About Validio RBAC
Validio Role-Based Access Control (RBAC) provides granular, permission-based management of users and resources. By organizing users into Teams and segmenting resources into Namespaces, you can ensure data independence and secure monitoring across your organization.
Roles and Permissions
You can assign roles (Admin, Editor, Viewer, and Custom) to users and teams at the global and namespace access levels to control access to different resources in Validio. Custom roles allow you to follow the Principle of Least Privilege to ensure users have the minimum level of access necessary to complete their specific tasks. For more information see Managing Roles.
Resource Access Levels
Roles grant combinations of READ and WRITE capabilities to resources at the global and namespace levels. WRITE permission includes READ, so the tables below list only the additional capabilities that WRITE grants on top of READ.
Global Resources
Global resources are available workspace-wide (not tied to a specific namespace). By default, all users have READ access to global resources.
| Resource | Read Capabilities | Write Capabilities |
|---|---|---|
| API keys | View API keys | Create, update, regenerate, and delete API keys |
| Business glossary | View domains, glossary terms, and term assignments | Create, update, and delete domains and glossary terms |
| Catalog assets | View catalog assets and their incidents | Update catalog assets, refresh the catalog, and run data profiles |
| Classifications | View classifications | Create, update, and delete classifications |
| Saved searches | View saved searches | Create, update, and delete saved searches |
| Identity providers | View identity providers | Create, update, and delete identity providers |
| Integrations | View integrations | Create, update, and delete integrations |
| Lineage | View lineage relationships | Configure and update lineage |
| Namespaces | View namespaces | Create, update, and delete namespaces |
| Roles | View roles and role configurations | Create, update, and delete roles |
| Settings | View workspace settings | Update workspace settings |
| Tags | View tags | Create, update, and delete tags |
| Teams | View teams | Create, update, and delete teams |
| Users | View users and their role assignments | Create, update, invite, and delete users |
Namespaced Resources
Access to namespaced resources is restricted. Users can only interact with these resources if granted permission directly or through their team membership.
| Resource | Read Capabilities | Write Capabilities |
|---|---|---|
| Channels | View channels in the namespace | Create, update, and delete channels |
| Credentials | View credentials in the namespace | Create, update, and delete credentials |
| Filters | View filters in the namespace | Create, update, and delete filters |
| Incidents | View incidents in the namespace | Create, update, acknowledge, and delete incidents |
| Namespace | View the namespace | Create, update, and delete namespaces |
| Notification Rules | View notification rules in the namespace | Create, update, and delete notification rules |
| Segmentations | View and preview segmentations | Create, update, and delete segmentations |
| SQL Execution | View SQL execution results | Run SQL queries |
| Sources | View sources in the namespace | Create, update, delete, start, stop, and backfill sources |
| Validators | View validators in the namespace | Create, update, copy, and delete validators |
| Windows | View windows in the namespace | Create, update, and delete windows |
Users and Teams
Teams are used to organize users into groups which you can base on business units or areas of responsibility within your organization. Different teams can configure and manage their own resources separate from other teams. For example, individual teams can see their data quality without it being affected by incidents that are happening in other teams.
For more information, see Managing Users and Managing Teams.
Namespaces
Namespaces in Validio are used to organize and isolate resources into managed groups, allowing teams to access only the resources assigned to them. This separation ensures that each team can manage its resources independently, without interference from other teams, and helps control data visibility within the Validio platform.
For more information, see Managing Namespaces.