Catalyst

by Zoho
×
Cancel
  • Tutorials
  • FAQ
  • Developer Tools
    CLI
    SDK
    Java Node.js Python Web Android iOS Flutter
    REST API
    Utilities
    Extensions Tools Integrations
    • Go to console

    Profiles and Permissions

    Introduction

    A profile represents a collection of permissions and privileges that gives project members access to various components and features inside a project.

    When you add a new project member, you must assign them to a specific profile for each project that they are added to. You can assign them to one of the default profiles, or define custom profiles based on your needs and use them instead.

    All profiles and permissions are project specific, and not account specific. You can assign the same individual to different profiles in different projects, and thereby grant different levels of access in each project. This enables you to provide only the relevant authorization to project members based on your organization’s requirements.

    Note:
    • Profiles do not apply to Catalyst account admins or the Super Admin. Only project members can be assigned to profiles for each project.
    • Catalyst provides permissions to project members in compliance with all relevant and applicable data protection laws and privacy guidelines, such as GDPR and HIPAA regulations. This helps you readily implement user data protection regulations and build applications in accordance with them.

    Permissions

    The permissions defined by Catalyst are grouped into several categories. A Catalyst account admin can grant or deny any individual permission for a custom profile while creating it. Any default or custom profile can be assigned to a project member by an admin or another member with the Add/Update/Remove Collaborators permission.

    Before you learn about the permissions defined in Catalyst, you must understand the Access Types available for those permissions:

    • Editor
      Editor access enables the project member to modify the configurations and data of the components they have permission to access. Editor access is available for all permissions defined in Catalyst.
    • Viewer
      Viewer access enables the project member to only view the configurations and data of the components they have permission to access.

      Viewer access is only available for four permissions from the permissions listed below: Development Environment, Production Environment, Manage Settings and Configuration. The details are explained in the table below.

    The following permissions are defined and available in Catalyst for the Editor Access Type:

    Permissions Group Permissions Description
    Manage Collaborators Add/Update/Remove Collaborators This provides permission to invite a project member or an admin, assign other projects to a project member, change the collaboration type for a lower level of hierarchy, or remove a project member from a project.
    Development Environment Data Store
    File Store
    Logs
    Event Listeners
    Other Components    		 If Editor access to the Data Store, File Store, Event Listeners, Logs, or Other Components is granted, the project member can configure the respective components and add data in them in the development environment of that project. development environment of that project.
    Note: Catalyst enables you to provide access to the Data Store, File Store, Event Listeners, and Logs independently, and groups other components such as Circuits, Functions, Cron etc under "Other Components" because, the independent components can contain sensitive user data that you might require exclusive control on. This is done to adhere to all applicable data protection laws and privacy guidelines, such as GDPR and HIPAA.You will not be able to unselect the permission for "Other Components" in the development environment, because that is the minimum level of permission that can be granted to a project member. If you choose to provide permission to access Event Listeners, you must provide permissions to access Data Store and File Store prior to that. This is because, Catalyst shows sample event data patterns in the console with relevant data of the Data Store or File Store when you configure a Component event listener with those components, and therefore project members must already have access to those components.
    Production Environment Data Store File Store Logs Event Listeners Other Components If Editor access to the Data Store, File Store, Logs, Event Listeners, or Other Components is granted, the project member can configure the respective components and add data in them in the production environment of that project.
    Note: Similar to the development environment, Catalyst lists out the first three components independently as they can contain sensitive user data. If you select Data Store, File Store, Event Listeners, or Logs in the production environment, "Other Components" will be selected by default. To unselect it, you will need to unselect any/all of the three independent components. Similar to the development environment, if you choose to provide permission to access Event Listeners, you must provide permission to access Data Store and File Store prior to that.
    Manage Add-On Services Enable/Disable Add-On Services This provides the permission to enable or disable any of the Catalyst Add-On Services for that project.
    Manage Settings and Configurations Perform Migrations This provides the permission to migrate the project from development to production or production to development, and perform all migration actions.
    Enable/Disable Production Environment This provides the permission to enable or disable the production environment any time after the project has been deployed to production.
    Access Billing Components If Editor access to this permission is granted, the project member can access the Billing settings (except the Overview and Manage Billing sections), create budgets, and view reports and breakdowns of that project. Viewer: If Viewer access to this permission is granted, the project member can only view reports and breakdowns of that project, but cannot create or manage budgets.
    Note: Only the admins of a Catalyst account can access the Overview section under the Billing settings because that section displays information from all projects of that Catalyst account. Only the admins of a Catalyst account can access the Manage Billing or Payments Portal section. This means that only admins can set up the payment method, add credit cards, and manage all payment and transaction related activities for the Catalyst account. A project member cannot perform these activities.
    Add/Delete Mobile Packages This provides the permission to add or delete Android or iOS SDK packages for the project from the Developer Tools settings in the console.
    Access Audit Logs This provides the permission to view the audit logs of all the projects in your Catalyst account. Note: If you choose to provide permission to access Audit Logs, you must provide permission to access Data Store, File Store, Event Listeners, and Other Components prior to that. This is because, Catalyst shows the configurations and data of these components in the Audit Logs settings in the console, and therefore project members must already have permissions to those components.

    Default Profiles

    Catalyst has three default profiles, each of which has predefined sets of permissions. You can view the default profiles by clicking the Profiles & Permissions section in General Settings.

    catalyst_profiles

    Note: These default profiles cannot be modified or deleted.

    The default profiles and the permissions included in them are:

    • Project Owner

      A project member assigned to the Project Owner profile will have Editor access to all the permissions for that project, as specified in the table in the previous section. A Project Owner is the highest privilege granted to a project member and makes all permissions and access available to them.

    You can click Project Owner from the Profiles and Permissions section to view the details.
    catalyst_profiles_project_owner

    Note: A project owner will still not have the exclusive privileges granted to a Catalyst account admin. This is in the highest level of hierarchy for project member type only.

    • Contributor

      A project member assigned to the Contributor profile will have Editor access to work with all the components and data of the development and production environments. They can also perform migrations, and enable or disable the production environment. However, they will not have any other permissions specified in the table in the previous section.
      catalyst_profiles_contributor
      You can assign the Contributor profile to members who are involved in developing the application, but do not manage the Catalyst account or project settings.

    • Viewer

      A project member assigned to the Viewer profile will have Viewer access to the development and production environments. This means that they can view the configurations and data of all the components in the developer and production environment of that project, but will not be able to modify any components or data.
      catalyst_profiles_viewer
      You can assign the Viewer profile to members from a different department of your organization, or anyone who is not actively involved in developing the application but would like to observe the schema and data.

    Note: The Viewer profile is not the same as the Viewer access type. You can grant the Viewer access type to any custom profile and include only some of those permissions available for it.

    Create a New Custom Profile

    A Catalyst account admin or the Super Admin can create custom profiles and define the permissions to be included in them. A project member will not be able to create or manage custom profiles.

    Note: Catalyst allows you to create upto 50 custom profiles in an account in the development environment. You can request Catalyst for an increase in this limit by contacting our support at support@zohocatalyst.com. We will address each request on a case-by-case basis. There are no upper limits for profile creation in the production environment.

    To create a new custom profile for a Catalyst account:

    1. Click Profiles & Permissions under General Settings, then click Add New Profile from that section.
      catalyst_profiles_create_1

    2. Provide a name and a description for the custom profile. Select the Access Type of the profile.
      catalyst_profiles_create_2

    3. Select the required permissions that must be included in the profile. You can click the Select All checkbox in the top-right corner to select all the permissions.
      catalyst_profiles_create_3

    Note: The Other Components permission in Development Environments permission is available to both Editor and Viewer access types for any profile that you create by default. This is the minimum level of permission that you can include in a profile and grant to a project member. You will not be able to unselect this or remove this permission.
    1. Click Confirm.

    The profile will be created and listed in the Profiles and Permissions section. You can click on it to view the details.

    catalyst_profiles_created

    A Catalyst account admin or a project member with the Add/Update/Remove Collaborators permission can assign a profile to another project member while inviting them, as discussed previously.

    Change a Project Member’s Profile

    You can also change the profile assigned to a project member for a project, with the necessary permission, in the following way:

    1. Navigate to the Collaborators section in General Settings and click the project member from the list to open their details. Click the ellipsis icon for the project that their profile must be changed in, then click Change Profile.
      catalyst_collaborators_change_profile_1

    2. Select a profile from the dropdown list. Then select the check icon.
      catalyst_collaborators_change_profile_2

    The project member’s permissions to access that project will now be changed based on the profile you selected.

    catalyst_collaborators_change_profile_3

    Edit a Custom Profile

    To edit a custom profile or modify the permissions included in it:

    1. Click the ellipsis icon for the profile in the Profiles and Permissions section, then click Edit. Alternatively, you can click Edit from the profile’s details page.
      catalyst_profiles_edit_1
    2. Make the necessary changes to the profile. Click Update.
      catalyst_profiles_edit_2

    Delete a Custom Profile

    When you delete a custom profile, you must replace it with another profile. This will migrate all the project members assigned to that profile to the replacement profile. Their permissions to access the projects will be changed accordingly.

    To delete a custom profile:

    1. Click the ellipsis icon for the profile in the Profiles and Permissions section, then click Delete.
      catalyst_profiles_delete_1

    2. Select the profile to replace this with, from the dropdown list. Click Yes, Delete.
      catalyst_profiles_delete_2

    Last Updated 2023-06-15 14:47:26 +0530 +0530

    PREVIOUS

    NEXT