🧪 Preview feature! This feature is only available to select users for a limited period of time. The purpose of this private preview is to allow participating users to experiment with the feature and provide valuable feedback. If you'd like to participate in the private preview, reach out to your customer success manager for more information.
Atlan allows you to define granular access controls and delegate administrative functions with admin subroles. Atlan currently only supports one built-in admin subrole — Workflow admin.
The workflow admin subrole allows Atlan admins to:
- Grant administrative access to users to manage connectors and connection workflows only.
- Restrict access to admin capabilities in the admin center and governance capabilities in the governance center.
For more details, see Workflow admin.
You can currently reach out to your customer success manager to request this capability to be enabled in your Atlan workspace.
Assign a subrole
🤓 Who can do this? You will need to be an admin user in Atlan to assign an admin subrole.
Â
To assign an admin subrole:
- From the left menu of any screen in Atlan, click Admin.
- Under Workspace, click Users.
- To assign the workflow admin subrole, you can either:
- To assign the subrole to an existing user, navigate to any user and click the Role dropdown. In the Select Role dialog, click Workflow Admin and then click Update.
- To assign the subrole to a new user, follow the steps in How to invite new users without SSO. Change the role of the user to Workflow Admin and then click the Send Invite button.
Workflow admin
The workflow admin role is a subcategory of the admin role in Atlan. This admin subrole grants specific permissions for creating and managing connection workflows.
Permissions
A workflow admin has the following permissions and capabilities:
-
Connections:
- Create a new connection for supported sources
- View all connections
- Manage all connections from the Connections tab in the Governance center
- Edit an existing connection — the user must also be a connection admin for that specific connection or have a policy granting them access to the connection.
-
Workflows:
- Create and manage workflows from the Workflow center
- View all workflows and workflow runs
- Edit or delete any workflow credentials — connection admin access not required
- Run any workflow
- Add, remove, or edit schedules for any workflow
- The following capabilities work exactly as that of a member user:
- Asset search and discovery — can update metadata for assets in a connection that the workflow admin either created or was added to as a connection admin.
- Glossary — can view all glossaries but will require edit access through glossary policies. If glossary restrictions are in place, then the workflow admin will only be able to view the glossaries as per their glossary policies.
- Insights — requires data policies to query data and preview sample data.
- Reporting center — if enabled by admins, can view the assets, glossary, Insights, and usage and cost dashboards.
- Data products — requires domain policies to access domains and products.
Restrictions
A workflow admin has the following explicit restrictions:
- Can only access the Connections tab in the Governance center.
- Cannot delete any existing connections using the Connection Delete workflow.
- Cannot access or perform any actions in the Admin center.
- Is excluded from the default All Admins group in any workflow configuration.