Enable role-based authorization
| To use role-based authorization, you must have configured authentication with Management Center (MC). Learn how to do this. |
Flow uses role-based authorization to control which users can perform which tasks.
Flow roles
Roles are used to grant permissions to users, which allow users to perform different actions on the Flow platform.
Flow roles and corresponding authorities can be found below:
| Role | Granted Authorities |
|---|---|
Admin |
Everything |
Viewer |
BrowseCatalog |
MetricsViewer |
ViewMetrics |
QueryRunner |
RunQuery |
PlatformManager |
CancelQuery, |
Permissions
To perform an activity, users must be associated with a role that grants the related authority.
| Activity | Required permission |
|---|---|
Issue a query through the UI |
RunQuery |
Issue a query through the API |
RunQuery |
Cancel a running query |
CancelQuery |
Browse the query history in the UI |
ViewQueryHistory |
View the results of historic queries |
ViewHistoricQueryResults |
Browse the data catalog |
BrowseCatalog |
View the registered schemas |
BrowseSchema |
Modify a catalog entry |
EditSchema |
Import a new schema through the schema importer UI |
EditSchema |
List pipelines |
ViewPipelines |
Add a new pipeline |
EditPipelines |
Edit an existing pipeline |
EditPipelines |
View authentication tokens Flow uses in requests |
ViewAuthenticationTokens |
Edit authentication tokens Flow uses in requests |
EditAuthenticationTokens |
View configured data sources |
ViewConnections |
Edit configured data sources |
EditConnections |
Assign users to roles
Since authentication is done via MC, users must already have MC roles assigned. Once a user has a valid MC role, the user will have the corresponding role in Flow. The role mapping can be found here.
If a user does not have any roles in MC, they will not have a corresponding role in Flow, meaning a logged-in user will not be able to do anything and will see a blank navigation bar.
