Configure Access in the Data Product App

Alation Cloud Service Applies to Alation Cloud Service instances of Alation

This topic provides an overview of the access control system in the Data Products App. It covers how to manage access and assign roles:

• Overview

• Default Role Assignment in the Data Products App

• Assign Marketplace Roles

• Assign Data Product Roles

• Assign Data Products App Roles

• Remove Roles from Users and Groups

• Data Product App Roles Hierarchy Across Levels

Overview

Access in the Data Products App is organized into three levels of scope:

• App-Level Roles—Control system-wide settings and governance.

• Marketplace-Level Roles—Control access and permissions within a single Marketplace.

• Data Product-Level Roles—Control access to individual data products.

Each level uses roles to scope access. These roles follow a hierarchical model: higher-level roles inherit all permissions from the roles below them. A user can hold one role per scope: one for the App, one for the Marketplace, and one for each data product. Roles define what a user can do within their assigned scope.

Note

Only Server Admins can manage global Data Product App settings. Roles at the Marketplace and data product levels must be granted by someone who already holds an Admin role within that scope.

Alation Licenses vs. Roles

In Alation, licenses and roles are separate, but both are required for access:

• Licenses (like Viewer, Creator) determine which features a user can access.

• Roles determine which actions a user is allowed to perform in the Data Products App.

For example, a user must have a Creator license and a Marketplace Publisher role to publish a data product. A user with a Product Admin role cannot make changes unless they also hold a license that includes access to the Data Products feature.

Default Role Assignment in the Data Products App

When the Data Products App is first enabled on your instance, users are assigned default access based on their existing Alation roles.

Alation Role	Default Access in Data Products App
Server Admin	Set up Marketplace
Catalog Admin	Set up Marketplace
Source Admin	Set up Marketplace
Composer	Set up Marketplace
Steward	Set up Marketplace
Explorer	No access
Viewer	No access

Important

The first user to set up the Marketplace becomes the initial Marketplace Admin. This user can assign other users to manage the Marketplace and configure access through Marketplace-level permissions.

Role Capabilities After Marketplace Setup

Once the Marketplace is set up, different roles have different levels of access. Users who are not Server Admins must be explicitly granted admin-level access in order to manage the Marketplace. Server Admins can manage Marketplace settings and permissions even after the initial setup.

Alation Role	Can Manage Marketplace?	Access Level
Server Admin	Yes	Full access, including permission management
Catalog Admin	No	Access to the Marketplace landing page and Manage My Data Products
Source Admin	No	Access to the Marketplace landing page and Manage My Data Products
Composer	No	Access to the Marketplace landing page and Manage My Data Products
Steward	No	Access to the Marketplace landing page and Manage My Data Products
Explorer	No	No access
Viewer	No	No access

After initial setup, the Marketplace Admin can assign roles to other users at all available scopes:

• Assign Marketplace Roles

• Assign Data Product Roles

• Assign Data Products App Roles

To remove a role from a user or group, see Remove Roles from Users and Groups.

Assign Marketplace Roles

Locate Marketplace Access Settings

To assign Marketplace roles, you must either:

• Be a Server Admin or

• Have Admin permissions for the Marketplace.

To open the Marketplace access settings:

1. In the left-side navigation, click the Data Products App icon. Expand the navigation panel if it’s collapsed.

2. Select Manage Marketplace to open the Marketplace settings page.

3. Click the Permissions tab. This tab allows you to:

   • Configure Marketplace Visibility

   • Assign Marketplace Roles to Users and Groups

   

Configure Marketplace Visibility

Choose the visibility level for the Marketplace:

• Public (default): Everyone can view the Marketplace and its listed data products. Only users with explicit roles (like Admin or Publisher) can make edits.

• Private: Only users with assigned roles (like Admin, Maintainer) can view or edit the Marketplace.

If you want all users to be able to browse the Marketplace but limit editing, leave the setting as Public.

Assign Marketplace Roles to Users and Groups

Marketplace roles determine what actions a user or group can perform within the Marketplace.

To assign a role:

1. Under the Permissions tab, locate the Marketplace Roles section.

2. Click Add User/Group.

3. In the Quick Search window, find and select a user or group. They’ll be added to the table with a default role of Viewer.

4. In the Marketplace Role column, click the dropdown next to the user or group and select the appropriate role. The selected role takes effect immediately after it is assigned.

   

Available Marketplace Roles

Marketplace Role	Permissions	Default for	License Required
Admin	Full control: update settings, delete Marketplace, assign roles. Sees the Manage Marketplace menu item in the left-side navigation.	Creator of the marketplace	Creator
Maintainer	Approve or unlist data products	None	Creator
Product Manager	View Marketplace usage data	None	Creator
Publisher	Request listing of data products	None	Creator
Viewer	View and search data products	Everyone	Viewer

Assign Data Product Roles

Locate Data Product Access Settings

To manage data product roles, you must either:

• Be the creator of the data product or

• Have admin-level permissions at a higher level in the access hierarchy.

To locate and manage data product permissions:

1. In the left-side navigation, click the Data Products App icon. Expand the navigation panel if it’s collapsed.

2. Select one of the following based on your access level:

   • Manage My Data Products: To manage data products you created or have edit access to.

   • Manage Marketplace: To manage data products if you have Marketplace Admin access.

3. In the Data Products table, find the data product you want to update. In the rightmost column for this data product, click the three-dot menu and select Manage Permissions. The screenshot below shows how to access Manage Permissions from My Data Products page.

   

Configure Data Product Visibility

In the Manage Product Permissions dialog, you can define whether the product is Public or Private:

• Public (default): Anyone with a link can view the data product. Only the creator and users with assigned roles can edit.

• Private: Only the creator and users with assigned roles can view and edit.

If your preferred access is Everyone can view; only Admins can edit, leave the setting as Public.

Note

Once a data product is listed in the Marketplace, anyone with access to the Marketplace can view it even if they don’t have direct product-level access.

Assign Data Product Roles to Users and Groups

Product-level roles are assigned individually per data product, regardless of Marketplace roles.

To assign data product roles:

1. Under the Product Roles section of the Manage Permissions dialog, click Add User/Group.

2. In the Quick Search window, search for a user or group. Click the name to add it to the Roles table. By default, all added users and groups are assigned the Viewer role.

3. In the Data Product Role column, use the dropdown to select the appropriate role.

4. Click Done. The selected role takes effect immediately.

   

Available Data Product Roles

Marketplace Role	Permissions	Default for	License Required
Admin	Full control over the product spec, versioning, and permissions	Creator of the product	Creator
Viewer	View the data product outside of a marketplace	Everyone	Viewer

Important

Marketplace visibility overrides data product visibility. If a data product is listed in a Marketplace, any user with Marketplace Viewer access can view the product even if they don’t have product-level permissions.

Assign Data Products App Roles

Locate App-Level Access Settings

To manage Data Products App-level roles, you must be an Alation Server Admin.

Follow these steps:

1. In the left-side navigation, click the Data Products App icon. Expand the navigation panel if it’s collapsed.

2. Select App Settings. This opens the Data Products App Settings page.

   

Set App Access Level

On the settings page, you can define whether access to the Data Products App is Public or Private:

• Public (default): Everyone can view the app, and anyone with the appropriate Alation license can create Marketplaces and data products. Only Server Admins and users with explicit permissions can manage app settings and roles.

• Private: Only Server Admins and users with explicit permissions can view the app, create Marketplaces and products, or manage settings and roles.

Choose Public if your preferred setting is Everyone can view; only Server Admins can edit. Select Private to restrict access to users with assigned roles only.

Assign Data Product App-Level Roles

App-level roles control what users can do across the entire Data Products App.

To assign an App-level role:

1. Under the App Roles section, click Add User/Group.

2. In the Quick Search window, find and select a user or group. The user or group is added to the Roles table with a default role of Viewer.

3. In the App Role column, click the dropdown and select the desired role. The selected role is applied immediately.

   

Available App-Level Roles

Role	Permissions	Default For	License Required
Admin	Manage roles, delete Marketplaces or data products, modify settings	Alation Server Admins	Creator
User	Create Marketplaces and data products	Everyone	Creator
Viewer	View content only (read-only access)	Everyone	Viewer

Remove Roles from Users and Groups

To remove a role at any level—App, Marketplace, or data product:

1. Open the appropriate Access Settings page:

   • Locate App-Level Access Settings

   • Locate Marketplace Access Settings

   • Locate Data Product Access Settings

2. In the Roles table, locate the user or group you want to remove.

3. In the rightmost column for this user or group, click Remove. If prompted, confirm the removal. The selected user or group will immediately lose access based on that role.

Data Product App Roles Hierarchy Across Levels

The Data Products App uses a three-level access model: App, Marketplace, and data product. These levels interact hierarchically:

• App-level Admins have the highest authority and can take ownership or reassign any resource if needed.

• Marketplace-level roles control what users can do within a specific Marketplace.

• Product-level roles are assigned individually and operate independently from Marketplace roles.

Best Practices for Assigning Data Product Roles

• Determine who will manage the Data Products App. Assign these responsibilities to Server Admins, as they can access all levels and reassign ownership when necessary.

• Decide who will manage the Marketplace. Marketplace Admins should be responsible for:

  • Managing Marketplace settings

  • Approving product listings

  • Assigning roles within the Marketplace

• Assign product-level permissions to data product owners. Each owner can decide who can view or edit their data products.

Understanding Access Issues

Because users can hold different roles at multiple levels, access is determined by the combined effect of their:

• Alation Role (Server Admin, Catalog Admin, Viewer, etc.)

• App Role (App Admin, Viewer)

• Marketplace Role (Marketplace Publisher, Product Manager, etc.)

• Data Product Role (Product Admin, Viewer)

If a user is missing access to certain features or user interface elements, check all four role types to troubleshoot the issue.

Some role combinations may not be valid. For example:

• A user with a Viewer Alation license cannot function as a Data Products App Admin. Only Server Admins can be assigned the App Admin role.