Note: This article refers to an Enterprise-only feature.
Note: The Admin role (which is not listed as a Group), will take precedence over any Forbid permissions assumed from Group Membership.
To enable Permissions on the server, an Admin must ensure that the Security Configuration (Admin → User Configuration) is set to 'Internal' or 'External'.
Doing so will (after a server restart) will enable 3 dialogs. Manage Groups and Manage Permissions are available through the Admin menu and, thus, are usable only by Admins. View Permissions is available through the Help menu and can be accessed by both Admins and regular users.
Each group has a defined set of permissions that either allow or restrict access to specific parts of Matillion ETL. A user is then associated with one or more groups that confer those permissions upon the user. This process is explained in greater detail in the sections below.
Users that lack the necessary permission/s to access a resource will often be confronted with a greyed-out item accompanied by a "Missing required permissions" tooltip that states the permission that would be needed to access the resource.
Admins can create (as well as edit and remove) as many Groups as they please, each with an identifying name specified by the admin.
Clicking the Manage Members button next to each group allows admins to assign users to the group.
Alternatively, clicking the 'Membership' button will allow admins to assign users to one or more (or indeed, no) groups by selecting the user in question and using the + and - buttons to add and remove the groups they are a member of.
These groups carry permission details that can be set using the Manage Permissions dialog in the Admin menu.
Note: If a user is a member of groups that conflict in their permissions (if one group Enables what another Forbids) then an Enabled permission always overrules a Forbidden permission.
Matillion ETL comes with several default groups that can be used 'out of the box'. These groups can be edited (or deleted) as desired.
Reader: Can view the Matillion ETL project and almost all parts of the instance including API Profiles, Credentials, OAuths, Jobs and Variables. Cannot edit any of these, however.
Reader with Comments: The same as 'Reader' but can write notes to annotate jobs.
Runner: This user has the ability to view Matillion ETL the same as a 'Reader' can but with the added ability to run jobs as well as the individual components within. However, a Runner cannot edit or execute schedules.
Scheduler: In addition to 'Runner' benefits, can also edit and execute schedules and related areas such as Credentials, Drivers and OAuths.
Writer: Is capable of viewing, editing and executing all parts of Matillion ETL but is forbidden from deleting Projects and Versions.
Here, admins can adjust the permission settings for any of the Groups created in the Manage Groups dialog. Clicking the pencil icon by any group will open a new dialog to edit permissions.
From here, a hierarchical view of all permissions in Matillion ETL can be found. Changing the 'State' of any permission will affect that resource's availability to members within this Group. Note that the State of a permission can be set for an entire set of resources such as 'API Profile' in a coarse grain manner which will also determine the 'Expected' state of the permissions that set includes. This Expected State can be overridden by expanding the set and setting the state on the individual permissions within.
Permissions have 3 possible states:
- Granted: The permission is available to members of the group. This will override a Forbidden Expected State.
- Forbidden: The permission is unavailable to members of the group. This will override a Granted Expected State.
- Unspecified: The permission defers to its Expected value.
To aid navigation of the permissions list, a search box is included at the top of the dialog. The radio buttons allow admins to search for specific Permission Names, States or Expected States.
Users can check a full list of their own permission states using the View Permissions dialog in the Help menu. If the State is 'Granted' then this user has full access to the permission, else it is 'Forbidden' and they do not.To aid navigation of the permissions list, a search box is included at the top of the dialog. The radio buttons allow users to search for specific Permission Names and States.