User roles and permissions
For larger organizations, Lokad provides the possibility to grant different roles to the various users who have access to a Lokad account. Below you will find the description of different roles offered by Lokad as well as the different rights and permissions associated with them. Lokad accounts don’t have a limit on the number of users a company can have and the same role can be assigned to multiple users.
Table of contents
The following table visualizes the different rights of six various users:
|Role||Manage Users||View Projects||Run Projects||Create, Edit, Delete Projects||View Run Details||Upload Files||Download Files|
- “Manage Users” means being able to grant access rights to other users and invite new users.
- “View Projects” means being able to see all the Envision dashboards associated with a particular account, but not being allowed to modify the configuration of the account itself.
- “Run Projects” means to execute the projects.
- “Create, Edit, Delete Projects” means to be able to build, access, modify, or delete the Envision dashboards associated with a particular account, create, edit, and delete project sequences, and connect data source.
- Viewing the execution history of a project which is included in “View Run Details”.
- “Upload Files” means through FTP, SFTP or the Files section of the web interface. A user who can “Run Projects” is always allowed to use the
- “Download Files” means through FTP, SFTP or the Files section of the web interface. A user who can “View Projects” is always allowed to download from the dashboard tiles; a user who can “View Run Details” is always allowed to download the imported and exported files of a run.
Invitation of new users
To invite new users, click on Invite User button and fill in the requested information:
It is necessary to set-up projects and files access for all the users, even when they are provided an access to a new, “empty” account. When creating a new account, it is recommended to create groups of users from the very beginning:
or to give access to all projects and files by simply adding “/” as indicated in the following example:
This shall be done even for an uploader role that is expected to only need an access to some selected folders. The allowed access paths should get updated through the life of the account to restrict some users or groups views, if necessary.
All user roles can be restricted to access only a sub-section of all files, Envision scripts and other resources present in your account, by limiting their view to specific folders.
Full access rights. The owner is the only role that allows to grant access rights to other users and even invite new users.
For accounts that are actively managed by the Lokad team, typically through a support plan, it is possible not to have any owner associated with the account, and thus entirely delegate the management of the account to the Lokad team.
Near-full access rights. The only limitation of the editor is not being able to grant access rights, and not being able to invite new users.
The editor role is appropriate for data analysts who actively compose and adjust Envision scripts, create, edit and delete project sequences, and connect data source, and therefore require very significant access in order to modify the content of the account.
With advanced “read-only” and files access, the trusted user has the same permissions as the normal user (see below), but is also granted access to run details, including the associated Envision scripts.
The trusted user role is appropriate for users who regularly need to know the input files, or specific configuration, of historical runs.
A practical “read-only” and files access. The normal user can see all the Envision dashboards and execute them if necessary. In addition, the normal user can upload and download any file located within the account. However, no Envision scripts, no project sequence, and no applicative settings (such as data retrieval from a 3rd party app/data sourcing) can be modified by the normal user, and no Envision code can be viewed, either through the script editor or through the run details.
The normal user role is appropriate for those users who are expected to execute Envision scripts on a regular basis, but who do not need to modify the configuration of the account itself.
A narrow “read-only” access allows to view Envision dashboards without running them.
The limited user access is appropriate for employees who only require read-only access to specific sections of the Lokad account.
A narrow data access which only offers the possibility to write and read files from a specified folder. Projects cannot be accessed, modified or executed.
The uploader is intended for robots in charge of uploading / downloading data to / from Lokad. The credentials can be given to a 3rd party of limited trust that is only in charge of transferring its own data to Lokad, without gaining access to the other data that may exist in the account.
A “read-only” and download files access. The demo user can see all the Envision dashboards and download any file located within the account. However, neither Envision scripts nor any applicative settings (such as data retrieval from a 3rd party app) can be modified by the demo user. The demo user has no right to upload the files.
The demo access level only appears in Lokad’s Demo account, and cannot be used on other accounts.