a ds

  • Change the role assignment of this ds

See owner of data source

  • See the owner of the data source (for example in the overview list in MC)

Change owner of data source

  • Access the permission tab in the administration of a ds

  • Change the owner of this ds

Objecttype

Use (restricted)

Use (unrestricted)

Edit and manage

Owner

Write data

Granted Actions

See objecttype in the objecttype overview in the Management Center

  • Objecttypes do appear in the Management Center listing page

Use objecttype in a restricted way

  • Objecttypes in visible workbooks can be used

  • Objecttypes do not appear in the data browser

Use objecttype without any restrictions

  • Objecttypes in visible workbooks can be used

  • Objecttypes appear in the data browser

  • Details page of object type can be accessed in the Management Center

Edit and overwrite objecttype

  • The Objecttype can be modified

  • The user can use DEV / PUBLISHED versions

  • CRUD the OT’s associations

Change data of objecttype

  • The user can add and remove data in the objecttype table

Delete objecttype

  • Delete the object type

Share objecttype

  • Access the permission tab in the administration of an ot

  • Change the role assignment of this object type

See owner of objecttype

  • See the owner of the object type (for example in the overview list in MC)

Change owner of objecttype

  • Access the permission tab in the administration of an ot

  • Change the owner of this object type

Workbook

Use in simplified mode

Use

Edit and manage

Owner

Granted Actions

See workbook in the workbook repository in the Management Center

  • Workbook is shown in the overview list in the Management Center with limited details

Open the workbook and use it with restricted access and simplified mode

  • The workbook is shown in the repository tree

  • The opened workbook has restricted functionality defined here TODO

Open the workbook without restrictions and create a copy if necessary

  • The workbook can be changed in any way

  • The details page in MC can be opened

  • The user can save a copy of the workbook (save as)

Overwrite workbook

  • The workbook can be overridden in the repository

  • The user can use DEV / PUBLISHED versions

Delete workbook

  • Delete the workbook

Share workbook

  • Access the permission tab in the administration and workbook ui

  • Change the role assignment of this workbook

See owner of workbook

  • See the owner of the workbook (for example in the overview list in MC)

Change owner of workbook

  • Access the permission tab in the administration and workbook ui

  • Change the owner of this workbook

Analytic Extension

Every authorization level:

Analytics Extension type "Data Generation" or "Data Enrichment"

  • Use object types (visualize data etc.) - more privileges needed on the OT depending on the action.

Use

Edit and manage

Owner

Granted Actions

See analytics extension in the analytics extension overview in the Management Center

  • See the extension in the list of Analytics Extensions in the Management Center

    • But not the URL

    • Opening the tab of Analytics Extensions in the Management Center requires additional system privilege MANAGE_ANALYTICS_EXTENSIONS

Use analytics extension

  • Use Analytics Extension in a workbook - See specifics for the three types:

    • Analytics Extension type "Visualization"

      • Use the visualization type for a new view

      • Change the visualization type of an existing view to the type provided by the extension

    • Analytics Extension type "Data Generation"

      • Add a new object type to a workbook

    • Analytics Extension type "Data Enrichment"

      • Enrich an existing object type

Edit analytics extension

  • Open the detail view in the Management Center

  • See the URL in the list of Analytics Extensions

  • Edit the name, description and URL

  • Renew handshake with service (Update the Analytics Extension’s definition)

Delete analytics extension

  • Delete the Analytics Extensions

Share analytics extension

  • Grant authorization to other users

See owner of analytics extension

  • See the owner (e.g. in the list of Analytics Extensions in the Management Center)

Change owner of analytics extension

  • Change owner

Base link to external content

Use

Edit and manage

Owner

Granted Actions

See base link in the base link overview in the Management Center

  • The base link is visible in the overview list in MC

Use base link

  • The base link’s extensions are visible in the tree

  • The base link’s extensions can be opened

  • The base link’s detail view can be opened in the MC

Edit base link

  • The user can change and save the base link and its extensions

Delete base link

  • The user can delete the base link

Share base link

  • The user can share the base link

See owner of base link

  • See the owner (e.g. in the list of base links in the Management Center)

Change owner of base link

  • The user can change the owner of the base link

Workbook Report Layout

Use

Edit and manage

Owner

Granted Actions

See report template in the report template overview in the Management Center

  • The report layout is visible in the overview list in MC

Use report template

  • The report layout can be selected when exporting an ad-hoc report (view or worksheet) to PDF.

  • The report layout can be selected when defining a curated report in the workbook management dialog.

  • The report layout is visible in the MC and its detail view can be opened

  • The report layout can be duplicated

    • Requires additional privileges on the repository (→ modifyContent)

  • The report layout can be set as default of the repository.

    • Requires additional privileges on the repository.

Edit report template

  • The user can change and save the report layout in the MC.

Additionally, the ManageReportTemplates system privilege is required.

Delete report template

  • The user can delete the report layout in the MC.

Additionally, the ManageReportTemplates system privilege is required.

Share report template

  • The user can share the report layout in the MC.

See owner of report template

  • See the owner (e.g. in the list of report layouts in the Management Center)

Change owner of report template

  • The user can change the owner of the report layout in the MC.

Layer

Use

Edit and manage

Owner

Granted Actions

See layer in the layer overview in the Management Center

  • The layer is listed in the overview list of layers in the MC

Use layer

  • The layer is visible in the layer catalog when loading layers.

  • The layer is visible in the layer catalog in MC and the detail view can be opened

Edit and overwrite layer

  • The user can overwrite the layer when saving layers to catalog

  • The user can change folder where layer is saved in MC

  • The user can change of layer name in MC

  • The user can save labels for layer in MC

Delete layer

  • The user can delete the layer from the layer catalog in MC

Share layer

  • The user can share the layer in the MC.

See owner of layer

  • See the owner (e.g. in the list of layers in the Management Center)

Change owner of layer

  • The user can change the owner of the layer in the MC.

Map views

Every authorization level:

The "default" map view can be used by any user without additional privileges:

  • visible privilege on the repository is still needed additionally

  • visible privilege on the default map view is granted "automatically"

  • for editing/overwriting/deleting the default map view write/delete privileges still need to be assigned to the user

Use

Edit and manage

Owner

Granted Actions

See map view in the map view overview in the Management Center

  • The curated map view is listed in the list of map views in the MC.

Use map view

  • The curated map view is visible in the catalog when loading curated map views.

  • The detail view of the map view can be opened in the MC

Edit and overwrite map view

  • The user can change name of curated map view in MC

  • The user can save description for curated map view in MC

  • The user can overwrite curated map view when saving

Delete map view

  • The user can delete the curated map view from the layer catalog in MC

Share map view

  • The user can share the curated map view in the MC.

See owner of map view

  • See the owner (e.g. in the list of map views in the Management Center)

Change owner of map view

  • The user can change the owner of the curated map view in the MC.

Directory

Write

Owner

Granted Actions

Save repository elements into the directory

The user can save repository items into the Navigator or layer catalog directory