User Roles and Workspaces
A workspace in Hevo is a collaborative working platform where members of a team can create and access Pipelines, Models, Workflows, and Activations. Hevo allows you to create up to five teams using the domain name of your organization. Each team creates its own workspace and provides role-based access to the members. Role-Based Access Control (RBAC) is a method of regulating access to entities within a Hevo account and or workspace, based on the roles assigned to users, which define the actions they are authorized to perform. RBAC uses the following user roles to grant or deny access to different Hevo entities within the account:
Note: Starting Release 2.17, the Workflows feature and its related roles are available only for existing users. Users signing up from Release 2.17 onwards cannot create Workflows. For more information, please contact Hevo Support or your account executive.
Administrator
Users with the Administrator role have the ability to create or delete entities. For example, Pipeline Administrator can create, edit, and delete Pipelines. The Team Administrator role is typically an overarching permission that grants access to all entities within the system. This means that a Team Administrator can perform administrative functions across all teams or entities. On the other hand, other administrator roles are usually specific to the entity they are related to. The following table outlines the various roles and the corresponding permissions available for administrators:
Role Name | Description | Permissions |
---|---|---|
Activation Administrator | Is assigned to a user or users for managing the Activation feature in an organization. This user can create, edit, and delete Activations and has complete access to all the entities related to an Activation. They are responsible for managing the activation, setting up the target, and ensuring that the Activation process is running smoothly. | - Destination - Create, Edit, View, Delete - Activations - Create, Edit, View, Delete - Team - None - Billing - Edit - Pipeline - None - Models & Workflows - None |
Billing Administrator | Allows users to manage the billing and payment aspects of an account. Users with this role can access and manage subscriptions and billing related information. For example, adding and removing cards, changing plans, viewing invoices, and changing on-demand credit settings. | - Destination - Create, Edit, View, Delete - Billing - Create, Edit, View, Delete - Team - None - Pipeline - None - Models & Workflows - None - Activations - None |
Models & Workflows Administrator | Provides the ability to create, edit, and delete Models and Workflows within an organization. Users can transform data loaded by their Pipeline for business reporting, intelligence needs, and derive business insights. | - Models & Workflows - Create, Edit, View, Delete - Destination - Create, Edit, View, Delete - Team - None - Billing - None - Pipeline - None - Activations - None |
Pipeline Administrator | Provides administrative access to the Pipelines in a team. Users can create, edit, delete Pipelines, and perform other administrative tasks such as scheduling the Pipelines and mapping the schema of the data being ingested. They have complete control over the Pipelines in the organization. | - Pipeline - Create, Edit, View, Delete - Destination - Create, Edit, View, Delete - Team - None - Billing - None - Models & Workflows - None - Activations - None |
Team Administrator | Provides complete access to all entities within the account and manages the entire account. This is the default role for the user who creates the team. | It is recommended to have at least two team administrators to ensure continuity in business. - Team - Create, Edit, View, Delete - Billing - Create, Edit, View, Delete - Pipeline - Create, Edit, View, Delete - Destination - Create, Edit, View, Delete - Models & Workflows - Create, Edit, View, Delete - Activations - Create, Edit, View, Delete |
Collaborator
Collaborators can modify the configuration of an entity; however, they cannot create or delete the entity. For example, a Pipeline Collaborator can edit the Pipeline configuration, change its schedule, pause and restart it, and edit the schema mapping, but they do not have the ability to create or delete Pipelines. The following table outlines the various roles and their corresponding permissions available for collaborators:
Role Name | Description | Permissions |
---|---|---|
Team Collaborator | Grants complete access to all entities in the account, except for two critical permissions, account deletion and billing. | - Pipeline - Edit and View - Destination - Edit and View - Models & Workflows - Edit and View - Activations - Edit and View - Team - Edit and View - Billing - None |
Pipeline Collaborator | Provides the ability to design, build, and maintain Pipelines. | - Pipeline - Edit and View - Destination - Edit and View - Models & Workflows - None - Activations - None - Team - None - Billing - None |
Models & Workflows Collaborator | Provides the ability to design and maintain Models and Workflows to transform data in the Destination for business reporting, intelligence needs, and deriving business insights. | - Destination - Edit and View - Models & Workflows - Edit and View - Team - None - Billing - None - Pipeline - None - Activations - None |
Activation Collaborator | Provides the ability to set up and manage reverse ETL to move data from data warehouses to SaaS applications. | - Activations - Edit and View - Destination - Edit and View - Team - None - Billing - Edit - Pipeline - None - Models & Workflows - None |
Observer
Observers have View access to all the entities in the application. They cannot change the role of a user or their access to any entity. Additionally, they do not have access to the workbench, raw data, Transformations, Models, or any other related resources. Note: If a user does not have the necessary permission to access an entity, it is greyed-out within the Hevo user interface. Hovering over a greyed-out item shows a tooltip asking the user to contact the Team Administrator for the permission required to access the entity.