User Roles Permissions
The following table describes available permissions and how they are assigned to User Roles. User permissions are part of our ongoing development processes and are subject to change.
You can review the user roles in your workspace and their permissions via the following gray page:
https://secure.gooddata.com/gdc/projects/{workspace_id}/roles
In GoodData, terms workspace and project denote the same entity. For example, project ID is exactly the same as workspace ID. See Find Workspace ID.
Permission identifier | Permission description, if available | Administrator | Editor | Editor + Invitations | Editor + User Admin | Explorer | Viewer | Viewer (disabled exports) | Explorer (embedded only)** | Viewer (embedded only)** |
---|---|---|---|---|---|---|---|---|---|---|
canAccessIntegration | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ❌ | |
canAccessWorkbench | Access the GoodData Portal directly (log in) | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ❌ | ❌ |
canAssignUserWithRole | Assign the same or a less powerful role to a user | ✅ | ❌ | ❌ | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ |
canCreateAnalyticalDashboard | Create a KPI dashboard object via API | ✅ | ✅ | ✅ | ✅ | ✅ | ❌ | ❌ | ✅ | ❌ |
canCreateAttribute | Create an attribute object via API or MAQL | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ |
canCreateAttributeGroup | Create a dimension object via API or MAQL | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ |
canCreateAttributeLabel | Create a label object via API or MAQL | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ |
canCreateColumn | Create a column object via API or MAQL | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ |
canCreateComment | Create a comment object via API or MAQL | ✅ | ✅ | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ |
canCreateDataSet | Create a dataset object via API or MAQL | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ |
canCreateDomain | Create a domain via API or MAQL | ✅ | ✅ | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ |
canCreateETLFile | Create an ETL file object via API or MAQL | ✅ | ✅ | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ |
canCreateExecutionContext | Create an execution context object (saved view, see Using Saved Views) via API | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
canCreateFact | Create a fact object via API or MAQL | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ |
canCreateFilterSettings | Create a filter context object via API | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
canCreateFolder | Create a folder object via API or MAQL | ✅ | ✅ | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ |
canCreateMetric | Create a metric object via API | ✅ | ✅ | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ |
canCreateProjectDashboard | Create a dashboard object via API | ✅ | ✅ | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ |
canCreatePrompt | Create a variable object via API | ✅ | ❌ | ❌ | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ |
canCreateReport | Create a report object via API | ✅ | ✅ | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ |
canCreateReportDefinition | Create a report definition object via API | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
canCreateRole | Create a new user role via API | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ |
canCreateScheduledMail | Create a scheduled email object and a KPI alert object | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
canCreateTable | Create a table object via API or MAQL | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ |
canCreateTableDataLoad | Create a table data load object via API | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ |
canCreateVisualization | Create a KPI object, KPI widget object, and an insight object via API | ✅ | ✅ | ✅ | ✅ | ✅ | ❌ | ❌ | ✅ | ❌ |
canEnrichData | ✅ | ✅ | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | |
canExecute | Run a report and list objects via catalogs | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
canExecuteRaw | Download a complete report | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ❌ | ✅ | ✅ |
canExportDashboard | Export a dashboard | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
canExportFromADS | Export data from ADS | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ |
canExportReport | Export a report | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ❌ | ✅ | ✅ |
canInitData | Run MAQL DDL and DML, access a workspace staging directory | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ |
canInviteUserToProject | Invite a user to a workspace or delete an invitation | ✅ | ❌ | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ |
canListInvitationsInProject | Read valid invitations | ✅ | ✅ | ✅ | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ |
canListUsersInProject | List users, roles, and permissions | ✅ | ✅ | ✅ | ✅ | ✅ | ❌ | ❌ | ✅ | ❌ |
canManageACL | Add, remove, and list ACLs (Access Control Lists) on an object | ✅ | ✅ | ✅ | ✅ | ✅ | ❌ | ❌ | ✅ | ❌ |
canManageAnalyticalDashboard | Modify and delete a KPI dashboard object | ✅ | ✅ | ✅ | ✅ | ✅ | ❌ | ❌ | ✅ | ❌ |
canManageAttribute | Modify and remove an attribute object, run MAQL DDL | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ |
canManageAttributeGroup | Run MAQL DDL | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ |
canManageAttributeLabel | Modify and delete an attribute label object, run MAQL DDL | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ |
canManageColumn | Modify and delete a column object, run MAQL DDL | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ |
canManageComment | Modify and delete a comment object, run MAQL DDL | ✅ | ✅ | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ |
canManageDataSet | Modify and delete a dataset object, run MAQL DDL | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ |
canManageDomain | Modify and delete a domain, run MAQL DDL | ✅ | ✅ | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ |
canManageETLFile | Modify and delete an ETL file object, run MAQL DDL | ✅ | ✅ | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ |
canManageExecutionContext | Modify and delete an execution context object (saved view) | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
canManageFact | Modify and delete a fact object, run MAQL DDL | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ |
canManageFilterSettings | Modify and delete a filter setting object | ✅ | ✅ | ✅ | ✅ | ✅ | ❌ | ❌ | ✅ | ❌ |
canManageFolder | Modify and delete a folder | ✅ | ✅ | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ |
canManageIntegration | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | |
canManageIsProduction | Modify the isProduction flag | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ |
canManageMetric | Modify and delete a metric, run MAQL DDL, run the MAQL validator, change metric visibility via the unlisted flag | ✅ | ✅ | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ |
canManageProject | Modify workspace metadata, see the workspace token, lock and unlock objects, delete locked objects, set and unset the restricted flag on objects, clear cache, delete a workspace | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ |
canManageProjectDashboard | Modify and delete a workspace dashboard object, change dashboard visibility via the unlisted flag | ✅ | ✅ | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ |
canManagePrompt | Modify and delete a variable object | ✅ | ❌ | ❌ | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ |
canManagePublicAccessCode | Create and delete a public access code | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ |
canManageReport | Modify and delete a report object, change report visibility via the unlisted flag | ✅ | ✅ | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ |
canManageReportDefinition | Modify and delete a report definition object | ✅ | ✅ | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ |
canManageScheduledMail | Modify and delete a scheduled email object and a KPI alert object, list available scheduled emails and KPI alerts | ✅ | ✅ | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ |
canManageTable | Modify and delete a table object, run MAQL DDL | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ |
canManageTableDataLoad | Modify and delete a table data load object, run MAQL DDL | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ |
canManageTranslations | Manage metadata translation files | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ |
canManageVisualization | Modify and delete a KPI object, KPI widget object, and an insight object | ✅ | ✅ | ✅ | ✅ | ✅ | ❌ | ❌ | ✅ | ❌ |
canMaintainProject | Export and import a workspace, clean data, and set data permissions | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ |
canMaintainUserFilter | Create and modify data permissions, list available data permission objects | ✅ | ❌ | ❌ | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ |
canMaintainUserFilterRelation | Manage relations between data permissions and users | ✅ | ❌ | ❌ | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ |
canRefreshData | Run uploads, load date dimensions, access a workspace staging directory | ✅ | ✅ | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ |
canSeeOtherUserDetails | See a user's details | ✅ | ✅ | ✅ | ✅ | ✅ | ❌ | ❌ | ✅ | ❌ |
canSeePublicAccessCode | List public access codes | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ |
canSetLocale | Set a timezone for a workspace | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ |
canSetProjectVariables | Set variables on a workspace level | ✅ | ❌ | ❌ | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ |
canSetStyle | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | |
canSetUserVariables | Set variables on a user level | ✅ | ❌ | ❌ | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ |
canSuspendUserFromProject | Remove a user from a workspace | ✅ | ❌ | ❌ | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ |
canValidateProject | Run metadata validation and Data Warehouse validation | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ |
canUploadNonProductionCSV | Upload CSV files via CSV Uploader* | ✅ | ✅ | ✅ | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ |
* If enabled in the workspace
** Only in embedded mode