All Products
Search

This Product

    Dataphin:Global role management

    Document Center

    Dataphin:Global role management

    Last Updated:May 28, 2025

    Dataphin supports controlling user access to functional modules and features within a module through global roles. This topic describes how to create and manage custom global roles.

    Prerequisites

    The following built-in global roles require the corresponding modules to be activated before you can use the global role features, including Quality Administrator (requires purchasing either Asset Quality or Tag Factory), Datastandards Administrator (requires purchasing Data Standard), Cross-Tenant-Publish Administrator (requires purchasing Cross-Tenant Publishing), Tag User (requires purchasing Tag Factory).

    Background

    Global roles are divided into system roles and custom roles.

    • System roles: System built-in roles are predefined during system initialization. Users cannot add system roles. These roles have specific permissions and responsibilities, designed to provide basic feature access and operation control for different types of users or scenarios. They can be assigned to users or used as templates to create custom roles. Dataphin system global roles are as follows.

      Role name

      Role description

      Supports disabling

      Supports editing

      Super administrator

      Has operation and management permissions for all modules except cross-tenant publishing.

      No

      No

      General user

      Only has view permissions for most non-confidential modules.

      No

      Yes

      System administrator

      Has the highest permissions for the planning module and Management Center except for data source management, including management of data domains, projects, computing engines, and modification of various Management Center configurations.

      Yes

      Yes

      Data steward

      Has management permissions for the asset catalog, including creating, editing, and deleting asset topics and modifying catalog configurations.

      Yes

      Yes

      Security administrator

      Has the highest permissions for the security module, including management of project security policies, data detection and desensitization rules, algorithms, and keys.

      Yes

      Yes

      Quality administrator

      Has the highest permissions for the quality module, including creating quality rules for data tables, data sources, and other resources, along with viewing generated data quality reports.

      Yes

      Yes

      Datasource administrator

      Has management permissions for all data sources, including creating, editing, and deleting data sources, along with setting data source throttling.

      Yes

      Yes

      Datastandards administrator

      Has the highest permissions for the standard module, including management of all standard sets, mapping rules, and reference data.

      Yes

      Yes

      Cross-tenant-publish administrator

      Has operation permissions for cross-tenant data publishing, can export and import deployment packages.

      Yes

      Yes

      Tag user

      Only has usage permissions for the asset marketplace and asset applications in the tag module.

      Yes

      Yes

      For more information, see Appendix: Global and project role permission description.

      Note

      When editing system roles, you cannot modify the role name.

    • Custom roles: Super administrators and system administrators can create and configure different roles based on specific requirements using the custom role feature. Through custom roles, permissions can be flexibly assigned according to different members' responsibilities, permission scopes, and workflows, ensuring that each member can only access and operate the resources needed for their work. For details about creating and managing custom roles, see the following sections.

    Permission description

    • Super administrators and system administrators can create, edit, clone, enable, disable, and delete global roles.

    • Regular members can only view role details.

    Create a custom global role

    1. In the top navigation bar of the Dataphin homepage, choose Management Center > Member Management.

    2. In the left-side navigation pane, choose Account Management > Global Role Management. On the Global Role Management page, click +Create Custom Global Role.

    3. On the Create Custom Role page, configure the following parameters.

      Parameter

      Description

      Basic Information

      Role Name

      We recommend that you name the role based on business scenarios. The name cannot exceed 64 characters and must be unique among current global role names.

      Role Description

      We recommend that you describe the role based on its positioning and usage scenarios to facilitate viewing the role information. The description cannot exceed 512 characters.

      Menu Feature Permission Configuration

      Configure permissions for the role. The current menu feature order is the same as the order in the menu settings. You can click Menu Settings to go to Style Configuration > Menu Settings to configure the menu. You can also click Reuse Role Permissions to reuse the permissions of the selected role as the default permissions for the current role, which you can then configure further.

      For permission descriptions of related roles, see Global role permission description.

      Important

      If a role does not have view permissions for a feature, users with that role will not be able to access the feature when they log on to Dataphin (the feature will not appear in the menu bar).

    4. Click OK to complete the creation of the custom global role.

      If you click Cancel, the edited content will not be saved when the dialog box is closed.

    View and manage custom global roles

    1. In the top navigation bar of the Dataphin homepage, choose Management Center > Member Management.

    2. In the left-side navigation pane, choose Account Management > Global Role Management.

    3. On the Global Role Management page, view information such as role names and role descriptions in the global role list.

      • Global Role: Divided into System Role and Custom Role.

        • System Role: Includes Super Administrator, System Administrator, Data Steward, Security Administrator, Quality Administrator, Datasource Administrator, Datastandards Administrator, Cross-Tenant-Publish Administrator, General User, and Tag User.

        • Custom Role: Roles created based on business scenarios.

      • Role Description: Shows the permission description of the global role to help you understand the permissions that the role supports.

    4. In the global role list, you can view, clone, edit, and delete global roles.

      The specific operations and descriptions are as follows.

      Note

      • System Role supports the operations of View Role Details, Enable, Disable, and Clone as Custom Role.

      • Custom Role supports the operations of View Role Details, Clone as Custom Role, Edit, and Delete.

      Operation

      Description

      Enable

      You can enable a global role that is disabled.

      Click the switch in the Enabled column of the target global role to enable the current global role. After enabling, the role can be used and granted normally.

      Disable

      You can disable a global role that is enabled.

      1. Click the switch in the Enabled column of the target global role.

      2. In the dialog box that appears, click OK. After disabling, the role cannot be used or granted normally, and it will affect the built-in approval workflows in the system.

      Note

      • Super Administrator and General User cannot be disabled.

      • If the current global role is not referenced by any member, it can be disabled directly. If it is already referenced by members, you need to specify a new role for those members.

      View Role Details

      Click the image icon in the Actions column of the target global role to view the Basic Information and Project Permission Points on the global role details page.

      For custom roles, you can click Edit Configuration on the global role details page to modify Basic Information, Reuse Role Permissions, and Menu Feature Permission Configuration.

      Clone as Custom Role

      Quickly clone the current global role as a custom role. All information in the cloned custom role can be modified. Both System Role and Custom Role can be cloned.

      1. Click the image icon in the Actions column of the target global role.

      2. On the Clone Custom Role/Clone System Role page, modify the Basic Information, Reuse Role Permissions, and Menu Feature Permission Configuration of the global role. After you complete the configuration, click OK.

      Edit

      Click the image icon in the Actions column of the target custom role to modify the Basic Information, Reuse Role Permissions and Menu Feature Permission Configuration of the current custom role. After you complete the configuration, click OK.

      Delete

      Delete redundant or unused custom roles.

      1. Click the image icon in the Actions column of the custom role and select Delete.

      2. In the dialog box that appears, click OK.

      Note

      If the current global role is already referenced by members, you need to specify a new role for those members. These members will no longer have approval permissions for the approval workflows that were the responsibility of the original role.