Galileo supports fine-grained control over granting users different levels of access to the system, as well as organizing users into groups for easily sharing projects.

System-level Roles

There are 4 roles that a user can be assigned: Admin – Full access to the organization, including viewing all projects. Manager – Can add and remove users. User – Can create, update, share, and delete projects and resources within projects. Read-only – Cannot create, update, share, or delete any projects or resources. Limited to view-only permissions. In chart form:
AdminManagerUserRead-only
View all projects
Add/delete users (excluding admins)
Create groups, invite users to groups
Create/update projects
Share projects
View projects (all) (only shared) (only shared) (only shared)
System-level roles are chosen when users are invited to Galileo:

Invite new users

Groups

Users can be organized into groups to streamline sharing projects. There are 3 types of groups: Public – Group and members are visible to everyone in the organization. Anyone can join. Private – Group is visible to everyone in the organization. Members are kept private. Access is granted by a group maintainer. Hidden – Group and its members are hidden from non-members in the organization. Access is granted by a group maintainer. Within a group, each member has a group role: Maintainer – Can add and remove members. Member – Can view other members and shared projects.

Sharing Projects

By default, only a project’s creator (and managers and admins) have access to a project. Projects can be shared both with individual users and entire groups. Together, these are called collaborators. Collaborators can be added when you create a project:

Create a project with collaborators

Or anytime afterwards:

Share a project