How to Set Up Access Control
Controlling access to projects using roles and groups
Galileo supports fine-grained control over granting users different levels of access to the system, as well as organizing users into groups for easily sharing projects.
System-level Roles
There are 4 roles that a user can be assigned:
Admin – Full access to the organization, including viewing all projects.
Manager – Can add and remove users.
User – Can create, update, share, and delete projects and resources within projects.
Read-only – Cannot create, update, share, or delete any projects or resources. Limited to view-only permissions.
In chart form:
Admin | Manager | User | Read-only | |
---|---|---|---|---|
View all projects | ||||
Add/delete users | (excluding admins) | |||
Create groups, invite users to groups | ||||
Create/update projects | ||||
Share projects | ||||
View projects | (all) | (only shared) | (only shared) | (only shared) |
System-level roles are chosen when users are invited to Galileo:
Invite new users
Groups
Users can be organized into groups to streamline sharing projects.
There are 3 types of groups:
Public – Group and members are visible to everyone in the organization. Anyone can join.
Private – Group is visible to everyone in the organization. Members are kept private. Access is granted by a group maintainer.
Hidden – Group and its members are hidden from non-members in the organization. Access is granted by a group maintainer.
Within a group, each member has a group role:
Maintainer – Can add and remove members.
Member – Can view other members and shared projects.
Sharing Projects
By default, only a project’s creator (and managers and admins) have access to a project. Projects can be shared both with individual users and entire groups. Together, these are called collaborators. Collaborators can be added when you create a project:
Create a project with collaborators
Or anytime afterwards:
Share a project
Was this page helpful?