A user’s permissions in a specific project are determined by their tenant level role and granted project roles. Project roles include admin, editor, and viewer.

Project roles also determine a user's inherited roles in the data products within a project.

Note: If you assign a user a role in a data product and they do not currently have a role for that project, the user can see the list of projects in the Project menu and access only the data product in which they were assigned a role.

In summary:

• Project admins have full access to all project resources.
• Project editors can view, add, and update most resources in that project, including sources and data products.
• Project viewers can view the 360 pages for all data products in the project.
• Users without a project role cannot view any resources in the project unless they are assigned a role at the data product level.

Note for legacy data products: Only tenant admins have access to legacy data products by default. In order to provide access to other users, regardless of project role, you must share the data product with that user granting viewer permissions or above. See Legacy Data Product Permissions.

The tables below provides more detail on the project role determined by a user's tenant role, and on the permissions allowed by each project role.

Project Roles Inherited from Tenant Role

A user’s tenant level role determines their default (inherited) project roles. Tenant admins can grant users additional roles and remove granted roles.

Project Role Permissions

The following table defines the actions allowed by each project role.