Roles and Permission Matrix
Transform has a both primary and secondary roles in the product. Primary roles map to assignments that are given when a user is created in the interface, and secondary roles are roles that are assumed based on certain actions or assignments that come after a primary role designation.
Primary Roles
Organization Administrator
Organization Administrators have elevated privileges and can take most actions across the Transform App. Currently, there are only administrative actions available in the Metrics Catalog.
Administrators can change metadata about a metric (without ownership), edit and remove team members, as well as view and update settings around DW credentials.
User
Users can view and interact with most components of the interface but will not be able to take administrative actions, such as editing and managing users. Additionally, they will not be able to change anything about a metric in the UI unless they are explicitly an owner. A user is the default setting for an account that is not an administrator.
Object Related Roles
Team Administrator Team administrators can be either users or organization administrators. A person with an account in Transform can become a Team Admin by creating a team. Team Admins can take high-level actions around their team settings and on team pages.
Metric Owners Metric owners can be Teams (a set of users) or individual Users. These assignments must be designated through the Framework or User interface. Metric Owners can take high-level actions around the metric description, approval, and ownership of a given metric.
Content Owners Content owners are the creators of a piece of content, which can be a Saved Query, Board, Annotation, or Question.
Note: We have left metric owners, team administrators, and content owners out of the matrix and denoted which actions matter for these roles by indicating how a user's permissions change based on them.
Permissions Matrix
| Component | Action | Org. Admin | User |
|---|---|---|---|
| Settings | Edit/Invite Users in Transform | ✔️ | - |
| Create Teams | ✔️ | ✔️ | |
| Edit/Add Users to Teams | ✔️ | If user is Team Admin | |
| Edit DW Credentials | ✔️ | - | |
| Edit MQL Server Settings | ✔️ | - | |
| Create API Key for oneself | ✔️ | ✔️ | |
| View MQL Query Logs | ✔️ | ✔️ | |
| Set up Integrations* | ✔️ | - | |
| Modify Org. Security Settings | ✔️ | - | |
| Interact w/API Explorer & Model Page | ✔️ | ✔️ | |
| Metrics | View and Query Metric | ✔️ | ✔️ |
| See All Private Metrics w/o ownership or access | ✔️ | - | |
| Edit Metric Description | ✔️ | If user or user's team owns metric | |
| Update Metric Metadata (includes setting alerts) | ✔️ | If user or user's team owns metric | |
| Create Annotation | ✔️ | ✔️ | |
| Edit/Delete Annotation | ✔️ | If user authored | |
| Create Question | ✔️ | ✔️ | |
| Edit Question | If admin authored | If user authored | |
| Delete Question | ✔️ | If user authored | |
| Approve Metrics | ✔️ | If user is owner | |
| Add Metric Owners | ✔️ | If user is owner | |
| Subscribe to Metrics | ✔️ | ✔️ | |
| Add Subscribers to Metrics | ✔️ | If user or user's team owns metric | |
| Query & Board | Create & Save Query | ✔️ | ✔️ |
| Share and Export Query | ✔️ | ✔️ | |
| Add to Board | ✔️ | ✔️ | |
| Delete Query* | ✔️ | If user created query | |
| Update Query | If admin created query | If user created query | |
| Create Board | ✔️ | ✔️ | |
| Update Board | If admin owner of board | If user or user's team owner of board | |
| Delete Board | ✔️ | If user or user's team owner of board | |
| MetricFlow and APIs | Run MQL queries (in any supported interface) | ✔️ | ✔️ |
| Committing Models | ✔️ | ✔️ | |
| Query through Transform Integrations | ✔️ | ✔️ |
Remarks
- This matrix does not take into account private metrics. If a metric is private, only authorized users will have access to it
- Certain integrations do not require an organization administrator to set up such as Google Sheets and Tableau.
- Deleting queries is only possible if the query isn't being consumed on a Board.
- Metrics cannot be deleted from the Transform application unless removed from the YAML file and committed to the repository.