1. Home
  2. Docs
  3. Snowplow Console
  4. Managing user permissions in Console

Managing user permissions in Console

To set a users permissions, navigate to Manage users and then to the user who’s account you’d like to manage.

What permissions can be set?

Snowplow console sets permissions for each area of console as summarized below:

Console featureDescriptionPossible permissions
User managementThe management and addition of user access. This permission cannot be configured on a Custom role.
  • No access
  • Edit
  • Create
EnvironmentsThe management of pipeline and sandbox (Mini) environments. This includes managing which Enrichments run on each environment.
  • No access
  • View
  • Edit
Data structuresThe management and creation of the schemas that define the events and entities you are capturing.
  • No access
  • View
  • Edit on development
  • Edit on production
  • Create
Data modelsThe management and creation of your data models.
  • No access
  • View
  • Edit
  • Create
API keysThe management and creation of API keys.
  • View
  • Manage
  • Create

How are permissions set?

To set permissions for a user, navigate to Manage Users and select the user, within the management screen for their user you will be able to set their permissions.

There are three ways of setting user permissions:

  • Admin (pre-defined role)
  • User (pre-defined role)
  • Custom (custom permissions role) – custom roles are only available on our Summit tier

User permission set

Console featurePermissions
User managementNo access (in the UI)
EnvironmentsView access
Data structuresEdit on developmentCreate
Data modelsView access
API keysView access

Admin permission set

Console featurePermissions
User managementFull access
EnvironmentsFull access
Data structuresFull access
Data modelsFull access
API keysFull access

Custom permission set

Console featurePermissions
User managementCustomized by you, per user
EnvironmentsCustomized by you, per user
Data structuresCustomized by you, per user
Data models & jobsCustomized by you, per user
API keysCustomized by you, per user

A note on API keys and permissions

Please note:

1) Any API keys you create have full admin permissions

2) Any existing Iglu API keys allow permissions to be side-stepped by connecting directly to Iglu servers

Our recommendation is to remove all existing API keys and Iglu keys, and set the API keys permission respectively so that only trusted users can create new keys.

What does each permission mean?

Environments

An environment is the collective name for your Production pipelines, QA pipelines and sandboxes.

An environment has three permissions:

  • No access – the user will not see the environment management screens.
  • View – the user can see the environment management screen, but cannot edit anything. This is the default setting for the User role.
  • Edit / Publish – the user can make and publish edits to the environment. This includes configuration such as enrichment enablement, enrichment configuration and collector configuration. This is the default setting for the Admin role.

Data structures

Data structures have five permissions:

  • No access – the user will not see the data structure management screen
  • View – the user can see the data structure management screen, but cannot edit anything.
  • Edit on development – the user can see the data structure management screen, and can make edits to data structures but only publish them to the development registry. This is the default setting for the User role.
  • Edit on production – the user can see the data structure management screen, and can make edits to data structures, and can publish changes to the production registry. This is the default setting for the Admin role.
  • Create – the user can create new data structures. Both the User and Admin roles have this permission.

Data models

Data models and jobs have four permissions:

  • No access – the user will not see the data model management screens
  • View – the user can see the data model management screens, but cannot edit anything. This is the default setting for the User role.
  • Edit – the user can see the data model management and can make edits to data models in production. This is the default setting for the Admin role.
  • Create – the user can create new data models. The Admin role has this permission.

API keys

API keys have three permissions:

  • View – the user can see the API key descriptions but cannot see the keys themselves or manage them
  • Manage – the user can see and manage the API keys. This is the default setting for the Admin role.
  • Create – the user can generate new API keys. The Admin role has this permission.

Troubleshooting

You shouldn’t be required to logout for new permissions to take effect, but if you do find permissions aren’t applying as requested logging out and back in should force the new permissions to apply.