Skip to content

chore(UPM-61578): Fixed HM role names #7030

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
crudo wants to merge 2 commits into
base: develop
Choose a base branch
from
Open

chore(UPM-61578): Fixed HM role names #7030

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
f16910f
chore(UPM-61578): Fixed HM role names
Dec 3, 2025
411d5ec
chore(UPM-61578): rollback HM 1.2 doc change; add preview doc change …
xugy99 Dec 4, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 5 additions & 5 deletions ...2/hybrid-manager/using_hybrid_manager/managing_users/user_roles_authz/roles.mdx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -38,12 +38,12 @@ These roles can be assigned to human or machine users (except for estate ingeste

### Project owner (owner)

In a specific project, the project owner has the highest level of authority.
In a specific project, the project owner has the highest level of authority.
They can take all actions in that project and are responsible for assigning project-level roles to other users.

### Project editor (editor)

This role is for users who need to actively work with the data in a project.
This role is for users who need to actively work with the data in a project.
Project editors have data read and write access.

### Project viewer (viewer)
Expand All @@ -54,11 +54,11 @@ For users who only need to observe the data in a project, the project viewer rol

This role is for machine users and provides access to perform estate ingests in a project.

### Catalog data reader (catalog data reader)
### Catalog Data data reader (catalog data reader)

Users with this role can read the Iceberg namespace/table/view of project-scoped catalogs.

### Catalog data writer (catalog data writer)
### Catalog Data data writer (catalog data writer)

This role allows users to read, write, and delete the Iceberg namespace/table/view of all project-scoped catalogs in a project.

Expand All @@ -73,4 +73,4 @@ Users with this role can read and update Migration Portal projects in an HM proj

### Migration Portal projects viewer

This role provides read-only access to Migration Portal projects in an HM project.
This role provides read-only access to Migration Portal projects in an HM project.
53 changes: 28 additions & 25 deletions ...w/hybrid-manager/using_hybrid_manager/managing_users/user_roles_authz/authz.mdx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,32 +6,35 @@ description: See what the predefined Hybrid Manager user roles are authorized to

Authorization of these user roles follows a role-based access control (RBAC) model with the restrictions applying to a specific scope—either within one project or within one account.

The following list doesn't cover Postgres cluster database authorization.
The following list doesn't cover Postgres cluster database authorization.

Currently, you can't create custom roles. Only these 11 predefined roles are available.

| Permissions | Org admin | Org owner | Platform admin | GenAI Builder user | Project owner | Project editor | Project viewer | Estate ingester | Catalog data reader | Catalog data writer |
| -------- | -------- | -------- | -------- | -------- | -------- | -------- | -------- | -------- | -------- | -------- |
| Access GenAI Builder (launchpad) | | | | X | | | | | | |
| Configure GenAI Builder | | | X | | | | | | | |
| Access Ops apps (launchpad) | | | X | | | | | | | |
| View projects within the org | X | X | | | | | | | | |
| Update and delete projects | | X | | | | | | | | |
| View roles assigned at the project level | X | X | | | X | X | | | | |
| View activity log for the org | X | X | | | | | | | | |
| View and download usage report for the project | | X | | | X | X | | | | |
| View and download usage report the the org | X | X | | | | | | | | |
| Create projects within the org | | X | | | | | | | | |
| Assign project roles | | X | | | X | | | | | |
| Create, edit, and delete clusters | | | | | X | X | | | | |
| View clusters, backups, estates, and migrations | | | | | X | X | X | | | |
| Assign org roles | | X | | | | | | | | |
| View activity log for the project| | X | | | X | X | | | | |
| View, edit, and delete owned projects| | | | | X | | | | | |
| Ingest self-managed Postgres cluster data | | | | | | | | X* | | |
| Create, update, and delete catalog | | | | | X | X | | | | |
| Read catalog | | | | | | | X | | | |
| Read Iceberg data | | | | | | | | | X | X |
| Write and delete Iceberg data| | | | | | | | | | X |
| Permissions | Organization Administrator | Organization Owner | Platform Admin | Project Owner | Project Editor | Project Viewer | Estate Ingester | GenAI Builder Editor | Catalog Data reader | Catalog Data writer | Migration Portal Projects Owner | Migration Portal Projects Editor | Migration Portal Projects Viewer |
|------------------------------------------------------------|----------------------------|--------------------|----------------|---------------|----------------|----------------|-----------------|----------------------|---------------------|---------------------|---------------------------------|----------------------------------|----------------------------------|
| Access GenAI Builder | | | | | | | | X | | | | | |
| Configure GenAI Builder | | | | X | | | | | | | | | |
| Access Ops apps (launchpad) | | | X | | | | | | | | | | |
| View projects within the org | X | X | | | | | | | | | | | |
| Update and delete projects | | X | | | | | | | | | | | |
| View roles assigned at the project level | X | X | | X | X | | | | | | | | |
| View activity log for the org | X | X | | | | | | | | | | | |
| View and download usage report for the project | | X | | X | X | | | | | | | | |
| View and download usage report the the org | X | X | | | | | | | | | | | |
| Create projects within the org | | X | | | | | | | | | | | |
| Assign project roles | | X | | X | | | | | | | | | |
| Create, edit, and delete clusters | | | | X | X | | | | | | | | |
| View clusters, backups, estates, and migrations | | | | X | X | X | | | | | | | |
| Assign org roles | | X | | | | | | | | | | | |
| View activity log for the project | | X | | X | X | | | | | | | | |
| View, edit, and delete owned projects | | | | X | | | | | | | | | |
| Ingest self-managed Postgres cluster data | | | | | | | X* | | | | | | |
| Create, update, and delete catalog | | | | X | X | | | | | | | | |
| Read catalog | | | | | | X | | | | | | | |
| Read Iceberg data | | | | | | | | | X | X | | | |
| Write and delete Iceberg data | | | | | | | | | | X | | | |
| View Migration Portal projects | | | | | | | | | | | X | X | X |
| View and update Migration Portal projects | | | | | | | | | | | | X | X |
| View, update, create, and delete Migration Portal projects | | | | | | | | | | | | | X |

* Only machine-users can be assigned to ingest self-managed cluster data.
* Only machine-users can be assigned to ingest self-managed cluster data.
34 changes: 17 additions & 17 deletions ...w/hybrid-manager/using_hybrid_manager/managing_users/user_roles_authz/roles.mdx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,63 +14,63 @@ The two main categories of roles are organization-level and project-level.

You can assign these roles to human or machine users using the **User Management** option of your user profile menu at the top-right of the navigation bar in the HM console.

### Organization administrator (admin)
### Organization Administrator

This role provides read access at the organization level, allowing the user to view information and settings in the organization as a whole.

### Organization owner (owner)
### Organization Owner

The purpose of this role is to manage the organization at a high level.
Organization owners can create projects and assign organization-level roles to other users.

### Platform administrator (platform admin)
### Platform Administrator

This role is for users who need to access and manage the underlying platform components of HM.
They can access platform management and monitoring tools.

### GenAI Builder user (GenAI Builder user)
### AI Model Manager

This role is for users who work with the GenAI Builder feature of HM, granting them full access to its functions.
This role is for users who work with the AI model and model service feature of HM, granting them full access to its functions.

## Project-level roles

These roles can be assigned to human or machine users (except for estate ingester). Select **Users** in the left navigation when viewing a project.

### Project owner (owner)
### Project Owner

In a specific project, the project owner has the highest level of authority.
In a specific project, the project owner has the highest level of authority.
They can take all actions in that project and are responsible for assigning project-level roles to other users.

### Project editor (editor)
### Project Editor

This role is for users who need to actively work with the data in a project.
This role is for users who need to actively work with the data in a project.
Project editors have data read and write access.

### Project viewer (viewer)
### Project Viewer

For users who only need to observe the data in a project, the project viewer role provides data read-only access.

### Estate ingester (estate ingester)
### Estate Ingester

This role is for machine users and provides access to perform estate ingests in a project.

### Catalog data reader (catalog data reader)
### Catalog Data Reader

Users with this role can read the Iceberg namespace/table/view of project-scoped catalogs.

### Catalog data writer (catalog data writer)
### Catalog Data Writer

This role allows users to read, write, and delete the Iceberg namespace/table/view of all project-scoped catalogs in a project.

### Migration Portal projects owner
### Migration Portal Projects Owner

This role is for users who manage Migration Portal projects in an HM project.
They can create, read, update, and delete these projects.

### Migration Portal projects editor
### Migration Portal Projects Editor

Users with this role can read and update Migration Portal projects in an HM project.

### Migration Portal projects viewer
### Migration Portal Projects Viewer

This role provides read-only access to Migration Portal projects in an HM project.
This role provides read-only access to Migration Portal projects in an HM project.