...

User roles and permissions

For larger organizations, Lokad provides the possibility to grant different roles to the various users who have access to a Lokad account. Below you will find the description of different roles offered by Lokad as well as the different rights and permissions associated with them. Lokad accounts don’t have a limit on the number of users a company can have and the same role can be assigned to multiple users.

Table of contents

Access rights

The following table visualizes the different rights of six various users:

Role Manage Users View Projects Run Projects Create, Edit, Delete Projects View Run Details Upload Files Download Files
Owner Yes Yes Yes Yes Yes Yes Yes
Editor Yes Yes Yes Yes Yes Yes
Trusted Yes Yes Yes Yes Yes
Normal Yes Yes Yes Yes
Limited Yes
Uploader Yes Yes
Demo Yes Yes

Invitation of new users

To invite new users, click on Invite User button and fill in the requested information:

Image

It is necessary to set-up projects and files access for all the users, even when they are provided an access to a new, “empty” account. When creating a new account, it is recommended to create groups of users from the very beginning:

Image

or to give access to all projects and files by simply adding “/” as indicated in the following example:

Image

This shall be done even for an uploader role that is expected to only need an access to some selected folders. The allowed access paths should get updated through the life of the account to restrict some users or groups views, if necessary.

Folder restrictions

All user roles can be restricted to access only a sub-section of all files, Envision scripts and other resources present in your account, by limiting their view to specific folders.

User roles

Owner

Full access rights. The owner is the only role that allows to grant access rights to other users and even invite new users.

For accounts that are actively managed by the Lokad team, typically through a support plan, it is possible not to have any owner associated with the account, and thus entirely delegate the management of the account to the Lokad team.

Editor

Near-full access rights. The only limitation of the editor is not being able to grant access rights, and not being able to invite new users.

The editor role is appropriate for data analysts who actively compose and adjust Envision scripts, create, edit and delete project sequences, and connect data source, and therefore require very significant access in order to modify the content of the account.

Trusted user

With advanced “read-only” and files access, the trusted user has the same permissions as the normal user (see below), but is also granted access to run details, including the associated Envision scripts.

The trusted user role is appropriate for users who regularly need to know the input files, or specific configuration, of historical runs.

Normal user

A practical “read-only” and files access. The normal user can see all the Envision dashboards and execute them if necessary. In addition, the normal user can upload and download any file located within the account. However, no Envision scripts, no project sequence, and no applicative settings (such as data retrieval from a 3rd party app/data sourcing) can be modified by the normal user, and no Envision code can be viewed, either through the script editor or through the run details.

The normal user role is appropriate for those users who are expected to execute Envision scripts on a regular basis, but who do not need to modify the configuration of the account itself.

Limited user

A narrow “read-only” access allows to view Envision dashboards without running them.

The limited user access is appropriate for employees who only require read-only access to specific sections of the Lokad account.

Uploader

A narrow data access which only offers the possibility to write and read files from a specified folder. Projects cannot be accessed, modified or executed.

The uploader is intended for robots in charge of uploading / downloading data to / from Lokad. The credentials can be given to a 3rd party of limited trust that is only in charge of transferring its own data to Lokad, without gaining access to the other data that may exist in the account.

Demo user

A “read-only” and download files access. The demo user can see all the Envision dashboards and download any file located within the account. However, neither Envision scripts nor any applicative settings (such as data retrieval from a 3rd party app) can be modified by the demo user. The demo user has no right to upload the files.

The demo access level only appears in Lokad’s Demo account, and cannot be used on other accounts.

User Contributed Notes
0 notes + add a note