Permissions in the Grepr platform
This page is a reference to the permissions available in the Grepr platform. These permissions are assigned to users based on the user’s role:
- Organization-level roles: Admin, Member, and Reader
- Team-level roles: Leader and Member
A user can be assigned both an organization-level role and a team-level role. For example, an organization Member can also be a team Leader, giving them view access organization-wide and edit access to their team’s resources.
You can also create custom roles with a specific subset of Grepr platform permissions. To learn more about roles, including custom roles, see Manage users in the Grepr platform.
At both the organization and team levels, there are three types of permissions:
- View: Grants read-only access to specified resources.
- Edit: Grants edit permissions over specified resources, including creating, editing, and deleting those resources.
- Write: Grants permission to send data through an integration when the integration is used as a sink in a job, such as a backfill job that writes data to a vendor integration. Edit permission on an integration controls the integration’s configuration. Write permission on an integration controls whether you can send data through it.
Resources in the Grepr platform include your organization, vendor, and storage integrations, datasets, templates, users, teams, and jobs.
The following sections provide more details on permissions in the Grepr platform and the permissions for each role type.
Available permissions in the Grepr platform
This table lists all available permissions for organization and team-level roles:
| Permission | Resource | Scope |
|---|---|---|
| Edit | Organization settings | Organization |
| View | Organization settings | Organization or Team |
| Edit | Integrations | Organization or Team |
| View | Integrations | Organization or Team |
| Write | Integrations | Organization or Team |
| Edit | Jobs | Organization or Team |
| View | Jobs | Organization or Team |
| Edit | Users | Organization |
| View | Users | Organization or Team |
| Edit | Teams | Organization or Team |
| View | Teams | Organization or Team |
| Edit | Templates | Organization or Team |
| View | Templates | Organization or Team |
| Edit | Datasets | Organization or Team |
| View | Datasets | Organization or Team |
Permissions by role
The following are the permissions granted to each role type in the Grepr platform:
- Organization Admins have full control over all resources in the organization, including all team-scoped resources, and can write to any vendor integration.
- Organization Members have view-only permissions to all resources in the organization, and have write permission on all vendor integrations so they can run backfill jobs.
- Organization Readers have view-only permissions to all resources in the organization. Readers can query logs, but cannot create or edit any resources and cannot run backfill jobs that send data to a vendor integration.
- Team Leaders have edit permissions for all resources scoped to their specific team or teams. This includes permissions to create and edit jobs, integrations, templates, and datasets assigned to the team, and to write to integrations assigned to the team. Team Leaders can also view all organization resources but only edit resources scoped to their team or teams.
- Team Members have view-only permissions to resources scoped to their specific team or teams, plus write permission on integrations assigned to the team so they can run backfill jobs. A team Member can view resources assigned to the team and query logs, but does not have permission to create or edit resources, such as jobs, integrations, templates, or datasets, assigned to the team.
- Teams can be granted access to resources, such as integrations, datasets, or templates, scoped at the organization level. When a team is granted access to a resource, team Leaders have edit permissions on the resource, and team Members have view-only permissions. However, to create or edit a job, such as a pipeline, a team Leader must have view permissions on all the integrations and datasets used by the job, and write permission on every vendor integration the job uses as a sink. For example, if a job is assigned to the
DevOpsteam, but the team hasn’t been granted access to an integration used in the job, aDevOpsteam Leader cannot edit or run the job. - To create a dataset, you must have edit permission on the integration the dataset belongs to.
For each resource in the Grepr platform, this table shows the specific permissions granted to each role type at both the organization and team levels:
| Permission | Resource | Access Scope | Organization Admin | Organization Member | Organization Reader | Team Leader | Team Member |
|---|---|---|---|---|---|---|---|
| View | Organization Settings | Organization | ✅ | ✅ | ✅ | ✅ | ✅ |
| Edit | Organization Settings | Organization | ✅ | ❌ | ❌ | ❌ | ❌ |
| View | Users | Organization | ✅ | ✅ | ✅ | ✅ | ❌ |
| Edit | Users | Organization | ✅ | ❌ | ❌ | ❌ | ❌ |
| View | Teams | Organization | ✅ | ✅ | ✅ | ✅ | ❌ |
| Edit | Teams | Organization | ✅ | ❌ | ❌ | ❌ | ❌ |
| View | Integrations | Organization | ✅ | ✅ | ✅ | ❌ | ❌ |
| Edit | Integrations | Organization | ✅ | ❌ | ❌ | ❌ | ❌ |
| Write | Integrations | Organization | ✅ | ✅ | ❌ | ❌ | ❌ |
| View | Datasets | Organization | ✅ | ✅ | ✅ | ❌ | ❌ |
| Edit | Datasets | Organization | ✅ | ❌ | ❌ | ❌ | ❌ |
| View | Jobs | Organization | ✅ | ✅ | ✅ | ❌ | ❌ |
| Edit | Jobs | Organization | ✅ | ❌ | ❌ | ❌ | ❌ |
| View | Templates | Organization | ✅ | ✅ | ✅ | ✅ | ❌ |
| Edit | Templates | Organization | ✅ | ❌ | ❌ | ❌ | ❌ |
| View | Teams | Team | ✅ | ✅ | ✅ | ✅ | ✅ |
| Edit | Teams | Team | ✅ | ❌ | ❌ | ✅ | ❌ |
| View | Integrations | Team | ✅ | ✅ | ✅ | ✅ | ✅ |
| Edit | Integrations | Team | ✅ | ❌ | ❌ | ✅ | ❌ |
| Write | Integrations | Team | ✅ | ✅ | ❌ | ✅ | ✅ |
| View | Datasets | Team | ✅ | ✅ | ✅ | ✅ | ✅ |
| Edit | Datasets | Team | ✅ | ❌ | ❌ | ✅ | ❌ |
| View | Jobs | Team | ✅ | ✅ | ✅ | ✅ | ✅ |
| Edit | Jobs | Team | ✅ | ❌ | ❌ | ✅ | ❌ |
| View | Templates | Team | ✅ | ✅ | ✅ | ✅ | ✅ |
| Edit | Templates | Team | ✅ | ❌ | ❌ | ✅ | ❌ |
Organization roles vs. team roles
This table describes the difference between organization-level and team-level roles. Users can have both types of roles:
| Organization roles | Team roles | |
|---|---|---|
| Scope | Entire organization | A specific team |
| Types | Admin, Member, Reader, or Custom Roles | Leader or Member |
| Examples | - Admin: Full access to all resources and settings. - Member: View organization resources and run backfill jobs. - Reader: View organization resources and query logs only; no backfills to vendor integrations. - Custom role, such as “Developer”: Specific permissions like “view all jobs, edit templates”. | - Leader: Manage team members, create team-scoped integrations. - Member: View team resources and run backfill jobs to team integrations. |