DataLens roles
There are two types of roles in DataLens:
- For service access: These roles are assigned for an organization and grant access to DataLens.
- For workbooks and collections: These roles define the access level to each workbook or collection. They apply to users who switched to workbooks and collections to store their objects in DataLens.
Roles required to access the service
To grant a user access to DataLens, assign them a role. Roles can be assigned to a Yandex account, a service account, federated users, a user group, or a system group.
datalens.instances.user
The datalens.instances.user
role grants access to DataLens as a user with permissions to create, read, and edit objects according to the permissions to objects.
After you assign a service role, you can grant the user permissions to objects and directories in DataLens.
Tip
Even if you have not switched to workbooks and collections yet, we recommend using the datalens.creator
role instead of datalens.instances.user
. For navigation across folders, the new role functions as the old one. The only difference is that datalens.instances.user
allows viewing all organization folders, so it is safer to use datalens.creator
.
datalens.instances.admin
This datalens.instances.admin
role allows you to access DataLens as a DataLens instance administrator. Administrators have full access to all objects and folders in DataLens, as well as to DataLens
Tip
Even if you have not switched to workbooks and collections yet, we recommend using the datalens.admin
role instead of datalens.instances.admin
. For navigation across folders, the new role functions as the old one. The only difference is that datalens.instances.admin
allows viewing all organization folders, so it is safer to use datalens.admin
.
datalens.visitor
The datalens.visitor
role grants access to DataLens. You can view and edit workbooks and collections if you have the appropriate roles that grant access to these workbooks and collections.
datalens.creator
The datalens.creator
role grants access to DataLens with a permission to create workbooks and collections in the DataLens root. You can view and edit workbooks and collections created by other users only if you have access permissions to these workbooks and collections.
datalens.admin
The datalens.admin
role grants full access to DataLens and any of its workbooks and collections.
Roles for workbooks and collections
These roles apply to users who switched to a new approach to storing DataLens objects: in workbooks and collections. The roles allow you to define the level of access to each workbook or collection for a user or a user group.
Roles for workbooks
You can assign a user roles for workbooks.
Limited viewer
The Limited viewer
role allows you to view all charts and dashboards inside a workbook without editing them.
Viewer
The Viewer
role allows you to view workbook contents without editing them.
Editor
The Editor
role allows you to edit and copy workbook contents.
Admin
The Admin
role allows you to view and edit workbook contents, move, copy, and delete workbooks, and manage access to them.
Note
The author of a workbook is automatically assigned the Admin
role for the workbook.
Roles for collections
You can assign a user roles for collections.
Limited viewer
The Limited viewer
role allows you to view collections and their workbooks without editing them. Within workbooks, users can only view charts and dashboards.
Viewer
The Viewer
role allows you to view collection contents without editing them.
Editor
The Editor
role allows users to edit collections: create and edit collections and their workbooks.
Admin
The Admin
role grants full access to collections and their contents, including permission to manage access to them and move collections and their contents.
Note
The role granted for a collection applies to all collections and their workbooks. The author of a collection is automatically assigned the Admin
role for the collection.