User role descriptions
Hybrid Manager (HM) has two types of users: human users (native users or IDP users) and machine users.
You can assign any of the default roles to both types of users, except that only machine users can be estate ingesters.
The two main categories of roles are organization-level and project-level.
Organization-level roles
You can assign these roles to human or machine users using the User Management option of your user's avatar menu at the right of the top navigation bar in HM Console.
Organization administrator (admin)
This role provides read access at the organization level, allowing the user to view information and settings in the organization as a whole.
Organization owner (owner)
The purpose of this role is to manage the organization at a high level. Organization owners can create new projects and assign organization-level roles to other users.
Platform administrator (platform admin)
This role is for users who need to access and manage the underlying platform components of HM. They can access platform management and monitoring tools.
GenAI Builder user (GenAI Builder user)
This role is for users who work with the GenAI Builder feature of HM, granting them full access to its functions.
Project-level roles
These roles can be assigned to human or machine users (except for estate ingester). Select Users in the left navigation when viewing a project.
Project owner (owner)
In a specific project, the project owner has the highest level of authority. They can take all actions in that project and are responsible for assigning project-level roles to other users.
Project editor (editor)
This role is for users who need to actively work with the data in a project. Project editors have data read and write access.
Project viewer (viewer)
For users who only need to observe the data in a project, the project viewer role provides data read-only access.
Estate ingester (estate ingester)
This role is for machine users and provides access to perform estate ingests in a project.
Catalog data reader (catalog data reader)
Users with this role can read the Iceberg namespace/table/view of project-scoped catalogs.
Catalog data writer (catalog data writer)
This role allows users to read, write, and delete the Iceberg namespace/table/view of all project-scoped catalogs in a project.
Migration Portal projects owner
This role is for users who manage Migration Portal projects in an HM project. They can create, read, update, and delete these projects.
Migration Portal projects editor
Users with this role can read and update Migration Portal projects in an HM project.
Migration Portal projects viewer
This role provides read-only access to Migration Portal projects in an HM project.
- On this page
- Organization-level roles
- Project-level roles
← Prev
User roles and authorization
↑ Up
User roles and authorization
Next →
User role permissions by use case
Could this page be better? Report a problem or suggest an addition!