Custom Roles
If the built-in roles don't meet your organization's specific needs, you can create custom roles. Just like built-in roles, you can assign custom roles to users. Custom roles can be shared across all users within the customer. Custom roles can be created using the Roles tab on the user settings dialog.
Custom Role Example
The following shows what a custom role looks like on the UI. This custom role can restrict delete operations among queries/widgets/datasource and many other things.
When you create a custom role, it appears in the roles list with a system flag as false.
Steps to create a custom role
-
When you create a custom role, you need to know the available operations to define your permissions. To view the list of operations, you can use list that is available as soon as your press on
Add Role
button. Each permissions has a clarification message that explains what the role does, in case you still have questions you contact your product partner and we'll change the message to be more explicit on the matter. To specify permissions that you need simply check them from the list.Remove All
&Select All
buttons should help you to enable & disable all roles in the list. -
You can use
Add Role
dialog to create the custom role. Typically, you start with an existing built-in role, copy it and then modify it for your needs. Then you just simply save it and preview created role in the list. -
Once you have your custom role, you have to test it to verify that it works as you expect. If you need to make adjustments later, you can update the custom role.
Roles
Roles at Knowi are divided into several categories: Query, Dashboard, Datasource, Widget, User, Customer, Report, Category, and Other.
Query
- clone a query (query:clone): Allows the users to clone a Query. When disabled, the user cannot clone a Query, which removes the option to clone a Query.
- create a query (query:create): Allows the users to create a Query. When disabled, the users cannot create a Query.
- delete a query (query:delete): Allows the users to delete a Query. When disabled, the user cannot delete a Query and removes the option to delete a Query.
- edit a query (query:edit): Allows the users to edit a Query. When disabled, the user cannot edit and save an existing Query.
- see list of queries (query:list): Allows the users to see the list of Queries. When disabled, the user cannot see the Query list when the Queries tab is selected.
- share a query (query:share): Allows users to share a Query. When disabled, the users cannot see an option to share a Query.
Dashboard
-
generate a dashboard with Al (dashboard:aigen): Allows the users to generate a Dashboard. When disabled, the user cannot generate a Dashboard, which removes the option to generate a Dashboard.
-
clone a dashboard (dashboard:clone): Allows the users to clone a Dashboard. When disabled, the user cannot clone a Dashboard, which removes the option to clone a Dashboard.
-
create a dashboard (dashboard:create): Allows the users to create a Dashboard. When disabled, the users cannot create a Dashboard.
-
delete a dashboard (dashboard:delete): Allows the users to delete a Dashboard. When disabled, the user cannot delete a Dashboard and removes the option to delete a Dashboard.
-
edit a dashboard (dashboard:edit): Allows the users to edit a Dashboard. When disabled, the user cannot edit and save an existing Dashboard.
-
see list of dashboards (dashboard:list): Allows the users to see the list of Dashboards. When disabled, the user cannot see the Dashboard list when the Dashboards tab is selected.
-
access dashboard Presenter (dashboard:presenter)
-
share a dashboard (dashboard:share): Allows users to share a Dashboard. When disabled, the users cannot see an option to share a Dashboard.
-
share dashboard to PDF (dashboard:share-pdf): Allows users to share a Dashboard as PDF. When disabled, the users cannot see an option to share a Dashboard as a PDF.
-
share dashboard to PowerPoint (dashboard:share-ppt): Allows users to share a Dashboard as PPT. When disabled, the users cannot see an option to share a Dashboard as a PPT.
-
manage dashboard secure share url (dashboard:share-secure-url): Allows users to manage dashboard secure share URL. When disabled, the users cannot see an option to manage a Dashboard secure share URL.
-
manage dashboard share url (dashboard:share-url): Allows users to manage dashboard share URL. When disabled, the users cannot see an option to manage a Dashboard share URL.
Datasource
- clone a datasource (datasource:clone): Allows the users to clone a Datasource. When disabled, the user cannot clone a Datasource, which removes the option to clone a Datasource.
- create a datasource (datasource:create): Allows the users to create a Datasource. When disabled, the users cannot create a Datasource.
- delete a datasource (datasource:delete): Allows the users to delete a Datasource. When disabled, the user cannot delete a Datasource and removes the option to delete a Datasource.
- edit a datasource (datasource:edit): Allows the users to edit a Datasource. When disabled, the user cannot edit and save an existing Datasource.
- see list of datasources (datasource:list): Allows the users to see the list of Datasources. When disabled, the user cannot see the Datasource list when the Datasources tab is selected.
- share a datasource (datasource:share): Allows users to share a Datasource. When disabled, the users cannot see an option to share a Datasource.
Widget
- clone a widget (widget:clone): Allows users to clone a widget. When disabled, the user cannot see an option to clone the widget.
- create a widget (widget:create): Allows the users to create a new widget. When disabled, the user cannot see an option to create a new widget, which is not the same as cloning a widget.
- delete a widget (widget:delete): Allows the users to delete a widget. When disabled, the users cannot see an option to delete a widget.
- edit a widget (widget:edit): Allows the users to change widget settings (Visualization tab). When disabled, the user cannot make changes to the Visualization tab.
- read widget instantsights (widget:instantsights:read): Allows users to have read access to widget instantsights. When checked, users can only view the instantsights but not configure them.
- access widget instantsights (widget:instantsights:write): Allows users to control access to widget instantsights. When disabled, the user cannot edit the widget instantsights settings.
- see list of widgets (widget:list): Allows the users to see the widgets list. When disabled, the users cannot see the widget button on the navigation pane, and the widgets list is empty.
- manage widgets (widget:manage): Allows the users to select manage widgets from the widgets pane. When disabled, the manage widgets option is unavailable on the widgets pane.
- share a widget (widget:share): Allows users to share widgets. When disabled, the users cannot share widgets.
- manage widget secure share url (widget:share-secure-url): Allows users to share via secure URL. When disabled, the option to generate a secure share URL is unavailable.
- manage widget share url (widget:share-url): Allows users to share via secure URL. When disabled, the option to generate share URL is unavailable.
User
- create a user (user:create): Allows the users to create a user. When disabled, the users cannot create a user.
- delete a user (user:delete): Allows the users to delete a user. When disabled, the option to delete a user is removed.
- edit a user (user:edit): Allows the users to edit a user (user role, permissions, filters, etc). When disabled, the option to edit a user is removed.
- invite new users (user:invite): Allows the users to invite new users. When disabled, the option to invite new users is removed.
- see list of users (user:list): Allows the users to see a user list. When disabled, the user is unable to view the user list.
- login as another user from user settings (user:login-as): Allows the users to login as another user. When disabled, the users cannot log in as another user through the team page.
- allows user to see user-profile/logout section (user:profile): Allows the user to see the bottom left user icon. When disabled, the bottom left user icon is removed, and the user cannot log out or access user settings.
- manage user account settings (user:settings:account): Allows the user to see the bottom left user icon - the ability to manage user account settings. When disabled, the user cannot see user settings but can log out.
- manage always share to group (user:settings:always-share-to-group): Allows the user to manage ‘always share to group’. When disabled, the user cannot manage ‘always share to group’
- manage API KEY (user:settings:api-key): Allows the users to manage the API key. When disabled, the user cannot manage the API key.
- manage default dashboard (user:settings:default-dashboard): Allows the user to manage the default dashboard. When disabled, the user cannot view/select the default dashboard.
- access ldap tab on user settings page (user:settings:ldap): Allows the user to access ‘LDAP’ tab under user settings. When disabled, the user cannot view the 'LDAP' tab under user settings.
- manage management api (user:settings:management-api): Allows users to edit management API settings. When disabled, the user cannot edit management API settings.
- access plans tab on user settings page (user:settings:plan): Allows users to access the plans tab. When disabled, the users cannot access the plans tab.
- see custom plan details (user:settings:plan-details): Allows users to access the custom plan details. When disabled, the users cannot access custom plan details.
- access role tab on user settings page (user:settings:role): Allows users to access the role tab on user settings page. When disabled, the users cannot access the role tab on the user settings page.
- access saml tab on user settings page (user:settings:saml): Allows users to access the 'saml' tab on the user settings page. When disabled, the users cannot access the ‘saml’ tab on the user settings page.
- access team tab on user settings page (user:settings:team): Allows users to access the ‘team’ tab on the user settings page. When disabled, the users cannot access the ‘team’ tab on the user settings page.
- see detailed invitation settings (user:settings:team-invite-details): Allows the users to see team invitation details. When disabled, the users cannot see the team invitation details.
- access usage tab on user settings page (user:settings:usage): Allows the users to access the ‘usage’ tab on the user settings page. When disabled, the users cannot access the ‘usage’ tab.
Customer
-
manage customer settings list (customer:settings:list): Allows users to manage the customer settings list. When disabled, the users cannot manage the customer settings list.
-
account administrator (account:admin): Allows users to create customer account admin. When disabled, the users cannot create a customer account admin.
-
manage default date format (customer:settings:default-date-format): Allows users to manage the default date format. When disabled, the users cannot manage the default date format.
-
manage default timezone (customer:settings:default-timezone): Allows users to manage the default timezone. When disabled, the users cannot manage the default timezone.
-
manage global header & footer (customer:settings:global-header-footer): Allows users to manage the global header and footer. When disabled, the users cannot manage the global header and footer.
-
move assets from one user to another under the same customer (customer:settings:move-user-assets): Allows users to manage the default date format. When disabled, the users cannot manage the default date format.
-
manage natural language processing (customer:settings:nlp): Allows users to manage NLP settings. When disabled, the users cannot manage the NLP settings.
-
manage password expiration (customer:settings:password-expiry): Allows users to manage the password expiration. When disabled, the users cannot manage the password expiration.
-
manage SSO token (customer:settings:sso-token-generate): Allows users to manage the SSO token. When disabled, the users cannot manage the SSO tokens.
-
Allows to manage tunnel key (customer:settings:tunnel): Allows users to manage the tunnel key. When disabled, the users cannot manage the tunnel key.
Report
- attach dashboards to reports (report:dashboards): Allows users to attach dashboard PDF or embed an image of a dashboard to reports. When disabled, the users cannot attach dashboards to reports. (Defaults on for Admins and Users).
- attach dataset to reports (report:datasets): Allows users to attach datasets (CSV) to reports. When disabled, the users cannot attach datasets to reports. (Defaults on for Admins and Users).
- manage reports (report:email): Allows users to create and edit reports. When disabled, the users cannot create/edit reports. (Defaults on for Admins and Users).
- report on instantsights (report:insights): Allows users to create reports on widget's instantsights. When disabled, the users cannot create reports on instantsights. (Defaults on for Admins and Users).
- report as another user (report:report-as): Allows users to report as another user when scheduling and sending a report. (Defaults on for Admins only). When disabled, the users cannot report as another user.
- attach widgets to reports (report:widgets): Allows users to attach widgets (PDF/CSV) to reports. When disabled, the users cannot attach widgets to reports. (Defaults on for Admins and Users).
- send reports via email (report:send-via-email): Allows users to send reports via email. When disabled, the users cannot send reports via email. (Defaults on for Admins and Users).
- send reports via slack (report:send-via-slack): Allows users to send reports via slack. When disabled, the users cannot send reports via slack. (Defaults on for Admins and Users).
- send reports via teams (report:send-via-teams): Allows users to send reports via teams. When disabled, the users cannot send reports via teams. (Defaults on for Admins and Users).
- send reports via webhook (report:send-via-webhook): Allows users to send reports via webhook. When disabled, the users cannot send reports via webhook. (Defaults on for Admins and Users).
Category
- create a category (category:create): Allows the users to create a category. When disabled, the users cannot create a category.
- delete a category (category:delete): Allows the users to delete a category. When disabled, the users cannot delete a category.
- edit a category (category:edit): Allows users to edit a category. When disabled, the users cannot edit a category.
- see list of categories (category:list): Allows users to see a category list. When disabled, the users cannot see the list of categories.
- share a category (category:share): Allows users to share a category. When disabled, the users cannot share categories.
Other
-
see list of ml models (ai:mi): Allows users to see a list of ML models. When disabled, the users cannot see the list of ML models.
-
allows to set session timeout in minutes (customer:settings:session-timeout): Allows users to set session timeout. When disabled, the users cannot set the session timeout.
-
create a filter-set (filter-set:create): Allows users to create a filter set. When disabled, the users cannot create a filter set.
-
delete a filter-set (filter-set:delete): Allows users to delete a filter set. When disabled, the users cannot delete a filter set.
-
list filter-sets (filter-set:read): Allows users to list a filter set. When disabled, the users cannot list a filter set.
-
edit a filter-set (filter-set:update): Allows users to edit a filter set. When disabled, the users cannot edit a filter set.
-
manage agents (ops:agent): Allows users to manage agents. When disabled, the users cannot manage agents.
-
manage operational dashboards (ops:dashboard): Allows users to manage operational dashboards. When disabled, the users cannot manage operational dashboards.
-
manage alerts (report:alert): Allows users to manage alerts. When disabled, the users cannot manage alerts.
Document AI
-
query the AI for information regarding documents (document-ai:ask):Allows users to ask questions of the document AI model. When disabled, users cannot use the model.
-
remove documents from the AI (document-ai:delete): Allows users to delete documents. When disabled, the users cannot delete documents.
-
share documents with others (document-ai:share): Allows users to share documents with other users. When disabled, the users cannot share documents.
-
upload documents to the AI (document-ai:upload): Allows users upload documents to document AI. When disabled, the users cannot upload new documents.