Authorizations
Data Authorization model
Access to Data instances is controlled by a three-tier permission hierarchy:
- Global permissions — apply to all schemas and all instances.
- Schema-level permissions — override globals for a specific schema.
- Instance-level permissions — override schema permissions for a single instance (strict: if defined, no fallback).
Resolution order (highest to lowest):
p_data_admin→ grants all operations on all schemas and instances (non-blockable)- Schema
p_admin→ grants all operations on instances of that schema - Instance
p_use / p_read / p_update / p_delete→ strict override for the individual instance - Schema
p_use / p_read / p_create / p_update / p_delete→ applies to all instances of that schema - Global
p_data_use / p_data_read / p_data_create / p_data_update / p_data_delete→ default fallback
Global permissions
| Permission | Description |
|---|---|
p_data_admin |
All operations on all data. Non-blockable. |
p_data_read |
Read all instances. Blockable at schema or instance level. |
p_data_create |
Create instances in all schemas. Blockable at schema level. |
p_data_update |
Update all instances. Blockable at schema or instance level. |
p_data_delete |
Delete all instances. Blockable at schema or instance level. |
p_data_use |
Operate/execute all actionable instances. Blockable at schema or instance level. |
p_data_import |
Access the import tool. |
p_data_export |
Access the export tool. |
p_data_security_view |
View instance-level permission fields in the UI. |
p_data_security_edit |
Edit instance-level permission fields in the UI and via import. |
Schema-level permissions
Set in _options of the schema definition. Override global defaults for all instances of that schema.
- classname: _schema
keyname: my_schema
_options:
p_admin: PERMISSION_NAME # all ops on this schema, non-blockable
p_create: PERMISSION_NAME # create instances
p_read: PERMISSION_NAME # read instances
p_update: PERMISSION_NAME # update instances
p_delete: PERMISSION_NAME # delete instances
p_use: PERMISSION_NAME # operate/execute actionable instancesIf a schema permission is defined and the user does not have it, access is denied even if the user holds the global permission (strict override).
Instance-level permissions
Set per instance via the UI (requires p_data_security_edit) or via YAML import.
- classname: my_schema
keyname: my_instance
p_read: PERMISSION_NAME
p_update: PERMISSION_NAME
p_delete: PERMISSION_NAME
p_use: PERMISSION_NAMEInstance permissions take precedence over schema permissions. If defined and the user does not hold the required permission, access is denied (strict: no fallback to schema or global).
p_use — Actionable instances
p_use controls the right to operate or execute an instance that represents something actionable, such as triggering a pipeline, running a job, or activating a process. It is distinct from p_read (viewing) and p_update (editing data).
Example: restrict who can trigger a pipeline instance without restricting who can read or edit its configuration.
- classname: _schema
keyname: _pipeline
_options:
p_use: p_pipeline_operator- classname: _pipeline
keyname: my_pipeline
p_use: p_my_pipeline_operator # instance-level overridePer Field Authorization
Not implemented.