Access and permissions

To access Data Browser in your tenant’s workspace, you need — besides access to the tenant itself — the corresponding roles to work with Data Browser.

Your tenant manager can grant you access and permissions, also for technical clients (technical users). As a tenant manager, handle user management with the Multitenant Access Control portal.

Available default roles for Data Browser:

Name Description Role key

Data Browser Viewer

Required to see the application and its contents in your tenant’s workspace.
With only that role, users can just see the Data Browser user interface and the data available on their tenant. In addition, users can: * Perform basic actions such as can_read, can_list, can_get, and can_show * Carry out read-only SQL Lab operations

DATA_BROWSER_VIEWER

Data Browser Editor

Additionally, with this role, users can perform more CRUD actions, which include can_write, can_edit, can_delete, and can_post. Does not include viewer role. That means, for visibility in the Workspace, the Data Browser Viewer role is needed additionally.

DATA_BROWSER_EDITOR

As a developer, note that the URN (included in the token) for a role gets constructed as follows:

urn:macma-application-role:<tenant-id>:<client-id>:<role-key>

The placeholders mean:

  • <tenant-id> — Your tenant ID.

  • <client-id> — Part of the credentials for your technical client. The client credentials were created when the corresponding module was created. See also Modules: Grant access for technical clients.

  • <role-key> — Is indicated for each role in the role overview.