> For the complete documentation index, see [llms.txt](https://docs.truedat.io/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.truedat.io/administration/userroles.md).

# User roles

Truedat does not include any preconfigured roles. User roles are configured for each installation. You can create as many roles as needed and customize each with the relevant permissions. Permissions defined in a role apply only to users assigned that role in a domain and its descendant subdomains.

<figure><img src="/files/lkKkA3RdO18Ze6gHhr0g" alt=""><figcaption></figcaption></figure>

To create a new role, click the button and enter its name:

<figure><img src="/files/wxktMtOD1ZbW0EHurFSK" alt=""><figcaption></figcaption></figure>

Select a role to edit its assigned permissions. Click its name to rename it:

<figure><img src="/files/jjghcdLxwcdZTOsZPZ50" alt=""><figcaption></figcaption></figure>

Permissions in the application are divided into the following modules:

## **Business Glossary Management**

Assigning any of these permissions gives users access to **Business Glossary → Drafts**, where they manage the glossary.

* **Create business concepts**: allows users to create concepts and bulk-upload them using a CSV file.
* **Delete business concepts**: allows users to delete business concepts in Draft status.
* **Deprecate business concepts**: allows users to delete business concepts that have already been published.
* **Manage business concept links**: allows users to establish relationships between concepts. It also allows them to link concepts to Data Catalog structures.
* **Manage business concept domain**: allows users to modify a concept's assigned domain.
* **Manage confidential business concepts**: allows users to mark business terms as confidential and view them. This permission is required alongside relevant concept permissions. For example, viewing confidential concepts in a domain requires both **View concepts** and **Manage confidential business concepts**.
* **Publish business concepts**: allows users to publish concepts in Reviewing status.
* **Reject business concepts**: allows users to reject concepts in Reviewing status.
* **Request business concept approval**: allows users to submit concepts in Draft status for review and approval.
* **Share business concept with domain**: allows users to share a concept with another domain. This can be useful in multi-entity organizations.
* **Update business concepts**: allows users to edit concept details in Draft and Published status.
* **View business concepts pending approval**: allows users to view concepts submitted for approval.
* **View draft business concepts**: allows users to view concepts in Draft status.
* **View rejected business concepts**: allows users to view rejected concepts.

## **Business Glossary Visualization**

Allows users to view the glossary:

* **View published business concepts**: allows users to view published concepts.
* **View versioned business concepts**: allows users to view earlier versions of published concepts.

## **Dashboards**

* **View dashboard**: allows users to view the data governance dashboard.

## **Data Catalog**

Permissions for viewing and managing data structures in the Data Catalog:

* **Link structures**: allows users to link a structure to concepts and implementations. It also requires **Manage business concept links** or **Link implementations to structures**.
* **Link tags to structures**: allows users to link tags to Data Catalog structures. An administrator must create tags first.
* **Link structure to structure**: allows users to link structures from different systems and delete those links. This permission is required in both structures' domains.
* **Manage confidential structures**: allows users to view confidential structures and, depending on their other permissions, manage them.
* **Manage structure domain**: allows users to update structure domains individually or through bulk upload.
* **Execute structure profiling**: allows users to run ad hoc data profiling on a Data Catalog structure.
* **View structures**: allows users to view Data Catalog structures.
* **View structure profiling**: allows users to view a structure's data profile, when available.
* **View protected metadata**: allows users to view metadata loaded into the Data Catalog as protected.
* **View note**: allows users to view the latest version of a note with functional metadata.
* **View notes history**: allows users to view earlier versions of a structure's notes.

## **Data Catalog structure notes**

Permissions for viewing and managing data-structure notes in the Data Catalog:

* **Create note**: allows users to create notes with functional metadata.
* **Delete note**: allows users to delete notes in Draft status.
* **Deprecate note**: allows users to delete published notes.
* **Edit note**: allows users to edit notes in Draft status. For published notes, it allows users to create a new version.
* **Publish note**: allows users to publish notes in Pending approval status.
* **Publish note from draft**: allows users to publish notes directly from Draft status without using the approval workflow.
* **Reject note**: allows users to reject notes sent for review.
* **Send note to approval**: to submit a draft note for review and approval.
* **Un-reject note**: allows users to return a rejected note to Draft status for editing and correction.

## **Data Quality**

* **Manage rules**: allows users to create, modify, and delete quality rules.
* **View quality**: allows users to view quality rules, published quality implementations, and the quality dashboard.

## **Quality Implementations Workflow**

* **Manage basic implementations**: allows users to create, modify, and delete basic quality implementations in Draft, Pending approval, or Rejected status. This permission is also required to upload implementations using a CSV file.
* **Manage form implementations**: allows users to create implementations using the multi-step form and modify or delete them in Draft, Pending approval, or Rejected status.
* **Manage native implementations**: allows users to create, modify, and delete native quality implementations in Draft, Pending approval, or Rejected status.
* **Manage implementations without rule**: is required alongside the permissions above to work with implementations not linked to a quality rule.
* **Review implementations**: allows users to review submitted implementations and publish or reject them. It also allows users to deprecate published implementations, restore archived implementations to Published status, or delete them permanently.

## **Quality Implementations Additional Actions**

* **Execute quality implementations**: allows users to run quality implementations on demand.
* **Link implementations to concepts**: allows users to link a quality implementation to a concept.
* **Link implementations to structures**: allows users to link a quality implementation to a data structure.
* **Manage remediation plans**: allows users to create and edit remediation plans linked to an implementation execution.
* **Manage quality execution results**: allows users to upload quality results using a CSV file.
* **Manage implementation segments**: when creating a form implementation, allows users to set segmentation criteria for drilling down results.

## Grants

* **Create grant request**: allows users to request access to data structures and modify existing grants.
* **Allow grant requests from third parties**: allows other users to request access on your behalf.
* **Create grant requests for third parties**: allows users to request access on behalf of another user.
* **Request grant removal**: allows users to request removal of data access. Requests from users with this permission do not require approval. Other users can request removal of their access, but a user with **Approve grant request** must approve it.
* **Request grant removal for third parties**: allows users to request removal of another user's grant. Requests do not require approval when the user also has **Request grant removal**.
* **View grants**: allows users to view granted access.

## Grants Management

* **Approve grant request**: allows users to approve or reject access requests and requests to modify or remove granted access.
* **Manage grants**: allows users to create, modify, and revoke grants.

## Lineage

* **View lineage**: allows users to view lineage in the Lineage module and from Data Catalog structures.

## **Taxonomy Structure**

Permissions for managing the taxonomy and data domains:

* Create domains
* Delete domains
* Modify domains
* View domains

## **Taxonomy Membership**

Permissions for managing user role assignments in a domain:

* Assign a role to a user or group in a domain
* Delete a user or group's role from a domain
* Update a user or group's role in a domain

## AI Agents

Permissions for using AI-supported functionality:

* Concept content suggestions
* Note content suggestions
* Link suggestions: allows users to request links between concepts and structures from either item.

\
**Default role**
----------------

A role can be designated as the platform's default role. Only one role can be the default. Its permissions apply when users query domains where they have no assigned role. When users have an assigned role in a domain, its permissions are added to those of the default role.

![](/files/-MKFpH5BZ6WuJAR_GpKy)

If no default role exists and a user has no role in any domain, they see a message when entering the application. The message instructs them to contact an administrator for the necessary permissions. Each installation can customize this message with the appropriate contact details.

![](/files/-MKFpH50I0PtI3LY568f)

## **Navigation menu**

Menu options depend on a user's permissions across modules. A menu option is visible when the user has at least one permission in that module for any domain. Otherwise, the option remains hidden. Users cannot perform actions or view information without the required permissions.
