DC-Maestro roles and permissions

Summary

A user account with an application role is required to connect to DC-Maestro.
Application roles are assigned by authentication server administrators.
- As DC-Maestro Administrator, you can manage the referencing of instances and act on Schedules executions in case of emergency
- As a DC-Maestro user, you can select work Instances to create and contribute to the management of Schedules.
functional roles.
- As the Owner, you can perform all actions on a Schedule.
- The Owner must be a user
- As a Contributor, you can perform all actions other than managing Contributors and deleting Schedules.
- Contributors can be groups or users.
Public* planning data is visible to all Users.
Private plan data is only visible to the Owner and Contributors.

Access to the product

To connect to DC-Maestro, you must have a user account with an application role.
Application roles are assigned by the authentication server administrators.

There are 2 applicative roles

DC-Maestro Administrator
- manage the referencing of DataChain Instances
- perform actions on Plans for which he/she is neither Contributor nor Owner
DC-Maestro User
- create new Plans
- manage Scenarios (according to its role on the Scenario)
- run pipelines

Application roles

DC-Maestro Administrator

The DC-Maestro Administrator manages the referencing of instances and acts on the execution of Schedules.
The actions available on the Schedules can be used to meet temporary emergency needs.
Prefer adding Contributors to collaborate on Planning.

To ensure data security and confidentiality, the list of Planifications available to Administrators does not allow access to Planification details.

We recommend that you do not combine the roles of administrator and user in a single profile.

DC-Maestro* Administrator

Permission	Detail
Reference	Reference an existing DataChain Instance in DC-Maestro
Modify	Modifies the parameters of an already referenced DataChain Instance
Dereferencing	Deletes the referencing of an Instance without Scheduling in DC-Maestro. This action does not delete the DataChain Instance, only its referencing in DC-Maestro.
Activate / Inactivate	Activates or inactivates a schedule. Inactive schedules can no longer be run (manually or automatically).
Run	Initiates manual execution of an active schedule
Stop	Sends a stop request when an execution is in progress

Permission

Detail

Reference

Reference an existing DataChain Instance in DC-Maestro

Modify

Modifies the parameters of an already referenced DataChain Instance

Dereferencing

Deletes the referencing of an Instance without Scheduling in DC-Maestro.
This action does not delete the DataChain Instance, only its referencing in DC-Maestro.

Activate / Inactivate

Activates or inactivates a schedule. Inactive schedules can no longer be run (manually or automatically).

Run

Initiates manual execution of an active schedule

Stop

Sends a stop request when an execution is in progress

DC-Maestro user

DC-Maestro users can create and contribute to the management of Schedules.

The DataChain Core elements (Projects, DataBlocks, etc.) available in DC-Maestro are those to which the user has access in the selected instance.
There are therefore certain prerequisites for orchestrating tasks from DC-Maestro.

DataChain prerequisites

Be a member of the DataChain Project containing the items to be scheduled
Have global permissions to access the elements (DataBlock, Business Entity, etc.)
Have the appropriate rights on the element to access it and perform specific actions (read, persist, expose, etc.) on the DataChain elements selected from DC-Maestro.

Global User permissions

All Users can view and select DC-Core Instances referenced in DC-Maestro.

All functions related to Schedules are available to all DC-Maestro Users.

Access to schedule data is linked to its confidentiality.

all public schedules are read-only for all DC-Maestro Users.
private planning* is accessible only to the Owner and Contributors.

The actions available for a Schedule depend on the user’s role on the Schedule (Owner, Contributor, Reader).

DC-Maestro user - Instance rights*.

Permission	Detail
View referenced instances	Display the list of DataChain Instances available for DC-Maestro
Select a working Instance	Selects a DataChainCore Instance as the working Instance for accessing linked schedules.

Permission

Detail

View referenced instances

Display the list of DataChain Instances available for DC-Maestro

Select a working Instance

Selects a DataChainCore Instance as the working Instance for accessing linked schedules.

DC-Maestro user - Planning rights*.

Permission	Detail
Create a schedule	Add a new Schedule linked to a DataChain Project
Consult the list	Displays all existing Schedules (Public, Owned or Contributed)
View details of a Schedule	Display all the information for a Schedule (Task Pipeline, Metadata, Execution History, etc.)
View the task log	Displays the execution log for a task, along with its date and execution time.

Permission

Detail

Create a schedule

Add a new Schedule linked to a DataChain Project

Consult the list

Displays all existing Schedules (Public, Owned or Contributed)

View details of a Schedule

Display all the information for a Schedule (Task Pipeline, Metadata, Execution History, etc.)

View the task log

Displays the execution log for a task, along with its date and execution time.

Functional roles

Functional roles define the possible actions a user can take on a schedule.
The user who creates the schedule is the Owner and has all rights.
He is the only one who can delete the schedule, and add users or groups of users as Contributors.

Owner

As soon as a user creates a Schedule, they become its Owner.
A user’s ability to create and execute actions on the DataChain elements of the schedule depends directly on all his rights and permissions in DataChain Core.
The Owner must therefore have sufficient rights and permissions to carry out all the tasks.

To ensure that tasks are executed securely, the user’s password must be entered when a schedule is created.
This action generates a unique token for each schedule.

Contributor

Users and groups added as Contributors can perform many actions on the Schedule.

When a Contributor user triggers the execution of the task pipeline, it is always executed in the name of the Owner, i.e. with regard to the Owner’s rights and permissions over the items linked to the Tasks.

Functional roles - Planning rights*.

Permission	Detail	Owner	Contributor
Modify metadata	Modify metadata (Label, Description, Tags, Confidentiality, Status)
Manage task pipeline	Adds, organises and deletes tasks, selects items to orchestrate
Edit Project	Selects a new source Project and maps tasks to new items to be orchestrated.
Manage execution	Starts, schedules or stops the execution of all the tasks in a schedule.
View execution history	View the schedule execution history and the execution log for each task.
Manage the list of Contributors	Adds and removes groups and users in the Contributor role
Delete	Permanently deletes a Schedule

Permission

Detail

Owner

Contributor

Modify metadata

Modify metadata (Label, Description, Tags, Confidentiality, Status)

Manage task pipeline

Adds, organises and deletes tasks, selects items to orchestrate

Edit Project

Selects a new source Project and maps tasks to new items to be orchestrated.

Manage execution

Starts, schedules or stops the execution of all the tasks in a schedule.

View execution history

View the schedule execution history and the execution log for each task.

Manage the list of Contributors

Adds and removes groups and users in the Contributor role

Delete

Permanently deletes a Schedule