Permissions on Projects for Individual Users

Design-time permissions on projects let users read, update, delete, and publish projects. You can choose whether to grant these permissions to all users, or to individual users.

Before you begin

Ensure that you are logged into AtScale as either a super user, an administrator for the organization, or the creator of the project that you want to grant permissions on.
If you are using local authentication for your users, ensure that the users that you want to grant permissions to have been added to AtScale.
Attention!
Use AtScale's local directory service for testing only. Do not use it in production environments. This directory service is not meant to support the types of workloads that are common to production environments. Before using AtScale in production, configure your AtScale organization to use an external directory service, such as Microsoft Active Directory, another LDAP service, or Google G Suite Directory.
When using external authentication for your users, ensure the following:
- Groups in your directory service are mapped to AtScale roles
- The user accounts that you want to grant permissions to are synchronized to AtScale.

Default permissions for new projects

By default, AtScale grants project permissions to all users in the external directory service you are using. If you want only the creator of a new project (and also administrators) to have all permissions:

Go to Settings > Organization Settings > Options.
Locate the Default Project/Cube Security option.
Choose the Override & Enable button for this option.

Procedure

Access the cube permissions dialog as described in Grant Design-Time Permissions.
Enable Restrict Access to grant permissions to a subset of the users.
Choose which permissions to give to each user:
- Read: Can see the project and open it. Note that cube-permissions are controlled separately. A user does not need Project Read permissions to see the project's cubes.
- Update: Can create new cubes in the project. Can duplicate existing cubes in the project that you also have read access to. Can edit project general settings.
- Delete: Can delete the entire project and all cubes it contains. A user does not need delete access on the individual cubes in order to delete a project.
- Publish: Can publish a project and all the cubes that it contains.
Save your changes.