Profiles and Permissions
A profile represents a collection of permissions and privileges that gives project members access to various components and features inside a project.
When you add a new project member, you must assign them to a specific profile for each project that they are added to. You can assign them to one of the default profiles, or define custom profiles based on your needs and use them instead.
All profiles and permissions are project specific, and not account specific. You can assign the same individual to different profiles in different projects, and thereby grant different levels of access in each project. This enables you to provide only the relevant authorization to project members based on your organization’s requirements.
- Profiles do not apply to Catalyst account admins or the Super Admin. Only project members can be assigned to profiles for each project.
- Catalyst provides permissions to project members in compliance with all relevant and applicable data protection laws and privacy guidelines, such as GDPR and HIPAA regulations. This helps you readily implement user data protection regulations and build applications in accordance with them.
The permissions defined by Catalyst are grouped into several categories. A Catalyst account admin can grant or deny any individual permission for a custom profile while creating it. Any default or custom profile can be assigned to a project member by an admin or another member with the Add/Update/Remove Collaborators permission.
Before you learn about the permissions defined in Catalyst, you must understand the Access Types available for those permissions:
Editor access enables the project member to modify the configurations and data of the components they have permission to access. Editor access is available for all permissions defined in Catalyst.
Viewer access enables the project member to only view the configurations and data of the components they have permission to access.
Viewer access is only available for four permissions from the permissions listed below: Development Environment, Production Environment, Manage Settings and Configuration. The details are explained in the table below.
The following permissions are defined and available in Catalyst for the Editor Access Type:
|Manage Collaborators||Add/Update/Remove Collaborators||This provides permission to invite a project member or an admin, assign other projects to a project member, change the collaboration type for a lower level of hierarchy, or remove a project member from a project.|
|Development Environment||Data Store
|If Editor access to the Data Store, File Store, Event Listeners, Logs, or Other Components is granted, the project member can configure the respective components and add data in them in the development environment of that project. development environment of that project.
Note: Catalyst enables you to provide access to the Data Store, File Store, Event Listeners, and Logs independently, and groups other components such as Circuits, Functions, Cron etc under "Other Components" because, the independent components can contain sensitive user data that you might require exclusive control on. This is done to adhere to all applicable data protection laws and privacy guidelines, such as GDPR and HIPAA.You will not be able to unselect the permission for "Other Components" in the development environment, because that is the minimum level of permission that can be granted to a project member. If you choose to provide permission to access Event Listeners, you must provide permissions to access Data Store and File Store prior to that. This is because, Catalyst shows sample event data patterns in the console with relevant data of the Data Store or File Store when you configure a Component event listener with those components, and therefore project members must already have access to those components.
|Production Environment||Data Store File Store Logs Event Listeners Other Components||If Editor access to the Data Store, File Store, Logs, Event Listeners, or Other Components is granted, the project member can configure the respective components and add data in them in the production environment of that project.
Note: Similar to the development environment, Catalyst lists out the first three components independently as they can contain sensitive user data. If you select Data Store, File Store, Event Listeners, or Logs in the production environment, "Other Components" will be selected by default. To unselect it, you will need to unselect any/all of the three independent components. Similar to the development environment, if you choose to provide permission to access Event Listeners, you must provide permission to access Data Store and File Store prior to that.
|Manage Add-On Services||Enable/Disable Add-On Services||This provides the permission to enable or disable any of the Catalyst Add-On Services for that project.|
|Manage Settings and Configurations||Perform Migrations||This provides the permission to migrate the project from development to production or production to development, and perform all migration actions.|
|Enable/Disable Production Environment||This provides the permission to enable or disable the production environment any time after the project has been deployed to production.|
|Access Billing Components||If Editor access to this permission is granted, the project member can access the Billing settings (except the Overview and Manage Billing sections), create budgets, and view reports and breakdowns of that project. Viewer: If Viewer access to this permission is granted, the project member can only view reports and breakdowns of that project, but cannot create or manage budgets.
Note: Only the admins of a Catalyst account can access the Overview section under the Billing settings because that section displays information from all projects of that Catalyst account. Only the admins of a Catalyst account can access the Manage Billing or Payments Portal section. This means that only admins can set up the payment method, add credit cards, and manage all payment and transaction related activities for the Catalyst account. A project member cannot perform these activities.
|Add/Delete Mobile Packages||This provides the permission to add or delete Android or iOS SDK packages for the project from the Developer Tools settings in the console.|
|Access Audit Logs||This provides the permission to view the audit logs of all the projects in your Catalyst account. Note: If you choose to provide permission to access Audit Logs, you must provide permission to access Data Store, File Store, Event Listeners, and Other Components prior to that. This is because, Catalyst shows the configurations and data of these components in the Audit Logs settings in the console, and therefore project members must already have permissions to those components.|
Catalyst has three default profiles, each of which has predefined sets of permissions. You can view the default profiles by clicking the Profiles & Permissions section in General Settings.
The default profiles and the permissions included in them are:
- Project Owner
A project member assigned to the Project Owner profile will have Editor access to all the permissions for that project, as specified in the table in the previous section. A Project Owner is the highest privilege granted to a project member and makes all permissions and access available to them.
You can click Project Owner from the Profiles and Permissions section to view the details.
A project member assigned to the Contributor profile will have Editor access to work with all the components and data of the development and production environments. They can also perform migrations, and enable or disable the production environment. However, they will not have any other permissions specified in the table in the previous section.
You can assign the Contributor profile to members who are involved in developing the application, but do not manage the Catalyst account or project settings.
A project member assigned to the Viewer profile will have Viewer access to the development and production environments. This means that they can view the configurations and data of all the components in the developer and production environment of that project, but will not be able to modify any components or data.
You can assign the Viewer profile to members from a different department of your organization, or anyone who is not actively involved in developing the application but would like to observe the schema and data.
Create a New Custom Profile
A Catalyst account admin or the Super Admin can create custom profiles and define the permissions to be included in them. A project member will not be able to create or manage custom profiles.
To create a new custom profile for a Catalyst account:
Click Profiles & Permissions under General Settings, then click Add New Profile from that section.
Provide a name and a description for the custom profile. Select the Access Type of the profile.
Select the required permissions that must be included in the profile. You can click the Select All checkbox in the top-right corner to select all the permissions.
- Click Confirm.
The profile will be created and listed in the Profiles and Permissions section. You can click on it to view the details.
A Catalyst account admin or a project member with the Add/Update/Remove Collaborators permission can assign a profile to another project member while inviting them, as discussed previously.
Change a Project Member’s Profile
You can also change the profile assigned to a project member for a project, with the necessary permission, in the following way:
Navigate to the Collaborators section in General Settings and click the project member from the list to open their details. Click the ellipsis icon for the project that their profile must be changed in, then click Change Profile.
Select a profile from the dropdown list. Then select the check icon.
The project member’s permissions to access that project will now be changed based on the profile you selected.
Edit a Custom Profile
To edit a custom profile or modify the permissions included in it:
- Click the ellipsis icon for the profile in the Profiles and Permissions section, then click Edit. Alternatively, you can click Edit from the profile’s details page.
- Make the necessary changes to the profile. Click Update.
Delete a Custom Profile
When you delete a custom profile, you must replace it with another profile. This will migrate all the project members assigned to that profile to the replacement profile. Their permissions to access the projects will be changed accordingly.
To delete a custom profile:
Click the ellipsis icon for the profile in the Profiles and Permissions section, then click Delete.
Select the profile to replace this with, from the dropdown list. Click Yes, Delete.
Last Updated 2023-06-15 14:47:26 +0530 +0530
Send your feedback to us