Dataiku Groups vs User Profiles

eshcaller517

When granting access to a User, which permission level supersedes the other, the Group or the User Profile? For example if someone is added to a group that has the ability to only read a dashboard but their User Profile is a Data Scientist, which has all permissions, would they then be able to create datasets in a project despite the group only having the read dashboard ability?

Turribeach

Permissions are additive, which means you will get a combination of all the granted permissions and the highest permission level will take precedence over others.

eshcaller517

thanks for the info!

Turribeach

Also you are mixing two things here: user/group permissions and profiles. User/group permissions define what you can do at object level. Profiles define the functionality you can use at instance level.

To edit a project recipe for instance you will need either write permissions as user or group granted to you and User Profile of Data Scientist.

eshcaller517

are you able to explain a little more the difference between the object level and instance level?

Turribeach

You grant users/groups access to folders, projects, code environments, etc. Those are objects in your DSS server. The User profile is granted at the instance level so it gives the user the functional permissions to perform actions according to the profile. Profiles exist so you can have different types of licenses.

Sign up to take part

Dataiku Groups vs User Profiles

Dataiku Groups vs User Profiles