User Roles Permissions

The following table describes available permissions and how they are assigned to User Roles. User permissions are part of our ongoing development processes and are subject to change.

You can review the user roles in your workspace and their permissions via the following gray page:

https://secure.gooddata.com/gdc/projects/{workspace_id}/roles

Permission identifier

Permission description, if available

Administrator

Editor

Editor + Invitations

Editor + User Admin

Explorer

Viewer

Viewer (disabled exports)

Explorer (embedded only)**

Viewer (embedded only)**

canAccessIntegration

 

canAccessWorkbench

Access the GoodData Portal directly (log in)

canAssignUserWithRole

Assign the same or a less powerful role to a user

canCreateAnalyticalDashboard

Create a KPI dashboard object via API

canCreateAttribute

Create an attribute object via API or MAQL

canCreateAttributeGroup

Create a dimension object via API or MAQL

canCreateAttributeLabel

Create a label object via API or MAQL

canCreateColumn

Create a column object via API or MAQL

canCreateComment

Create a comment object via API or MAQL

canCreateDataSet

Create a dataset object via API or MAQL

canCreateDomain

Create a domain via API or MAQL

canCreateETLFile

Create an ETL file object via API or MAQL

canCreateExecutionContextCreate an execution context object (saved view, see Using Saved Views) via API

canCreateFact

Create a fact object via API or MAQL

canCreateFilterSettingsCreate a filter context object via API

canCreateFolder

Create a folder object via API or MAQL

canCreateMetric

Create a metric object via API

canCreateProjectDashboard

Create a dashboard object via API

canCreatePrompt

Create a variable object via API

canCreateReport

Create a report object via API

canCreateReportDefinition

Create a report definition object via API

canCreateRole

Create a new user role via API

canCreateScheduledMail

Create a scheduled email object and a KPI alert object

canCreateTable

Create a table object via API or MAQL

canCreateTableDataLoad

Create a table data load object via API

canCreateVisualization

Create a KPI object, KPI widget object, and an insight object via API

canEnrichData 

canExecuteRun a report and list objects via catalogs

canExecuteRawDownload a complete report

canExportDashboardExport a dashboard

canExportFromADSExport data from ADS

canExportReportExport a report

canInitData

Run MAQL DDL and DML, access a workspace staging directory

canInviteUserToProject

Invite a user to a workspace or delete an invitation

canListInvitationsInProject

Read valid invitations

canListUsersInProject

List users, roles, and permissions

canManageACL

Add, remove, and list ACLs (Access Control Lists) on an object

canManageAnalyticalDashboard

Modify and delete a KPI dashboard object

canManageAttribute

Modify and remove an attribute object, run MAQL DDL

canManageAttributeGroup

Run MAQL DDL

canManageAttributeLabel

Modify and delete an attribute label object, run MAQL DDL

canManageColumn

Modify and delete a column object, run MAQL DDL

canManageComment

Modify and delete a comment object, run MAQL DDL

canManageDataSet

Modify and delete a dataset object, run MAQL DDL

canManageDomain

Modify and delete a domain, run MAQL DDL

canManageETLFile

Modify and delete an ETL file object, run MAQL DDL

canManageExecutionContextModify and delete an execution context object (saved view)

canManageFact

Modify and delete a fact object, run MAQL DDL

canManageFilterSettingsModify and delete a filter setting object

canManageFolder

Modify and delete a folder

canManageIntegration

 

canManageIsProductionModify the isProduction flag

canManageMetric

Modify and delete a metric, run MAQL DDL, run the MAQL validator, change metric visibility via the unlisted flag

canManageProject

Modify workspace metadata, see the workspace token, lock and unlock objects, delete locked objects, set and unset the restricted flag on objects, clear cache, delete a workspace

canManageProjectDashboard

Modify and delete a workspace dashboard object, change dashboard visibility via the unlisted flag

canManagePrompt

Modify and delete a variable object

canManagePublicAccessCode

Create and delete a public access code

canManageReport

Modify and delete a report object, change report visibility via the unlisted flag

canManageReportDefinition

Modify and delete a report definition object

canManageScheduledMail

Modify and delete a scheduled email object and a KPI alert object, list available scheduled emails and KPI alerts

canManageTable

Modify and delete a table object, run MAQL DDL

canManageTableDataLoad

Modify and delete a table data load object, run MAQL DDL

canManageTranslationsManage metadata translation files

canManageVisualization

Modify and delete a KPI object, KPI widget object, and an insight object

canMaintainProject

Export and import a workspace, clean data, and set data permissions

canMaintainUserFilter

Create and modify data permissions, list available data permission objects

canMaintainUserFilterRelation

Manage relations between data permissions and users

canRefreshData

Run uploads, load date dimensions, access a workspace staging directory

canSeeOtherUserDetails

See a user's details

canSeePublicAccessCode

List public access codes

canSetLocaleSet a timezone for a workspace

canSetProjectVariables

Set variables on a workspace level

canSetStyle 

canSetUserVariables

Set variables on a user level

canSuspendUserFromProject

Remove a user from a workspace

canValidateProject

Run metadata validation and Data Warehouse validation

canUploadNonProductionCSV

Upload CSV files via CSV Uploader*

* If enabled in the workspace

** Only in embedded mode

Create a Custom User Role