The three roles
| Role | What it allows |
|---|---|
| Read | View the object — its metadata, content, and notes. |
| Write | Everything in Read, plus edit metadata, content, and notes (and add or manage items in a collection). |
| Admin | Everything in Write, plus share the object with others (and lock an asset or dataset). |
- Project — Read sees and lists the project; Write can edit it; Admin can share it.
- Collection — Write can also add and organize the items inside; Admin can share.
- Asset — Read includes the file content and notes; Admin can also lock the asset.
- Dataset — like an asset, with Admin additionally able to grant access to restricted fields.
Permissions cascade
Access granted higher in the hierarchy flows down: someone with Read on a project can read the collections and assets inside it. You can grant access on a specific item to widen or narrow it for that item. Datasets are shared in their own right, so you can govern an analysis-ready dataset separately from the assets it came from.Who you can share with
- Individual people in your organization.
- Groups, to grant many people at once.
- The public, for read-only access via link.
Next steps
People & groups
Grant and manage access for individuals and teams.
Restricted fields
Protect sensitive columns within a dataset.