Service roles to manage metadata in Yandex Data Catalog
- Top-level service roles
- Roles for catalog access management
- Roles for metadata set access management
- Roles for classification access management
- Roles for classification tag access management
- Roles for domain access management
- Roles for dictionary access management
- Roles for glossary term access management
- Roles for ingestion access management
- Roles for ingestion source access management
- Roles for metadata link access management
- What roles do I need
Note
This feature is in the Preview stage.
To view information about metadata catalogs and manage their resources, you can use Yandex Data Catalog service roles at the following levels:
- Service
- Catalog
- Metadata set
- Classification
- Classification tag
- Domain
- Glossary
- Glossary term
- Ingestion
- Ingestion source
- Metadata link
Top-level service roles
data-catalog.auditor
The data-catalog.auditor role enables viewing info on Data Catalogs resources and quotes.
Users with this role can:
- View info on catalogs in Data Catalog and access permissions granted for them.
- View info on domainsin Data Catalog and access permissions granted for them.
- View info on sources and downloads in Data Catalog.
- View info on data and data links in Data Catalog.
- View info on glossaries and terms links in Data Catalog.
- View info on classifications and tags links in Data Catalog.
- View info on the Data Catalog quotes.
This role includes the data-catalog.catalogs.auditor, data-catalog.domains.auditor, data-catalog.ingestionSources.auditor, data-catalog.ingestions.auditor, data-catalog.assets.auditor, data-catalog.lineages.auditor, data-catalog.glossaries.auditor, data-catalog.glossaryTerms.auditor, data-catalog.classifications.auditor, and data-catalog.classificationTags.auditor permissions.
data-catalog.viewer
The data-catalog.viewer role enables viewing info on Data Catalogs resources and quotes.
Users with this role can:
- View info on catalogs in Data Catalog and access permissions granted for them.
- View info on domainsin Data Catalog and access permissions granted for them.
- View info on sources and downloads in Data Catalog.
- View info on data and data links in Data Catalog.
- View info on glossaries and terms links in Data Catalog.
- View info on classifications and tags links in Data Catalog.
- View info on the Data Catalog quotes.
This role includes the data-catalog.auditor permissions.
data-catalog.editor
The data-catalog.editor role enables managing Data Catalog resources.
Users with this role can:
- View info on catalogs in Data Catalog and access permissions granted for them as well as create, modify, and delete such catalogs.
- View info on domains in Data Catalog and access permissions granted for them as well as create, use, modify, and delete such catalogs.
- View info on sources in Data Catalog as well as create, modify, and delete them.
- View info on downloads in Data Catalog as well as create, modify, and delete them.
- View info on data in Data Catalog as well as create, modify, and delete such data.
- View info on data links in Data Catalog as well as create, modify, and delete them.
- View info on glossaries in Data Catalog as well as create, modify, and delete them.
- View info on terms in Data Catalog as well as create, use, modify, and delete them.
- View info on classifications in Data Catalog as well as create, modify, and delete them.
- View info on tags in Data Catalog as well as create, use, modify, and delete them.
- View info on the Data Catalog quotes.
This role includes the data-catalog.catalogs.editor, data-catalog.domains.editor, data-catalog.ingestionSources.editor, data-catalog.ingestions.editor, data-catalog.assets.editor, data-catalog.lineages.editor, data-catalog.glossaries.editor, data-catalog.glossaryTerms.editor, data-catalog.classifications.editor, and data-catalog.classificationTags.editor permissions.
data-catalog.admin
The data-catalog.admin role enables managing Data Catalog resources and access to them.
Users with this role can:
- View info on access permissions granted for catalogs in Data Catalog and modify such permissions.
- View info on catalogs in Data Catalog as well as create, modify, and delete them.
- View info on access permissions granted for domains in Data Catalog and modify such permissions.
- View info on domains in Data Catalog as well as create, use, modify, and delete them.
- View info on sources in Data Catalog as well as create, modify, and delete them.
- View info on downloads in Data Catalog as well as start, stop, modify, and delete them.
- View info on data in Data Catalog as well as create, modify, and delete such data.
- View info on data links in Data Catalog as well as create, modify, and delete them.
- View info on glossaries in Data Catalog as well as create, modify, and delete them.
- View info on terms in Data Catalog as well as create, use, modify, and delete them.
- View info on classifications in Data Catalog as well as create, modify, and delete them.
- View info on tags in Data Catalog as well as create, use, modify, and delete them.
- View info on the Data Catalog quotes.
This role includes the data-catalog.catalogs.admin, data-catalog.domains.admin, data-catalog.ingestionSources.admin, data-catalog.ingestions.admin, data-catalog.assets.admin, data-catalog.lineages.admin, data-catalog.glossaries.admin, data-catalog.glossaryTerms.admin, data-catalog.classifications.admin, and data-catalog.classificationTags.admin permissions.
data-catalog.dataSteward
The data-catalog.dataSteward role enables viewing info on Data Catalogs resources, using and modifying such resources, and managing Data Catalog downloads.
Users with this role can:
- View info on catalogs in Data Catalog and access permissions granted for them.
- View info on domains in Data Catalog and access permissions granted for them, as well as use and modify such domains.
- View info on sources in Data Catalog and modify them.
- View info on downloads in Data Catalog as well as start, stop, and modify them.
- View info on data and data links in Data Catalog as well as modify such data and data links.
- View info on glossaries in Data Catalog and modify them.
- View info on terms in Data Catalog as well as use and modify them.
- View info on classifications in Data Catalog and modify them.
- View info on tags in Data Catalog as well as use and modify them.
- View info on the Data Catalog quotes.
This role includes the data-catalog.dataConsumer permissions.
data-catalog.dataConsumer
The data-catalog.dataConsumer role enables viewing info on Data Catalogs resources as well as using and modifying them.
This role does not enable modifying sources or managing Data Catalog downloads.
Users with this role can:
- View info on catalogs in Data Catalog and access permissions granted for them.
- View info on domains in Data Catalog and access permissions granted for them, as well as use and modify such domains.
- View info on sources and downloads in Data Catalog.
- View info on data and data links in Data Catalog as well as modify such data and data links.
- View info on glossaries in Data Catalog and modify them.
- View info on terms in Data Catalog as well as use and modify them.
- View info on classifications in Data Catalog and modify them.
- View info on tags in Data Catalog as well as use and modify them.
- View info on the Data Catalog quotes.
This role includes the data-catalog.viewer and data-catalog.user permissions.
data-catalog.user
The data-catalog.user role enables viewing info on domains, tags, and terms in Data Catalog as well as using such domains, tags, and terms.
This role includes the data-catalog.domains.user, data-catalog.classificationTags.user, and data-catalog.glossaryTerms.user permissions.
Roles for catalog access management
data-catalog.catalogs.auditor
The data-catalog.catalogs.auditor role enables viewing info on catalogs in Data Catalog, access permissions granted for them, and the Data Catalog quotes.
data-catalog.catalogs.viewer
The data-catalog.catalogs.viewer role enables viewing info on catalogs in Data Catalog, access permissions granted for them, and the Data Catalog quotes.
This role includes the data-catalog.catalogs.auditor permissions.
data-catalog.catalogs.editor
The data-catalog.catalogs.editor role enables viewing info on catalogs in Data Catalog and managing them.
Users with this role can:
- View info on catalogs in Data Catalog as well as create, modify, and delete them.
- View info on access permissions granted to catalogs in Data Catalog.
- View info on the Data Catalog quotes.
This role includes the data-catalog.catalogs.viewer permissions.
data-catalog.catalogs.admin
The data-catalog.catalogs.admin role enables managing catalogs and access to them in Data Catalog.
Users with this role can:
- View info on access permissions granted for catalogs in Data Catalog and modify such permissions.
- View info on catalogs in Data Catalog as well as create, modify, and delete them.
- View info on the Data Catalog quotes.
This role includes the data-catalog.catalogs.editor permissions.
Roles for metadata set access management
data-catalog.assets.auditor
The data-catalog.assets.auditor role enables viewing info on data in Data Catalog.
data-catalog.assets.viewer
The data-catalog.catalogs.viewer role enables viewing info on catalogs in Data Catalog, access permissions granted for them, and the Data Catalog quotes.
This role includes the data-catalog.catalogs.auditor permissions.
data-catalog.assets.editor
The data-catalog.assets.editor role enables viewing info on data in Data Catalog as well as creating, modifying, and deleting such data.
This role includes the data-catalog.assets.viewer permissions.
data-catalog.assets.admin
The data-catalog.catalogs.admin role enables managing catalogs and access to them in Data Catalog.
Users with this role can:
- View info on access permissions granted for catalogs in Data Catalog and modify such permissions.
- View info on catalogs in Data Catalog as well as create, modify, and delete them.
- View info on the Data Catalog quotes.
This role includes the data-catalog.catalogs.editor permissions.
Roles for classification access management
data-catalog.classifications.auditor
The data-catalog.classifications.auditor role enables viewing info on classifications in Data Catalog.
data-catalog.classifications.viewer
The data-catalog.classifications.viewer role enables viewing info on classifications in Data Catalog.
This role includes the data-catalog.classifications.auditor permissions.
data-catalog.classifications.editor
The data-catalog.classifications.editor role enables viewing info on classifications in Data Catalog as well as creating, modifying, and deleting them.
This role includes the data-catalog.classifications.viewer permissions.
data-catalog.classifications.admin
The data-catalog.classifications.admin role enables viewing info on classifications in Data Catalog as well as creating, modifying, and deleting them.
This role includes the data-catalog.classifications.editor permissions.
Roles for classification tag access management
data-catalog.classificationsTags.auditor
The data-catalog.classificationTags.auditor role enables viewing info on tags in Data Catalog.
data-catalog.classificationsTags.viewer
The data-catalog.classificationTags.viewer role enables viewing info on tags in Data Catalog.
This role includes the data-catalog.classificationTags.auditor permissions.
data-catalog.classificationsTags.user
The data-catalog.classificationTags.user role enables viewing info on tags in Data Catalog and using them.
data-catalog.classificationsTags.editor
The data-catalog.classificationTags.editor role enables viewing info on tags in Data Catalog as well as creating, using, modifying, and deleting them.
This role includes the data-catalog.classificationTags.viewer and data-catalog.classificationTags.user permissions.
data-catalog.classificationsTags.admin
The data-catalog.classificationTags.admin role enables viewing info on tags in Data Catalog as well as creating, using, modifying, and deleting them.
This role includes the data-catalog.classificationTags.editor permissions.
Roles for domain access management
data-catalog.domains.auditor
The data-catalog.domains.auditor role enables viewing info on domains in Data Catalog and on access permissions granted for them.
data-catalog.domains.viewer
The data-catalog.domains.viewer role enables viewing info on domains in Data Catalog and on access permissions granted for them.
This role includes the data-catalog.domains.auditor permissions.
data-catalog.domains.user
The data-catalog.domains.user role enables viewing info on domains in Data Catalog and using them.
data-catalog.domains.editor
The data-catalog.domains.editor role enables viewing info on domains in Data Catalog and managing them.
Users with this role can:
- View info on domains in Data Catalog as well as creating, using, modifying, and deleting them.
- View info on access permissions granted for domains in Data Catalog.
This role includes the data-catalog.domains.viewer and data-catalog.domains.user permissions.
data-catalog.domains.admin
The data-catalog.domains.admin role enables managing domains and access to them in Data Catalog.
Users with this role can:
- View info on access permissions granted for domains in Data Catalog and modify such permissions.
- View info on domains in Data Catalog as well as create, use, modify, and delete them.
This role includes the data-catalog.domains.editor permissions.
Roles for dictionary access management
data-catalog.glossaries.auditor
The data-catalog.glossaries.auditor role enables viewing info on glossaries in Data Catalog.
data-catalog.glossaries.viewer
The data-catalog.glossaries.viewer role enables viewing info on glossaries in Data Catalog.
This role includes the data-catalog.glossaries.auditor permissions.
data-catalog.glossaries.editor
The data-catalog.glossaries.editor role enables viewing info on glossaries in Data Catalog as well as creating, modifying, and deleting them.
This role includes the data-catalog.glossaries.viewer permissions.
data-catalog.glossaries.admin
The data-catalog.glossaries.admin role enables viewing info on glossaries in Data Catalog as well as creating, modifying, and deleting them.
This role includes the data-catalog.glossaries.editor permissions.
Roles for glossary term access management
data-catalog.glossaryTerms.auditor
The data-catalog.glossaryTerms.auditor role enables viewing info on terms in Data Catalog.
data-catalog.glossaryTerms.viewer
The data-catalog.glossaryTerms.viewer role enables viewing info on terms in Data Catalog.
This role includes the data-catalog.glossaryTerms.auditor permissions.
data-catalog.glossaryTerms.user
The data-catalog.glossaryTerms.user role enables viewing info on terms in Data Catalog and using them.
data-catalog.glossaryTerms.editor
The data-catalog.glossaryTerms.editor role enables viewing info on terms in Data Catalog as well as creating, using, modifying, and deleting them.
This role includes the data-catalog.glossaryTerms.viewer and data-catalog.glossaryTerms.user permissions.
data-catalog.glossaryTerms.admin
The data-catalog.glossaryTerms.admin role enables viewing info on terms in Data Catalog as well as creating, using, modifying, and deleting them.
This role includes the data-catalog.glossaryTerms.editor permissions.
Roles for ingestion access management
data-catalog.ingestions.auditor
The data-catalog.ingestions.auditor role enables viewing info on downloads in Data Catalog.
data-catalog.ingestions.viewer
The data-catalog.ingestions.viewer role enables viewing info on downloads in Data Catalog.
This role includes the data-catalog.ingestions.auditor permissions.
data-catalog.ingestions.editor
The data-catalog.ingestions.editor role enables viewing info on downloads in Data Catalog as well as creating, modifying, and deleting them.
This role includes the data-catalog.ingestions.viewer permissions.
data-catalog.ingestions.admin
The data-catalog.ingestions.admin role enables viewing info on downloads in Data Catalog as well as creating, starting, stopping, modifying, and deleting them.
This role includes the data-catalog.ingestions.editor permissions.
Roles for ingestion source access management
data-catalog.ingestionSources.auditor
The data-catalog.ingestionSources.auditor role enables viewing info on sources in Data Catalog.
data-catalog.ingestionSources.viewer
The data-catalog.ingestionSources.viewer role enables viewing info on sources in Data Catalog.
This role includes the data-catalog.ingestionSources.auditor permissions.
data-catalog.ingestionSources.editor
The data-catalog.ingestionSources.editor role enables viewing info on sources in Data Catalog as well as creating, modifying, and deleting them.
This role includes the data-catalog.ingestionSources.viewer permissions.
data-catalog.ingestionSources.admin
The data-catalog.ingestionSources.admin role enables viewing info on sources in Data Catalog as well as creating, modifying, and deleting them.
This role includes the data-catalog.ingestionSources.editor permissions.
Roles for metadata link access management
data-catalog.lineages.auditor
The data-catalog.lineages.auditor role enables viewing info on data links in Data Catalog.
data-catalog.lineages.viewer
The data-catalog.lineages.viewer role enables viewing info on data links in Data Catalog.
This role includes the data-catalog.lineages.auditor permissions.
data-catalog.lineages.editor
The data-catalog.lineages.editor role enables viewing info on data links in Data Catalog as well as creating, modifying, and deleting them.
This role includes the data-catalog.lineages.viewer permissions.
data-catalog.lineages.admin
The data-catalog.lineages.admin role enables viewing info on data links in Data Catalog as well as creating, modifying, and deleting them.
This role includes the data-catalog.lineages.editor permissions.
What roles do I need
The table below lists the roles required for specific actions. You can always assign a role with more permissions. For example, you can assign the editor role instead of viewer.
| Action | Required roles |
|---|---|
| View catalog metadata | data-catalog.auditor |
| View info on catalog access permissions and quotas | data-catalog.viewer |
| Create catalogs | data-catalog.editor |
| Edit catalogs | data-catalog.editor |
| Delete catalogs | data-catalog.editor |
| Update catalog access permissions | data-catalog.admin |
| View and modify domains, tags, and terms | data-catalog.user |
| View dataset information | data-catalog.assets.auditor |
| Manage datasets: update, delete, or edit them | data-catalog.assets.editor |
| View classification information | data-catalog.classifications.auditor |
| Edit classifications | data-catalog.classifications.editor |
| View tag information | data-catalog.classificationsTags.auditor |
| Edit tags | data-catalog.classificationsTags.editor |
| View glossary information | data-catalog.glossaries.auditor |
| Edit glossaries | data-catalog.glossaries.editor |
| View term information | data-catalog.glossaryTerms.auditor |
| Edit terms | data-catalog.glossaryTerms.editor |
| View ingestion settings | data-catalog.ingestions.auditor |
| Edit ingestion settings | data-catalog.ingestions.editor |
| View ingestion source settings | data-catalog.ingestionSources.auditor |
| Edit ingestion source settings | data-catalog.ingestionSources.editor |
| View information on data links | data-catalog.lineages.auditor |
| Create, modify, and delete data links | data-catalog.lineages.editor |