Application Permissions

Security model of Graphlytic contains these base entities: User, Group, Permission. Permissions are assigned to groups and users are members of groups. User has all permissions of groups which he is member of.

List of permissions

Category

Permission

Short description

Data

Read all data

User with permission can view all data (all nodes and relationships). User without permission can view only data which has permission to (see Data Security).

Export data

User with permission can export data to CSV and PNG.

Data management

User with permission can manage data (create/update/delete), (see Create, update, delete data).

Visualization

Share visualization

User with permission can share visualization to any group which he is member of, or he can share to users who are members of these groups.

Share visualization to everyone

User with permission can share visualization to any group user or to any user in Graphlytic.

View all visualizations of all other users

User with permission can view all existing visualizations is Graphlytic. User without permission can view visualizations only created by him or shared with him.

Users

User management

User with permission can manage groups and users (see Groups and Users).

Grant all permissions to users

User with permission can assign any permission to group. User without permission can assign only permission which he also has.

User with permission can add/remove user to/from any group. User without permission can add/remove user only to/from group if permissions of group are subset of his permissions.

User with permission can delete any group. User without permission can delete group if permissions of deleted group are subset of his permissions.

User with permission can delete any user. User without permission can delete user if permissions of deleted user are subset of his permissions.

Application

Settings management

User with permission can administer application settings (see Settings).

Jobs management

User with permission can manage ETL jobs (see ETL jobs). Groovy script can be added into ETL script, so user can write script to delete some files on local disk for example. This can be dangerous. Assign this permission to responsible user only.

ACL data management

User with permission can assign permission for data (see Data Security).