TRAC 0.9 Documentation
Access management¶
Tenants¶
Tenants are logically separate domains that play a key role in access management.
Every trac object resides in, and can be accessed only from, a single tenant. Uploading a model or dataset to two different tenants effectively creates two separate objects.
Note
The Desktop version has a single tenant. In enterprise deployments, new tenants can be created by Admin users.
Roles¶
To complete any action in a tenant a user must be assigned a tenant-role.
ADMIN |
Create and manage tenant resources |
MANAGER |
Upload models and update object tags |
WRITE |
Import and upload data, build flows and run jobs |
READ |
Read/download data and metadata |
These roles are inclusive, so Write implies Read and Admin implies all permissions.
Note
In enterprise deployments, tenant roles can be defined using dedicated SSO groups or by mapping the roles to existing groups. The Desktop version has a single Admin user.