General Recommendations for User Privileges

Owned by Manas Bajaj
Last updated: Apr 21, 2024
2 min read

The goal of this page is to provide general recommendations to admins on privileges that most end-users will need for working effectively with Syndeia Cloud. The sections on this page present the Global Privileges, Digital Thread Project Privileges, or their combinations that are needed for end-user capabilities.

Contents

Prerequisites

Syndeia provides extensive capabilities for user management, including Global Privileges and Digital Thread Project Privileges (NEW in 3.6). These are described in details in the following pages of this guide.

Digital Thread Project Capabilities

End-user capabilities for Digital Thread Projects require a combination of Global Privileges and Digital Thread Project Privileges which are presented here.

(1) Digital Thread Project Authors - These users will be able to create/update Digital Thread Projects and their contents, including creating/updating/deleting relations, baselines, queries and collections, and others. They will be able to add external repositories (e.g. Jira, Teamcenter, Teamwork Cloud, etc.) that participate in Digital Thread Projects. Refer to Digital Thread Projects to learn more. They will be able to perform all the functions of Digital Thread Project Reviewers (described next).

  • Global Permissions needed: REPOSITORY_CREATE, REPOSITORY_MODIFY, CONTAINER_CREATE, CONTAINER_MODIFY, TYPE_CREATE, TYPE_MODIFY, ARTIFACT_RELATION_WRITE, RESTFUL_WRITE, READ

  • Digital Thread Project Permissions needed:

    • If the Digital Thread Project is created by an author, they are automatically granted ALL permissions on that project, including PRIVILEGE_MANAGE which allows them to add other users (authors or reviewers) to that project.

    • If the Digital Thread Project was not created by an author, they must have the following permissions on that project to qualify as an author: READ, RELATION_WRITE, QUERY_WRITE, BASELINE_WRITE

(2) Digital Thread Project Reviewers - These users will be able to review the content of Digital Thread Projects, including viewing all relations, navigating the digital thread explorer, viewing reports, viewing and comparing baselines, and running queries and collections.

  • Global Permission needed: READ

  • Digital Thread Project Permission needed: READ on each Digital Thread Project that these users will be reviewing.

Administrative Capabilities

(1) Global Graph Query Authors - These are advanced users who are authors/reviewers on multiple Digital Thread Projects but in addition have a business need to run graph queries queries across ALL Digital Thread Projects, including those for which they are NOT an author/reviewer. Refer to Global Graph Queries - Web Dashboard to learn more about this capability.

  • Additional Global Permission needed: GRAPH_QUERY. Refer to Global Privileges for details.

(2) User Management with Global Privileges - These are administrators who will be performing all the basic user management functions (described in User Management - Basics) and assigning Global Permissions to users (described in Global Privileges). These administrators must be ONE OF the following.

  • Super User (super.user), OR

  • User with Admin role, OR

  • User with USER_READ, USER_CREATE, USER_MODIFY Global Permissions.

(3) User Management with Digital Thread Project Privileges - These are administrators who will assigning permissions on Digital Thread Projects to users. These administrators must be ONE of the following.

  • Super User (super.user), OR

  • User with PRIVILEGE_MANAGE permission on specific Digital Thread Projects where user privileges need to be added or modified.