User Permissions & Restrictions
Sprinkle has multi-level accessibility of data. Few of which only the admin can access, few of which the analyst can make use of but not the developers. These restrictions and permissions can be set basically for five roles, Admin, Analyst, Report Viewer, Developer, and API Access Grp.
These are the default Groups created in Sprinkle. However, the Groups can be created and permissions can be modified as per the user’s preferences. Each Group has its own permissions and restrictions, in this case, the Admin group is explained.
On clicking the Admin group, it takes the user to a page where they will be able to add or edit Roles, Members, and User Attributes.
Roles:
In the Roles section, clicking on the Admin takes the user to Permissions, Folders, and Allow Restricted Tables page.
Not every user will be allowed to access all the tabs, say, Dashboards, Segments, Explores, Jobs, Notebooks, and Admin. A certain group of users can only access specific permissions which also include viewing and editing of the tabs. By default Sprinkle allots certain permissions for each role, it is listed below.
| Roles | Permissions |
| Admin | The Admin has complete access to the tool and has no restrictions. |
| Analyst | Analysts have Dashboard, Segments, Explores view, and edit permissions. |
| Report Viewer | These users will be only allowed to view reports. |
| Developer | Developers have every permission except the Administrative operations. |
| API Access Group | Users can view Explores, Segments, Project, Cube functionalities. |
In this way, the Admin can create their own Roles and Groups.
Permissions:
The below image consists of all the permissions that the Admin role handles.
The user can add or remove permissions by clicking on the “Add” icon on the top right or by deleting it in the action. A new permission “DATASOURCE_VIEW” has been created for the Admin role.
Viewers:
Sprinkle has introduced a new type of user called viewer users. These users can have only the permissions to see the final outputs. The user can have view permissions to all the resources like DASHBOARD_VIEW, SEGMENT_VIEW, CUBE_VIEW, EXPLORE_VIEW, PROJECT_VIEW, SEARCH. Resources like Explore, segment and dashboard will be visible to the user. USER_KEYS_CREATE is available for the user to programmatically access resources.
While inviting a user to the Sprinkle platform the admin can invite the user as a viewer
The users who have joined as a viewer can be changed to standard users and vice versa, after updating their groups and permissions.
Folders:
Next to Permissions, the next dropdown tab is Folders. Folders can also be referred to as Spaces, these spaces may be user-specific, all folders or shared folder for a certain group of users. Restricting reports for a group of users can be done using the folders functionality.
Any report a user creates comes under his own folder. However, if the user has access to a particular folder, they can view only those reports which fall under that folder and also reports in their own folder.
By default, all the groups in Sprinkle have access to the “Shared folder” so that any report that falls under Shared Folder can be viewed by everyone in the organization.
Restricting the reports to the third party users can be done by removing the “Shared Folder” access for those users. So that a new role and a group is created for those users who have special permissions without “Shared Folder” access.
The folders can be added to the role by clicking on the “Add” icon. A drop-down list appears, from which the folders can be selected.
Restricted Tables:
Restricting tables to a particular group of users can be done using this functionality.
Admin -> Roles
Before adding any tables to the “Allow Restricted Tables” tab, it needs to be added to the restricted tables page.
Admin -> Restricted Tables
On clicking the “New” button, A new restricted table is created.
Only after creating this table, the table can be added to the “Allow Restricted Tables” tab in the “Roles” page. Admin -> Roles -> Allow Restricted Tables
These restrictions can be added for any particular role so that any user belonging to that group which comprises that specific role wouldn’t be able to see and query on those tables.
Members:
Based on the Group, the users can be added or removed. For different Groups, different set of users can be added, say, Analyst group consist of a different set of users whereas the Developer group consists of a different set of users.
User Attributes:
Restricting data from a specific user or a group of users can be done with User Attributes.
Before adding any restrictions to the users by mapping some value, the “User Attribute” should be created.
Admin -> User Attributes page
For Example, on clicking the “New” button on the top right corner, a new “User Attribute” is created in the name “cityorders”.
After creating this user attribute, the segment model should be merged with it. This merging is done mainly to permit the access of certain tables to certain users.
Eg: In this case, the model is “cityorders” i.e. orders from all cities in India. When the admin wants to provide access to a specific user or a group of users only a specific city’s data, this functionality is used.
In order to merge the “User Attribute”, Segments -> Models -> Settings
Click on the “Add” button in the User Attributes tab, a pop-up screen will appear. The Attribute name should be selected, i.e. “cityorders” and the restricted column name should be selected, in this case, it’s “BUYER_CITY” Now the model is merged with the user attribute.
In the Groups tab under Admin, the user can add the User Attribute that is merged with the model by clicking on the “Add” button in User Attributes. Here “OrdersCity” is selected and a value must be applied for this specific “User Attribute” so that the users who belong to this User Attribute will be able to see only “Bangalore” order data. By changing the value, i.e. changing from Bangalore to Chennai allows the users belonging to that specific “User Attribute” to see only the “Chennai” order data.
In the “Users” column, any selected user can be picked, and “User Attribute” can be applied accordingly.
In the “User Attribute” column, the name of the “User Attribute” is applied and the city value can also be applied. This way, restriction or permissions on a specific table for a specific user or a set of users can be applied.
Admin -> Groups -> Admin
Now the User Attribute “OrdersCity” on the model “Orders” is created and the filter value “Bangalore” is applied.
In the user attribute, if the number of users is large in number, they can be uploaded via CSV file in the “User Attribute” page.
The CSV file should have two columns, one column being email Id and the other is value.
User-defined Variables:
Users can define Variables with some value in the flow settings and that variable can be used in that particular flow. For example, in incremental loading user defines the number of window days. The incremental process is explained below.
Product - variables - I icon: Users can define Variables with some value in the flow settings and that variable can be used in that particular flow.