User roles overview#
Roles are configured separately for workspaces and projects.
Roles in a workspace#
Workspace roles are admin and member.
Summary of workspace permissions:
| Permission | Admin | Member |
|---|---|---|
| Manage subscription (including invoice data) | yes | no |
| Manage workspace members | yes | no |
| Create projects | yes | yes |
| Delete projects | yes | no |
| Disable creation of public projects | yes | no |
To access the workspace settings, click the workspace icon in the top-left corner.
Roles in a project#
You can assign workspace members to projects with different levels of access: owner, contributor, or viewer.
To access project members, click the avatar icons in the top-right corner.
| Permission | Owner | Contributor | Viewer |
|---|---|---|---|
| Viewing project content | yes | yes | yes |
| Editing project content | yes | yes | no |
| Viewing project members | yes | yes | yes |
| Editing project members | yes | no | no |
| Viewing or editing project settings and properties | yes | no | no |
Project contributors have broad content permissions, such as logging runs, creating notebooks, and modifying or deleting previously stored data.
Permissions related to membership is restricted to owners and admins. Note that project owners can grant project ownership to anyone in the workspace and also remove other owners.
Admins are always owners
A workspace admin is automatically an owner of all projects and can grant ownership to anyone in the workspace.
Service account permissions#
Service accounts can do logging and management through the Neptune API.
Service accounts can not use the following functions:
Otherwise, service accounts can perform project actions according to their permissions. However, service accounts cannot access any projects unless explicitly assigned to them.