User Permissions
The user permissions define how users access the different functionalities and data as well as what they can do within Teneo. In the Teneo Platform, Studio user permissions and access roles for Log Data are all managed in Teneo Manager.
Teneo Studio
A regular user has access to Teneo Studio and the solutions contained in the Studio account, but solutions are displayed read only unless the user is the owner of the solution. A Studio user can become the solution owner either by creating the solution themselves or if they are added as solution owners of an existing solution. Below table intents to outline the available functionalities in Studio for a regular user depending if the user is solution owner or not.
| Area - Functionality | Regular user Not solution owner | Regular user Solution owner | Comment |
|---|---|---|---|
| Access Studio | ✔ | ✔ | |
| Open solution | ✔ | ✔ | |
| Edit/add documents | read-only access | ✔ | |
| Edit solution properties | read-only access | ✔ | Quality control requires separate permission |
| Resources | read-only access | ✔ | |
| Optimization | Suggestions ✔ Classifier ✕ Log Data ✕ Class Performance ✕ | Suggestions ✔ Classifier ✕ Log Data ✕ Class Performance ✔ | Access to Classifier and Log Data require separate permissions |
| Add content / Export | Add Content ✕ Import Lexical Resource ✕ Export language configuration ✕ Export ✕ | Add Content ✔ Import Lexical Resource ✕ Export language configuration ✕ Export ✕ | Import Lexical Resource, Export language config and Export require separate permissions |
| Auto-test | read-only access | ✔ | |
| Publish | Create Publish environment ✕ Publish to file ✕ Publish to production ✕ Modify Publish environment ✕ | Create Publish environment ✕ Publish to file ✕ Publish to production ✕ Modify Publish environment ✕ | Create Publish environment, Publish to file, Publish to production and Modify Publish environment require separate permissions |
| Class Manager | read-only access | ✔ | |
| Trigger Ordering | read-only access | ✔ | |
| History / Stable version | read-only access | ✔ | |
| Branching Include/Exclude | read-only access | ✔ | |
| Recycle Bin Restore documents | read-only access | ✔ | |
| Tryout Test inputs on latest/stable versions (includes viewing debug info/input/paths/etc.) | ✔ | ✔ |
User Permissions
Teneo Manager defines the following user permissions related to Teneo Studio which can be granted to a regular user.
| Permission | Allows to... | Comment |
|---|---|---|
| Teneo admin | Create and delete publish environment Import libraries Manage Account settings (see more info under Modify Account Settings further below) | In SaaS environments, the Teneo admin permission is restricted to Teneo admin users |
| Global (user) | Edit all solutions | A global (user) has access to all solutions in the environment including editing permissions for all the solutions, i.e., the Global permission provides the same options as the "Regular user - Solution owner" described in the table in the above section, with the only difference being that the Global user doesn't need to be the solution owner |
| Exporter | Export solutions | |
| Export IP setup | Export input processors of a solution | |
| Publish to file | Publish to war file | Requires the user to be either solution owner, Global or Teneo admin and has Publish to file permission |
| Publish to production | Publish to production | Allows to publish either the Stable or the Latest version of the solution to a production environment. Requires the user to be either solution owner, Global or Teneo admin and have Publish to production permission |
| Modify Publish Environment | Edit existing publish environment | Requires the user to be either solution owner, Global or Teneo admin and have the Modify Publish Environment permission |
| Modify Quality settings | Modify the Quality Control setting related to the publishing workflow (Solution Properties) | Requires the user to be either solution owner, Global or Teneo admin and have the Modify Quality settings permission |
| Modify Account Settings | Manage Settings (i.e., Azure OpenAI and CLU) | Users with this permission may manage the Azure OpenAI and/or CLU Settings of the account, note that the credentials cannot be read by any user neither in Teneo Studio frontend nor via the API (independently if this permission is granted or not) |
| Export as library | Export a solution in library format | Requires both Exporter and Export as library permissions |
| View libraries | Open a document (read-only) from an assigned library | |
| Delete libraries | Delete a library in the Studio account | Requires either Teneo Admin or Global and Delete libraries |
| Link LDSs | Link LDS to solution | User must be solution owner, have Teneo Admin or Global permission and Link LDS permission |
Log Data Sources
Access to data is for many companies a sensitive matter and therefore, within Teneo, specific permissions - or access roles - must be granted before a user is able to handle and/or access log data. Teneo Manager defines the following Permissions:
| Permission | Allows to... |
|---|---|
| Augmenter | The user can manage augmenters, i.e., add new augmenters, import/export, perform pending actions, etc. |
| Data | The user may manipulate data, i.e. manage existing saved results |
| Export | The user may export data sets |
| Importer | The user may import log data, i.e. allows to synchronize the log data in the backstage of the Log Data window |
| SysAdmin | The user may administrate the system; i.e. run queries, synchronize log data, manage augmenters, saved results and solutions for Engine matching |
| TQL | The user may run queries; i.e. allows to run queries in the Log Data window and provides access to the results in the Classifier when given in combination with the Data permission |
Shared Queries
Shared queries are shared at Log Data Source level which means that only users with access to the specific Log Data Source are able to see them; furthermore, the ability to create, edit, run, delete, and/or publish any shared queries depends on the assigned access role(s) of the user as well as whether the user is solution owner or not or if the user is Global.
The below table provides an overview of the allowed actions for shared queries based on the access role, note that the below table assumes the user is either Global user or Solution owner.
| Access role | Allows to... |
|---|---|
| Augmenter | Create Shared Queries |
| Data | Create, Edit, Delete and Publish Shared Queries |
| Exporter | Not applicable |
| Importer | Create Shared Queries |
| SysAdmin | Administrator of the system; may Create, Edit, Run, Delete and Publish Shared Queries |
| TQL | Create, Edit and Run Shared Queries Note: A regular user, not solution owner, with TQL access role can also Run Shared Queries |