Syncari helps ensure that users in your organization can access only the information, features, and functions required for their role. With Access Control, Syncari enables you to configure roles with granular permissions and then assign users to the roles. If your organization subscribes to the principle of least privilege—limiting access rights to only functions strictly required to do their jobs—Syncari’s Access Control makes restricting access easy.
Permissions are instance-specific. So, if your organization includes multiple instances of Syncari (e.g., sandbox, production, and testing), you’ll apply roles specific to each instance.
You can assign users to default roles defined for common user types in Syncari, such as Sync Manager, Instance Admin, or Dashboard author. You can also create custom roles to meet the needs of your organization. When setting up custom roles, consider how your users work with Syncari:
-
If some users are interested only in business intelligence, you can create a role with view access to the Insights Dashboard.
-
If you want to allow your data science to review the unified data in Syncari, you can create a custom role that can access only data studio.
-
If you want to ensure that your production Syncari instance only includes specific synapses, you can prevent users from adding new ones there while still allowing them to add synapses in a test instance.
Default Roles
Syncari provides a few default roles to get you started. You can assign these roles to users but cannot change the permissions that compose the role. You cannot edit, delete, or deactivate default roles.
The default roles in order of most to least access are:
-
Org Admin
-
Instance Admin
-
Dashboard Author
-
Sync Manager
-
Viewer
See the detailed permissions for each role in this sheet.
Viewing Roles and Permissions
The Access Control / Role Based page in Settings shows the default and custom roles in Syncari. Depending on your permissions, you can check the status of each role and manage the roles. At a minimum, you need the Can list roles permission to access this page.
To view Roles and Permissions:
-
Click Settings in the left navigation pane.
-
Expand Access Control, and then select Role Based.
-
To see the permissions in a role, select the kebab menu on the right, and then select View Details.
Creating Custom Roles
You can create custom roles if you need to provide more granular permissions than those available in the default roles. Custom roles can include as many specific permissions as necessary to provide the access you want.
Before you get started, let’s cover some basic conventions in the permission names. Syncari permission names either include the CRUD operation for the permission (create, read, update, or delete) or the action you can perform in Syncari (publish, reinvite, disable). We use these synonyms for the various CRUD operations:
-
Create—Can create, Can add, and Can write.
-
Read—Can read, Can list, and Can view.
-
Update—Can update, Can edit, and Can write.
-
Delete—Can delete and Can remove.
Note that Syncari assigns Can read profile and Can write profile automatically because they’re required.
To create a role, you should have these permissions at a minimum: Can read role, Can add role, and Can add privileges to role.
To create a custom role:
-
Access the Role Based page (Settings > Access Control > Role Based).
-
Click New Role.
-
On the New Role page, enter the name of the role.
-
Enter the optional Role Description and Tags to help other users understand the purpose of the role.
-
Select whether the role should be Active or Inactive.
If the role is inactive, you won’t be able to test it. -
Click Next.
-
In the Permissions section, select the permissions to include in the role.
Syncari bolds each selected permission and adds a checkmark. If you click off of the Permissions list, you can see the assigned permissions where you can also remove roles if needed.
-
In the Users section, optionally search for and assign users to the role.
You can do this later by editing the role or assigning users to the role in the User section. -
Click Next.
-
Review the configuration, and then click Done.
Editing and Deleting Custom Roles
If you have the Can edit role, Can delete role, Can read role, Can remove privileges from role, you can make changes to roles such as editing the role information, adding permissions, and removing permissions. If you want to edit the users assigned to the role, you’ll also need the Can add role to user and Can remove role from user permissions.
To edit a role:
-
Access the Role Based page (Settings > Access Control > Role Based).
-
Select the kebab menu on the right, and then select Edit role.
-
Make any changes needed on the Basic Info page, and then click Next.
-
Add or remove permissions or users, and then click Next.
-
Review the configuration, and then click Done.
To delete a role:
-
Access the Role Based page (Settings > Access Control > Role Based).
-
Select the kebab menu on the right, and then select Delete role.
-
When prompted, type DELETE precisely as shown in all capital letters.
-
Click Delete.
Activating and Deactivating Roles
The Status column shows where a role is Active or Inactive. You can assign Active roles to users and cannot assign Inactive roles. If you inactivate a role that has users assigned to it they will only be able to use Syncari if they have additional roles.
Activate or deactivate a role:
-
Access the Role Based page (Settings > Access Control > Role Based).
-
Select the kebab menu on the right, and then select Activate role or Deactivate role
-
Review the list of affected users, and then select Activate or Deactivate.