DC-Maestro roles and permissions

Summary

To connect to DC-Maestro, you must have a user account with an application role: Administrator or User.
Application roles are assigned by authentication server administrators.
- As DC-Maestro Administrator, you can manage the referencing of instances, and act on Schedules executions in case of emergency
- As DC-Maestro User, you can select working Instances to access and manage instance-related Schedules
The functional roles.
- As theOwner, you can perform all actions on a Schedule.
- As a contributor, you can perform all actions other than managing contributors and deleting schedules.
Public schedule data is visible to all Users.
Private schedule data is only visible to the Owner and Contributors.

Access to the product

To connect to DC-Maestro, you must have a user account with an application role.
Application roles are assigned by the authentication server administrators.

There are 2 roles

Administrator: manages the referencing of DataChain Instances and performs emergency actions on Schedules
User: creates, contributes to the management and execution of schedules (depending on its scheduling role)

Application roles

DC-Maestro Administrator

The DC-Maestro Administrator manages the referencing of instances and acts on the execution of Schedules.
The actions available on the Schedules can be used to meet temporary emergency needs.
Prefer adding Contributors to collaborate on Planning.

To ensure data security and confidentiality, the list of Planifications available to Administrators does not allow access to Planification details.

We recommend that you do not combine the roles of administrator and user in a single profile.

DC-Maestro* Administrator

Permission	Detail
Reference	Reference an existing DataChain Instance in DC-Maestro
Modify	Modifies the parameters of an already referenced DataChain Instance
Dereferencing	Deletes the referencing of an Instance without Scheduling in DC-Maestro. This action does not delete the DataChain Instance, only its referencing in DC-Maestro.
Activate / Inactivate	Activates or inactivates a schedule. Inactive schedules can no longer be run (manually or automatically).
Run	Initiates manual execution of an active schedule.

Permission

Detail

Reference

Reference an existing DataChain Instance in DC-Maestro

Modify

Modifies the parameters of an already referenced DataChain Instance

Dereferencing

Deletes the referencing of an Instance without Scheduling in DC-Maestro.
This action does not delete the DataChain Instance, only its referencing in DC-Maestro.

Activate / Inactivate

Activates or inactivates a schedule. Inactive schedules can no longer be run (manually or automatically).

Run

Initiates manual execution of an active schedule.

DC-Maestro user

DC-Maestro users can create and contribute to the management of Schedules.

The DataChain Core elements (Projects, DataBlocks, etc.) available in DC-Maestro are those to which the user has access in the selected instance.
There are therefore certain prerequisites for orchestrating tasks from DC-Maestro.

DataChain prerequisites

Be a member of the DataChain Project containing the items to be scheduled
Have global permissions to access the elements (DataBlock, Business Entity, etc.)
Have the appropriate rights on the element to access it and perform specific actions (read, persist, expose, etc.) on the DataChain elements selected from DC-Maestro.

Global User permissions

All Users can view and select instances referenced in DC-Maestro.

All functions related to Scheduling are available to all DC-Maestro Users.

Access to information about a Schedule is linked to its confidentiality: all public Schedules are read-only for all DC-Maestro Users.

The actions possible on a Schedule depend on the user’s role on the Schedule (Owner, Contributor or none).

DC-Maestro user - Instance rights*.

Permission	Detail
View referenced instances	Display the list of DataChain Instances available for DC-Maestro
Select a working Instance	Selects a DataChainCore Instance as the working Instance for accessing linked schedules.

Permission

Detail

View referenced instances

Display the list of DataChain Instances available for DC-Maestro

Select a working Instance

Selects a DataChainCore Instance as the working Instance for accessing linked schedules.

DC-Maestro user - Planning rights*.

Permission	Detail
Create a schedule	Add a new Schedule linked to a DataChain Project
Consult the list	Displays all existing Schedules (Public, Owned or Contributed)
View details of a Schedule	Display all the information for a Schedule (Task Pipeline, Metadata, Execution History, etc.)
View the task log	Displays the execution log for a task, along with its date and execution time.

Permission

Detail

Create a schedule

Add a new Schedule linked to a DataChain Project

Consult the list

Displays all existing Schedules (Public, Owned or Contributed)

View details of a Schedule

Display all the information for a Schedule (Task Pipeline, Metadata, Execution History, etc.)

View the task log

Displays the execution log for a task, along with its date and execution time.

Functional roles

Functional roles define the possible actions a user can take on a schedule.
The user who creates the schedule is the Owner and has all rights.
He is the only one who can delete the schedule, and add users or groups of users as Contributors.

Owner

As soon as a user creates a Schedule, they become its Owner. A user’s ability to create and execute actions on the DataChain elements of the schedule depends directly on all their rights and permissions in DataChain Core.
The Owner must therefore have sufficient rights and permissions to carry out all the tasks.

In order to secure the execution of tasks, the user’s password must be entered when creating a schedule in order to generate a token linked to this schedule.

Contributor

Users and groups added as Contributors can perform many actions on the Schedule.

When a Contributor user triggers the execution of the task pipeline, it is always executed in the name of the Owner, i.e. with regard to the Owner’s rights and permissions over the items linked to the Tasks.

Functional rights on Planning.

Permission	Detail	Owner	Contributor
Modify metadata	Modify metadata (Label, Description, Tags, Confidentiality, Status)
Manage task pipeline	Adds, organises and deletes tasks, selects DataChain Core elements
Manage execution	Launches or schedules the execution of all the tasks in a schedule.
Manage the list of Contributors	Adds and deletes groups and users in the role of Contributors
Delete	Deletes a schedule permanently. None of its information is retained.

Permission

Detail

Owner

Contributor

Modify metadata

Modify metadata (Label, Description, Tags, Confidentiality, Status)

Manage task pipeline

Adds, organises and deletes tasks, selects DataChain Core elements

Manage execution

Launches or schedules the execution of all the tasks in a schedule.

Manage the list of Contributors

Adds and deletes groups and users in the role of Contributors

Delete

Deletes a schedule permanently. None of its information is retained.