DC-Maestro Roles and Permissions

Access to the product

To connect to DC-Maestro, you must have a user account with a specific role in the product

DC-Maestro administrator managing DataChain Instances references and emergency actions on schedules
DC-Maestro user managing Schedules

If you are unable to connect to DC-Maestro, contact a DataChain administrator or a KeyCloack administrator.

Application Roles

DC-Maestro Administrator

The DC-Maestro administrator only has the rights to manage DataChain Instances.

At least one user must have the role of DC-Maestro administrator.

For security reasons, we recommend that you do not combine the roles of administrator and user on a single profile.

DC-Maestro Administrator - DC-Maestro Administrator

Permission	Details
Reference	Reference an existing DataChain Instance in DC-Maestro
Modify	Modifies the parameters of an already referenced DataChain Instance
Dereference	Removes the reference of an Instance without Schedules in DC-Maestro +. This action does not delete the DataChain Instance, only its reference in DC-Maestro.

Permission

Details

Reference

Reference an existing DataChain Instance in DC-Maestro

Modify

Modifies the parameters of an already referenced DataChain Instance

Dereference

Removes the reference of an Instance without Schedules in DC-Maestro +. This action does not delete the DataChain Instance, only its reference in DC-Maestro.

DC-Maestro user

The DC-Maestro user role holds the permissions for managing Schedules.

In order to ensure consistency of DataChain rights and permissions, the DC-Maestro user must be a DataChain user and have certain global permissions and sufficient rights on DataChain items he or she wishes to orchestrate.

DataChain prerequisites

Be a member of the DataChain Project that contains the items on which scheduled actions are considered
Possess the necessary global permissions to perform each task corresponding to a DataChain action (Persistence, Export, etc …)
Possess the modification or specific action rights on the DataChain items selected from DC-Maestro

Global permissions

All Schedule functions are available toDC-Maestro users.

A user’s ability to perform actions on a Schedule (modify, execute, select items) depends on their role on the Schedule (Owner, Contributor or None).

A user’s ability to view, select and perform actions on DataChain Core elements (GenericsData and HandleData) depends on their rights and permissions in these products.

Access to schedule data is linked to its confidentiality: all public schedules are read-only for all DC-Maestro users.

DC-Maestro user - Features related to the Instances

Permission	Detail
View referenced Instances	Displays the list of DataChain instances available for DC-Maestro
Select a working Instance	Selects a DataChain Instance as a working Instance

Permission

Detail

View referenced Instances

Displays the list of DataChain instances available for DC-Maestro

Select a working Instance

Selects a DataChain Instance as a working Instance

These actions are available to all users, either on their own Schedules or on public Schedules.

DC-Maestro User - Features on Schedules*.

Permission	Detail
View list	Displays all Schedules
View Schedule details	Display all Schedules information (Workflow, Metadata, Execution…)
View execution history	Displays all past information about a Schedule execution
View the task log	Displays the execution log of a task as well as its date and execution time
Create Schedule	Adds a new Schedule related to a DataChain project

Permission

Detail

View list

Displays all Schedules

View Schedule details

Display all Schedules information (Workflow, Metadata, Execution…)

View execution history

Displays all past information about a Schedule execution

View the task log

Displays the execution log of a task as well as its date and execution time

Create Schedule

Adds a new Schedule related to a DataChain project

Functional roles

Owner

As soon as a user creates a schedule, they become its Owner.
Their ability to create and execute actions on the DataChain elements of the schedule depends directly on all their rights and permissions in DataChain Core.

To secure the execution of tasks, you must enter your password to generate a token.

Contributors

Users and groups added as contributors can perform a number of actions on Planning.

When a contributor triggers the execution of the pipeline, it is always executed in the name of the Owner, i.e. with regard to the Owner’s rights and permissions on the elements of the Tasks defined in the pipeline.

DC-Maestro user - Owner permissions*.

Permission	Detail	Owner	Contributor
Edit	Edit metadata, add and remove tasks, manages automation
Manage contributors	Add and remove groups and users in the Contributors role
Run	Launches the execution of all the tasks in a schedule (manual or automatic)
Delete	Deletes a schedule definitively executed. None of its information is retained.

Permission

Detail

Owner

Contributor

Edit

Edit metadata, add and remove tasks, manages automation

Manage contributors

Add and remove groups and users in the Contributors role

Run

Launches the execution of all the tasks in a schedule (manual or automatic)

Delete

Deletes a schedule definitively executed. None of its information is retained.