This topic describes the permissions of each of the preset workspace-level and global roles.
DataWorks provides the following preset workspace-level roles: workspace owner, workspace administrator, developer, O&M engineer, deployment engineer, visitor, security administrator, and model designer. You cannot assign the workspace owner role to other workspace members. For more information about the permissions of the preset roles, see Permission list.
|Tenant administrator||The permissions on all the service modules of DataWorks, excluding the permissions that are required for performing operations in the DataWorks console||Alibaba Cloud account, RAM users to which the AliyunDataWorksFullAccess policy is attached, and RAM users that are assigned the tenant administrator role by the RAM user who has been assigned the tenant administrator role||This role has full permissions in DataWorks, and can perform operations on all the service modules in DataWorks.|
|Tenant member||The same permissions as the development engineer role:
||No authorization is required. By default, all the RAM users that belong to the current Alibaba Cloud account are assigned the tenant member role.||By default, all the RAM users and RAM roles that belong to the current Alibaba Cloud account have the permissions of the tenant member role.|
|Tenant security administrator||All the permissions on Security Center, Approval Center, and Data Security Guard||The tenant administrator can assign the security administrator role to a RAM user.||This role is used to manage the security configurations in a workspace.|
|Data governance administrator||All the permissions on Data Governance||The tenant administrator can assign the data governance administrator role to a user.||This role is used to manage the features in Data Governance.|
|Data directory administrator||The permissions to manage data directories of Data Map||The tenant administrator can assign the data directory administrator role to a user.||This role is used to manage data directories of Data Map.|
|Metadata collection administrator||The permissions on metadata collection in Data Map||The tenant administrator can assign the metadata collection administrator role to a user.||This role is used to manage metadata collection in Data Map.|