Yandex Cloud
Search
Discuss with expertTry it for free
  • Customer Stories
  • Documentation
  • Blog
  • All Services
  • System Status
  • Marketplace
    • Featured
    • Infrastructure & Network
    • Data Platform
    • AI for business
    • Security
    • DevOps tools
    • Serverless
    • Monitoring & Resources
  • All Solutions
    • By industry
    • By use case
    • Economics and Pricing
    • Security
    • Technical Support
    • Start testing with double trial credits
    • Cloud credits to scale your IT product
    • Gateway to Russia
    • Cloud for Startups
    • Center for Technologies and Society
    • Yandex Cloud Partner program
    • Price calculator
    • Pricing plans
  • Customer Stories
  • Documentation
  • Blog
© 2026 Direct Cursus Technology L.L.C.
Yandex DataLens
  • DataLens neuroanalyst
    • Overview
    • DataLens roles
    • Access to data rows
    • Public access
  • Gallery in DataLens
  • Audit Trails events

In this article:

  • Roles required to access the service
  • Roles to work with API
  • Roles for workbooks, collections, and shared objects
  • Roles for workbooks
  • Roles for collections
  • Roles for shared objects
  1. Access management
  2. DataLens roles

Yandex DataLens roles

Written by
Yandex Cloud
Updated at June 29, 2026
View in Markdown
  • Roles required to access the service
  • Roles to work with API
  • Roles for workbooks, collections, and shared objects
    • Roles for workbooks
    • Roles for collections
    • Roles for shared objects

There are two types of roles in DataLens:

  • For service access: These roles are assigned to an organization and grant access to DataLens.
  • For workbooks and collections: These roles define the access level to each workbook or collection. They apply to users who switched to workbooks and collections to store their objects in DataLens.

Roles required to access the serviceRoles required to access the service

To grant a user access to DataLens, assign them a role. You can assign roles to a Yandex account, service account, federated or local users, user group, system group, or public group.

After switching to workbooks and collections
Before switching to workbooks and collections

datalens.visitordatalens.visitor

The datalens.visitor role grants access to DataLens. You can view and edit workbooks and collections if you have the appropriate roles that grant access to these workbooks and collections.

datalens.creatordatalens.creator

The datalens.creator role grants access to DataLens with a permission to create workbooks and collections in the DataLens root. You can view and edit workbooks and collections created by other users only if you have access permissions to these workbooks and collections.

This role includes the datalens.visitor permissions.

datalens.admindatalens.admin

The datalens.admin role grants full access to DataLens and any of its workbooks and collections.

This role includes the datalens.creator and datalens.metaReader permissions.

datalens.instances.userdatalens.instances.user

The datalens.instances.user role grants access to DataLens as a user with permissions to create, read, and edit objects according to the permissions to objects and allows to view information on organization folders.

After you assign a service role, you can grant the user permissions to objects and directories in DataLens.

Tip

We recommend using the datalens.creator role instead of the datalens.instances.user one. The two roles grant identical permissions, but using datalens.creator is safer, because it only allows access to the DataLens instance, and disallows viewing all organization folders.

datalens.instances.admindatalens.instances.admin

The datalens.instances.admin role allows you to access DataLens as a DataLens instance administrator. Administrators have full access to all objects and folders in DataLens, as well as to DataLens settings. The role also allows you to view information on organization folders.

This role includes the datalens.instances.user permissions.

Tip

We recommend using the datalens.admin role instead of the datalens.instances.admin one. The two roles grant identical permissions, but using datalens.admin is safer, because it only allows access to the DataLens instance, and disallows viewing all organization folders.

Roles to work with APIRoles to work with API

datalens.metaReaderdatalens.metaReader

The datalens.metaReader role enables executing requests from the Audit section in the DataLens Public API, as well as requests to get DataLens entities.

You can get the following entities:

  • Connection: getConnection method
  • Dataset: getDataset method
  • Wizard chart: getWizardChart method
  • Editor chart: getEditorChart method
  • QL chart: getQLChart method
  • Dashboard: getDashboard method
  • Report: getReport method

Warning

Getting entities will only work if the request includes the x-dl-audit-mode heading with the true value.

Roles for workbooks, collections, and shared objectsRoles for workbooks, collections, and shared objects

These roles are valid for users who adopted the new DataLens object layout: in workbooks and collections. Roles allow you to define the level of access a user or group of users has to each workbook, collection, or shared object.

Roles for workbooksRoles for workbooks

You can assign roles for workbooks to a user.

datalens.workbooks.limitedViewerdatalens.workbooks.limitedViewer

You can assign the datalens.workbooks.limitedViewer role to a workbook. With it, you can view all the workbook's nested charts, dashboards, and reports, as well as info on the access permissions granted for the workbook. In the DataLens UI, this role is referred to as Limited viewer. You may want to only assign this role through the DataLens UI.

datalens.workbooks.viewerdatalens.workbooks.viewer

You can assign the datalens.workbooks.viewer role to a workbook. With it, you can view all workbook's nested objects and the info on the access permissions granted for such a workbook. In the DataLens UI, this role is referred to as Viewer. You may want to only assign this role through the DataLens UI.

This role includes the datalens.workbooks.limitedViewer permissions.

datalens.workbooks.editordatalens.workbooks.editor

You can assign the datalens.workbooks.editor role to a workbook. With it, you can edit both the workbook and all its nested objects. In the DataLens UI, this role is referred to as Editor. You may want to only assign this role through the DataLens UI.

Users with this role can:

  • Edit the relevant workbook and create copies of it.
  • View and edit all workbook's nested objects.
  • View info on the access permissions granted for the workbook.

This role includes the datalens.workbooks.viewer permissions.

datalens.workbooks.admindatalens.workbooks.admin

You can assign the datalens.workbooks.admin role to a workbook. With it, you can manage the relevant workbook and access to it, as well as all its nested objects. In the DataLens UI, this role is referred to as Admin. You may want to only assign this role through the DataLens UI.

Users with this role can:

  • View info on the access permissions granted for the relevant workbook and modify such permissions.
  • Edit, move, create copies of, and delete the relevant workbook.
  • View and edit all workbook's nested objects.
  • Embed the workbook's nested private objects to websites and apps.
  • Publish the workbook's nested objects.

This role includes the datalens.workbooks.editor permissions.

Note

The workbook author automatically gets the datalens.workbooks.admin (Admin) role for the workbook as soon as it is created.

Roles for collectionsRoles for collections

You can assign a user roles for collections.

datalens.collections.visitordatalens.collections.visitor

The datalens.collections.visitor is assigned for a collection and enables viewing info on it without access to its nested objects. In the DataLens UI, this role is referred to as Visitor of collection. We recommend assigning this role only via the DataLens UI.

datalens.collections.limitedViewerdatalens.collections.limitedViewer

You can assign the datalens.collections.limitedViewer role to a collection. It allows you to view info on the collection and its nested collections and workbooks, which includes viewing charts, dashboards, and reports of the nested workbooks. In the DataLens UI, this role is referred to as Limited viewer. You may want to only assign this role through the DataLens UI.

Users with this role can:

  • View info on the relevant collection and its nested workbooks and collections.
  • View info on the access permissions granted for the appropriate collection, as well as for its nested collections and workbooks.
  • View charts, dashboards, and reports nested into the workbooks related to the appropriate collection and its nested collections.

This role includes the datalens.workbooks.limitedViewer permissions.

datalens.collections.viewerdatalens.collections.viewer

You can assign the datalens.collections.viewer role to a collection. It allows you to view the info on it and its nested collections and workbooks, as well as view all nested workbook objects. In the DataLens UI, this role is referred to as Viewer. You may want to only assign this role through the DataLens UI.

Users with this role can:

  • View info on the relevant collection and its nested workbooks and collections.
  • View info on the access permissions granted for the appropriate collection, as well as for its nested collections and workbooks.
  • View all nested objects of the workbooks related to the appropriate collection and its nested collections.

This role includes the datalens.collections.limitedViewer and datalens.workbooks.viewer permissions.

datalens.collections.limitedEntryBindingCreatordatalens.collections.limitedEntryBindingCreator

The datalens.collections.limitedEntryBindingCreator role is assigned for a collection and enables re-using common objects from it without delegation of access permissions. In the DataLens UI, this role is referred to as Bindings without delegation. We recommend assigning this role only via the DataLens UI.

This role includes the datalens.sharedEntries.limitedEntryBindingCreator permissions.

datalens.collections.entryBindingCreatordatalens.collections.entryBindingCreator

The datalens.collections.entryBindingCreator role is assigned for a collection and enables re-using common objects from it, both with and without delegation of access permissions. In the DataLens UI, this role is referred to as Bindings with delegation. We recommend assigning this role only via the DataLens UI.

This role includes the datalens.sharedEntries.entryBindingCreator permissions.

datalens.collections.creatordatalens.collections.creator

The datalens.collections.creator is assigned for a collection and enables viewing it as well as creating objects within it without access to any other objects residing within the collection. In the DataLens UI, this role is referred to as Creator in collection. We recommend assigning this role only via the DataLens UI.

This role includes the datalens.collections.visitor permissions.

datalens.collections.editordatalens.collections.editor

The datalens.collections.editor role is assigned for a collection and enables editing it and all its nested collections, workbooks, and all objects within such workbooks. In the DataLens UI, this role is referred to as Editor. We recommend assigning this role only via the DataLens UI.

Users with this role can:

  • View info on the relevant collection and its nested collections and workbooks.
  • Edit the appropriate collection and all its nested collections and workbooks.
  • Create copies of the appropriate collection's nested workbooks.
  • Create new collections and workbooks within the relevant collection and all its nested ones.
  • View and edit all nested objects of the workbooks pertaining to the appropriate collection and its nested collections.
  • View info on the access permissions granted for the appropriate collection, as well as for its nested collections and workbooks.

This role includes the datalens.collections.viewer and datalens.workbooks.editor permissions.

datalens.collections.admindatalens.collections.admin

The datalens.collections.admin role is assigned for a collection and enables managing this collection and access to it, as well as all its nested collections, workbooks, and all objects within such workbooks. In the DataLens UI, this role is referred to as Admin. We recommend assigning this role only via the DataLens UI.

Users with this role can:

  • View info on the access permissions granted for the appropriate collection and for its nested collections and workbooks, as well as modify such access permissions.
  • View info on the appropriate collection and its nested collections and workbooks.
  • Edit the appropriate collection and all its nested collections and workbooks.
  • Create copies of the appropriate collection's nested workbooks.
  • Move and delete the relevant collection and all its nested collections and workbooks.
  • Create new collections and workbooks within the relevant collection.
  • View and edit all nested objects of the workbooks pertaining to the appropriate collection and its nested collections.
  • Embed private objects nested into workbooks related to the relevant collection and its nested ones, to websites and apps.
  • Publish objects nested into the workbooks related to the appropriate collection and its nested collections.

This role includes the datalens.collections.editor and datalens.workbooks.admin permissions.

This role includes the datalens.collections.editor and datalens.workbooks.admin permissions.

Note

The role granted for a collection applies to all collections and their workbooks. The collection author automatically gets the datalens.collections.admin (Admin) role for the collection as soon as it is created.

Roles for shared objectsRoles for shared objects

datalens.sharedEntries.limitedViewerdatalens.sharedEntries.limitedViewer

The datalens.sharedEntries.limitedViewer role is assigned for a common object and enables viewing its charts and the dashboards that use it, without direct access to the common object itself. In the DataLens UI, this role is referred to as Limited viewer. We recommend assigning this role only via the DataLens UI.

datalens.sharedEntries.viewerdatalens.sharedEntries.viewer

The datalens.sharedEntries.viewer role is assigned for a common object and enables viewing it and its access permissions. In the DataLens UI, this role is referred to as Viewer. We recommend assigning this role only via the DataLens UI.

This role includes the datalens.sharedEntries.limitedViewer permissions.

datalens.sharedEntries.limitedEntryBindingCreatordatalens.sharedEntries.limitedEntryBindingCreator

The datalens.sharedEntries.limitedEntryBindingCreator role is assigned for a common object and enables re-using it in workbooks without delegation of access permissions. In the DataLens UI, this role is referred to as Bindings without delegation. We recommend assigning this role only via the DataLens UI.

datalens.sharedEntries.entryBindingCreatordatalens.sharedEntries.entryBindingCreator

The datalens.sharedEntries.entryBindingCreator role is assigned for a common object and enables re-using it in workbooks, both with and without delegation of access permissions. In the DataLens UI, this role is referred to as Bindings with delegation. We recommend assigning this role only via the DataLens UI.

This role includes the datalens.sharedEntries.limitedEntryBindingCreator permissions.

datalens.sharedEntries.editordatalens.sharedEntries.editor

The datalens.sharedEntries.editor role is assigned for a common object and enables editing and viewing it, as well as viewing its access permissions. In the DataLens UI, this role is referred to as Editor. We recommend assigning this role only via the DataLens UI.

This role includes the datalens.sharedEntries.viewer permissions.

datalens.sharedEntries.admindatalens.sharedEntries.admin

The datalens.sharedEntries.admin role is assigned for a common object and enables viewing it and entirely managing it, including editing, moving, deleting, and configuring its access permissions. In the DataLens UI, this role is referred to as Admin. We recommend assigning this role only via the DataLens UI.

This role includes the datalens.sharedEntries.editor and datalens.sharedEntries.entryBindingCreator permissions.

Was the article helpful?

Previous
Overview
Next
Overview
© 2026 Direct Cursus Technology L.L.C.