Through Treasure Data's policies and permissions, you can easily control who can and cannot access folders and their data. Administrators need to configurethe folder permissions of a parent segment in Data Workbench.
Folder-based permissions include two permission types:
- View permission : Allows users to view the information and content of an entity in the folder (for example, segment, funnel, predictive scoring).
- Full Control permission : Allows users to read, create, update, and delete any entity in a folder. A user with Full Control permission for a parent folder can also create subfolders in the parent folder.
Folder-based permissions characteristics:
A security policy is applied at the folder level; the child folder recursively inherits permissions assigned to a user at the parent folder.
Users can be assigned either View permission or Full-control permissions to a folder. That permission applies to every entity included in a folder, regardless of entity type (for example, segment, funnel, predictive scoring, and so on).
The policy-based database permissions policy is additive.
Example
If a user has Full Control permission for a parent folder, the user automatically gets Full Control permission for all the child folders. However, If an administrator assigns view permissions for one of the child folders to the user with another policy, the user still has Full Control permission for the child folders.
- Log in to the TD Console.
- Navigate to Control Panel > Policies.
- Select a policy.
- Select the Permissions tab and scroll down to Audience Studio.
- Select a parent segment and then select Add.
- To update the parent segment, select the pencil icon to make edits.
A pop-up displays all of the folders associated with the parent segment.
- Choose one of the following:
Set permissions for All Segment Folders (including child folders) in the selected segment.
To set all folders for Audience Studio, select the root folder.Select a folder and then set permissions.
- Select Save to apply your permissions.
The following table lists the actions enabled for permission.
| Permissions Options | Description |
|---|---|
| Full Control | Create, read, update, and delete capabilities of a folder, all children folders, and all entities in any folder. If the user does not have the Full Control permission of its parent folder, it cannot create a new sibling folder. The user cannot grant permissions to other users; only a TD administrator can grant permissions. |
| View | View the folder and have view access to folder entities. |