DataLens roles
There are two types of roles in DataLens:
- For service access: These roles are assigned for an organization and grant access to DataLens.
- For workbooks and collections: These roles define the access level to each workbook or collection. They apply to users who switched to workbooks and collections to store their objects in DataLens.
Roles required to access the service
To grant a user access to DataLens, assign them a role. You can assign roles to a Yandex account, a service account, federated users, a user group, or a system group.
datalens.instances.user
The datalens.instances.user role grants access to DataLens as a user with permissions to create, read, and edit objects according to the permissions to objects.
After you assign a service role, you can grant the user permissions to access objects and directories in DataLens.
Tip
Even if you have not switched to workbooks and collections yet, we recommend using the datalens.creator role instead of datalens.instances.user. For navigation across folders, the new role functions as the old one. The only difference is that datalens.instances.user allows viewing all organization folders, so it is safer to use datalens.creator.
datalens.instances.admin
This datalens.instances.admin role allows you to access DataLens as a DataLens instance administrator. Administrators have full access to all objects and folders in DataLens, as well as to DataLens settings.
Tip
Even if you have not switched to workbooks and collections yet, we recommend using the datalens.admin role instead of datalens.instances.admin. For navigation across folders, the new role functions as the old one. The only difference is that datalens.instances.admin allows viewing all organization folders, so it is safer to use datalens.admin.
datalens.visitor
The datalens.visitor role grants access to DataLens. You can view and edit workbooks and collections if you have the appropriate roles that grant access to these workbooks and collections.
datalens.creator
The datalens.creator role grants access to DataLens with a permission to create workbooks and collections in the DataLens root. You can view and edit workbooks and collections created by other users only if you have access permissions to these workbooks and collections.
datalens.admin
The datalens.admin role grants full access to DataLens and any of its workbooks and collections.
Roles for workbooks and collections
These roles apply to users who switched to a new approach to storing DataLens objects: in workbooks and collections. The roles allow you to define the level of access to each workbook or collection for a user or a user group.
Roles for workbooks
You can assign a user roles for workbooks.
datalens.workbooks.limitedViewer
You can assign the datalens.workbooks.limitedViewer role to a workbook. With it, you can view all workbook's nested charts and dashboards and the info on the access permissions granted for such a workbook. In the DataLens UI, this role is referred to as Limited viewer.
datalens.workbooks.viewer
You can assign the datalens.workbooks.viewer role to a workbook. With it, you can view all workbook's nested objects and the info on the access permissions granted for such a workbook. In the DataLens UI, this role is referred to as Viewer.
This role also includes the datalens.workbooks.limitedViewer permissions.
datalens.workbooks.editor
You can assign the datalens.workbooks.editor role to a workbook. With it, you can edit both the workbook and all its nested objects. In the DataLens UI, this role is referred to as Editor.
Users with this role can:
- Edit the relevant workbook and create copies of it.
- View and edit all workbook's nested objects.
- View info on the access permissions granted for the workbook.
This role also includes the datalens.workbooks.viewer permissions.
datalens.workbooks.admin
You can assign the datalens.workbooks.admin role to a workbook. With it, you can manage the relevant workbook and access to it, as well as all its nested objects. In the DataLens UI, this role is referred to as Admin.
Users with this role can:
- View info on the access permissions granted for the relevant workbook and modify such permissions.
- Edit, move, create copies of, and delete the relevant workbook.
- View and edit all workbook's nested objects.
- Embed the workbook's nested private objects to websites and apps.
- Publish the workbook's nested objects.
This role also includes the datalens.workbooks.editor permissions.
Note
The author of a workbook is automatically assigned the datalens.workbooks.admin (Admin) role for the workbook.
Roles for collections
You can assign a user roles for collections.
datalens.collections.limitedViewer
You can assign the datalens.collections.limitedViewer role to a collection. It allows you to view the info on it and its nested collections and workbooks, which includes viewing charts and dashboards of the nested workbook workbooks. In the DataLens UI, this role is referred to as Limited viewer.
Users with this role can:
- View info on the relevant collection and its nested workbooks and collections.
- View info on the access permissions granted for the appropriate collection, as well as for its nested collections and workbooks.
- View charts and dashboards nested into the workbooks related to the appropriate collection and its nested collections.
This role also includes the datalens.workbooks.limitedViewer permissions.
datalens.collections.viewer
You can assign the datalens.collections.viewer role to a collection. It allows you to view the info on it and its nested collections and workbooks, as well as view all nested workbook objects. In the DataLens UI, this role is referred to as Viewer.
Users with this role can:
- View info on the relevant collection and its nested workbooks and collections.
- View info on the access permissions granted for the appropriate collection, as well as for its nested collections and workbooks.
- View all nested objects of the workbooks related to the appropriate collection and its nested collections.
This role also includes the datalens.collections.limitedViewer and datalens.workbooks.viewer permissions.
datalens.collections.editor
You can assign the datalens.collections.editor role to a collection. It allows you to edit the relevant collection and all its nested collections, workbooks, and all objects within such workbooks. In the DataLens UI, this role is referred to as Editor.
Users with this role can:
- View info on the relevant collection and its nested collections and workbooks.
- Edit the relevant collection and all its nested collections and workbooks.
- Create copies of the relevant collection and all its nested collections and workbooks.
- Create new collections and workbooks within the relevant collection and all its nested ones.
- View and edit all nested objects of the workbooks related to the appropriate collection and its nested collections.
- View info on the access permissions granted for the appropriate collection, as well as for its nested collections and workbooks.
This role also includes the datalens.collections.viewer and datalens.workbooks.editor permissions.
datalens.collections.admin
You can assign the datalens.collections.admin role to a collection. It allows you to manage the relevant collection and access to it, as well as all its nested collections, workbooks, and all objects within such workbooks. In the DataLens UI, this role is referred to as Admin.
Users with this role can:
- View info on the access permissions granted for the appropriate collection and for its nested collections and workbooks, as well as modify such access permissions.
- View info on the relevant collection and its nested collections and workbooks.
- Edit the relevant collection and all its nested collections and workbooks, as well as create copies of it.
- Move and delete the relevant collection and all its nested collections and workbooks.
- Create new collections and workbooks within the relevant collection.
- View and edit all nested objects of the workbooks related to the appropriate collection and its nested collections.
- Embed the private objects nested into workbooks related to the relevant collection and its nested ones, to websites and apps.
- Publish the objects nested into the workbooks related to the appropriate collection and its nested collections.
This role also includes the datalens.collections.editor and datalens.workbooks.admin permissions.
Note
The role granted for a collection applies to all collections and their workbooks. The author of a collection is automatically assigned the datalens.collections.admin (Admin) role for the collection.