The user permissions define how users access the different functionalities and data and what they can do within Teneo. In the Teneo Platform, Studio user permissions and access roles for Log Data are all managed in Teneo Manager.
When a new user is added to Teneo Manager, this user becomes a regular user, which can be described as a user with the "lowest" level of permissions, allowing to access Teneo Studio as described further in the below section.
A regular user can then be granted more permissions which can be handled at two levels: User level and Group level. The permissions available for User level and Group level are the same with the difference that any user/all users assigned to a group inherit the permissions granted to the group while permissions granted at User level are only applied to the selected user; more details about Users and Groups are available here.
A regular user has access to Teneo Studio and the solutions contained in the Studio account, but solutions are displayed read only unless the user is the owner of the solution. A Studio user can be the owner of a solution either by creating the solution or by being added as owner to an existing solution (learn more). The below table intents to outline the available functionalities in Teneo Studio for a regular user depending if the user is or not the solution owner.
|Area - Functionality||Regular user Not solution owner||Regular user Solution owner||Comment|
|Edit/add documents||read-only access||✔|
|Edit solution properties||read-only access||✔||Quality control requires separate permission|
|Optimization||Suggestions ✔ Classifier ✕ Log Data ✕ Class Performance ✕||Suggestions ✔ Classifier ✕ Log Data ✕ Class Performance ✔||Access to Classifier and Log Data require separate permissions|
|Add content / Export||Add Content ✕ Import Lexical Resource ✕ Export language configuration ✕ Export ✕||Add Content ✔ Import Lexical Resource ✕ Export language configuration ✕ Export ✕||Import Lexical Resource, Export language config and Export require separate permissions|
|Publish||Create Publish environment ✕ Publish to file ✕ Publish to production ✕ Modify Publish environment ✕||Create Publish environment ✕ Publish to file ✕ Publish to production ✕ Modify Publish environment ✕||Create Publish environment, Publish to file, Publish to production and Modify Publish environment require separate permissions|
|Class Manager||read-only access||✔|
|Trigger Ordering||read-only access||✔|
|History / Stable version||read-only access||✔|
|Branching Include/Exclude||read-only access||✔|
|Recycle Bin Restore documents||read-only access||✔|
|Tryout Test inputs on latest/stable versions (includes viewing debug info/input/paths/etc.)||✔||✔|
Teneo Manager defines the following user permissions related to Teneo Studio which can be granted to the (regular) user for access to the functionalities; please note that some of the functionalities which the permissions refer to are currently only available in Teneo Studio Desktop.
|Teneo admin||Create publish environment Import libraries Manage CLU Settings|
|Global (user)||Edit all solutions||A global (user) has access to all solutions in the environment including editing permissions for all the solutions, i.e., the Global permission provides the same options as the "Regular user - Solution owner" described in the table in the above section, with the only difference being that the Global user doesn't need to be the solution owner|
|Export IP setup||Export input processors of a solution|
|Publish to file||Publish to war file||Requires both Global and Publish to file permissions|
|Publish to production||Publish to production||Allows to publish either the Stable or the Latest version of the solution to a production environment|
|Modify Publish Environment||Modify existing publish environment||Requires both Global and Modify Publish Environment permissions|
|Modify Quality settings||Modify the Quality Control setting related to the publishing workflow (Solution Properties)||Requires both Global and Modify Quality settings permissions|
|Modify Account Settings||Manage CLU Settings||Users with this permission may manage the CLU Settings of the account, note that the CLU credentials cannot be read by any user neither in Teneo Studio frontend nor via the API (independently if this permission is granted or not)|
|Export as library||Export a solution in library format||Requires both Exporter and Export as library permissions|
|View libraries||Open a document (read-only) from an assigned library|
|Delete libraries||Delete a library in the Studio account||Requires either Teneo Admin or Global and Delete libraries|
|Link LDSs||Link LDS to solution||User must be solution owner, have Teneo Admin or Global permission and Link LDS permission|
Log Data Sources
Access to data is for many companies a sensitive matter and therefore, within Teneo, specific permissions - or access roles - must be granted for a user to be able to handled and/or access log data; this means that a regular user cannot access log data unless the user (or a group the user belongs to) has specific access roles granted for this purpose. Teneo Manager defines a series of access roles for Log Data as outlined in the below table.
|Augmenter||The user can manage augmenters, i.e., add new augmenters, import/export, perform pending actions, etc.|
|Data||The user may manipulate data, i.e. manage existing saved results|
|Export||The user may export data sets|
|Importer||The user may import log data, i.e. allows to synchronize the log data in the backstage of the Log Data window|
|SysAdmin||The user may administrate the system; i.e. run queries, synchronize log data, manage augmenters, saved results and solutions for Engine matching|
|TQL||The user may run queries; i.e. allows to run queries in the Log Data window and provides access to the results in the Classifier|
For more information, please see the Teneo Manager page.
Shared queries are shared at Log Data Source level which means that only users with access to the specific Log Data Source are able to see them; furthermore, the ability to create, edit, run, delete, and/or publish any shared queries depends on the assigned access role(s) of the user as well as whether the user is solution owner or not or if the user is Global.
The below table provides an overview of the allowed actions for shared queries based on the access role, note that the below table assumes the user is either Global user or Solution owner.
|Access role||Allows to...|
|Augmenter||Create Shared Queries|
|Data||Create, Edit, Delete and Publish Shared Queries|
|Importer||Create Shared Queries|
|SysAdmin||Create, Edit, Run, Delete and Publish Shared Queries|
|TQL||Create, Edit and Run Shared Queries Note: A regular user, not solution owner, with TQL access role can also Run Shared Queries|