Global and dataset roles and permissions (#868)

* global roles and permissions

* updated for dataset roles

* update internal links

* replace "As an Admin..."

* add release notes

* adjustments

* adjustments per suggestion

* fix links

README.md

@@ -104,6 +104,8 @@ Soda uses the [Splunk Style Guide](https://docs.splunk.com/Documentation/StyleGu
 - Include diagrams.
 - Do not use "Note:" callout boxes. Exception: banner message to indicate deprecated tools or features. 
 - Use \_includes rather than repeat or re-explain something. Refer to <a href="https://jekyllrb.com/docs/includes/" target="_blank">Jekyll Includes</a>.
+- Avoid writing "Soda recommends..." as it has potential legal ramifications. Instead, use something like, "Best practice recommends..."
+- Do not refer to Soda, the product, as "we". If the software is doing something, then refer to it as Soda. For example, "Soda collect 100 failed row samples by default." not, "We collect 100 failed row samples by default."
 
 ### Formatting
 - Use **bold** for the first time you mention a product name or feature in a document or to identify a **Tip:** for using a feature. Otherwise, use it sparingly. Too much bold font renders the format meaningless.

_data/nav.yml

@@ -108,10 +108,10 @@
     page: soda-cloud/organize-datasets.md
   - subtitle: Create and track incidents
     page: soda-cloud/incidents.md
-  - subtitle: Manage account roles
-    page: soda-cloud/roles-and-rights.md
-  - subtitle: Manage resource permissions
-    page: soda-cloud/roles-resources.md
+  - subtitle: Manage global roles and user groups
+    page: soda-cloud/roles-global.md
+  - subtitle: Manage dataset roles
+    page: soda-cloud/roles-dataset.md
 
 - title: Integrate Soda
   page: soda/integrate-alation.md

_includes/ad-hoc-scan.md

@@ -1,5 +1,5 @@
 If you wish to run a scan immediately to see the scan results for the checks you included in your agreement, you can run an ad hoc scan from the scan definition.
 
-1. As an Admin in your Soda Cloud account, navigate to **Scans**.
+1. As a user with the [permission]({% link soda-cloud/roles-global.md %}#global-roles-and-permissions) to do so in your Soda Cloud account, navigate to **Scans**.
 2. In the list of scan definitions, click the one that is associated with your agreement. If you don't know which scan definition your agreement uses, navigate to **Agreements**, select your agreement, then find the name of the scan definition in the upper-left tile.
 3. In the scan definition page, click **Run Scan** to immediately execute all agreements and checks that use this scan definition.

_includes/disable-all-samples.md

@@ -1,6 +1,6 @@
 To prevent Soda Cloud from receiving any sample data or failed row samples for any datasets in any data sources to which you have connected your Soda Cloud account, proceed as follows:
 
-1. As an Admin, log in to your Soda Cloud account and navigate to **your avatar** > **Organization Settings**.
+1. As a user with [permission]({% link soda-cloud/roles-global.md %}#global-roles-and-permissions) to do so, log in to your Soda Cloud account and navigate to **your avatar** > **Organization Settings**.
 2. In the **Organization** tab, uncheck the box to **Allow Soda to collect sample data and failed row samples for all datasets**, then **Save**. 
 
 Alternatively, if you use Soda Library, you can adjust the configuration in your `configuration.yml` to disable all samples for an individual data source, as in the following example.

_includes/integrate-slack-steps.md

@@ -1,4 +1,4 @@
-As an [Admin]({% link soda-cloud/roles-and-rights.md %}) on your Soda Cloud account, integrate your Slack workspace in your **Soda Cloud** account so that Soda Cloud can interact with individuals and channels in the workspace. Use the Slack integration to:
+As a user with permission to do so in your Soda Cloud account, you can integrate your Slack workspace in your **Soda Cloud** account so that Soda Cloud can interact with individuals and channels in the workspace. Use the Slack integration to:
 
 * send notifications to Slack when a check result triggers an alert
 * create a private channel whenever you open new incident to investigate a failed check result

_release-notes/audit-trail.md

@@ -4,5 +4,5 @@ date: 2021-12-06
 products:
   - soda-cloud
 ---
-As a Soda Cloud Admin, you can download an Audit Trail that records the activities of all of the users in your Soda Cloud account. 
-Read the [Download an audit trail docs]({% link soda-cloud/roles-and-rights.md %}#download-an-audit-trail) to learn more.
+, you can download an Audit Trail that records the activities of all of the users in your Soda Cloud account. 
+Read the [Download an audit trail docs]({% link soda-cloud/roles-global.md %}#access-an-audit-trail) to learn more.

_release-notes/authorization.md

@@ -5,4 +5,4 @@ products:
   - soda-cloud
 ---
 Role-based user access control support is now available for Soda Cloud. 
-Read the [Roles and rights docs]({% link soda-cloud/roles-and-rights.md %}) to learn more.
+Read the Roles and rights docs to learn more.

_release-notes/change-default-access-settings.md

@@ -5,4 +5,4 @@ products:
   - soda-cloud
 ---
 
-Change the default access settings for new datasets in to Soda Cloud. Access the [Change the default access to datasets]({% link soda-cloud/roles-and-rights.md %}#change-the-default-access-to-datasets) section in our documentation to learn more.
+Change the default access settings for new datasets in to Soda Cloud. Access the Change the default access to datasets section in our documentation to learn more.

_release-notes/default-role-datasets.md

@@ -7,4 +7,4 @@ products:
 
 For datasets that are newly added to Soda Cloud, Soda Admins can define the default responsibility given to the data owner, either **Manager** or **Editor**.
 
-Read more in [Roles and Rights in Soda Cloud]({% link soda-cloud/roles-and-rights.md %}#change-the-default-access-to-datasets).
+Read more in [Roles and Rights in Soda Cloud]({% link soda-cloud/roles-global.md %}).

_release-notes/regions-and-multi-org.md

@@ -5,5 +5,5 @@ products:
   - soda-cloud
 ---
 
-* Soda Cloud users may set up [multiple Soda Cloud organizations]({% link soda-cloud/roles-and-rights.md %}#add-multiple-organizations) for use with different environments in a network infrastructure, such as staging and production.
+* Soda Cloud users may set up [multiple Soda Cloud organizations]({% link soda-cloud/roles-global.md %}) for use with different environments in a network infrastructure, such as staging and production.
 * New Soda Cloud users must select a region in which to store their account data when creating a Soda Cloud account.

_release-notes/roles-global-dataset.md

@@ -0,0 +1,13 @@
+---
+name: "Introducing custom roles"
+date: 2024-09-26
+products:
+  - soda-cloud
+---
+
+To manage the actions of users that belong to a single organization, Soda Cloud uses roles, groups, and access permissions. These roles and groups and their associated permissions enforce limits on the abilities for users to access or make changes to resources, or to make additions and changes to organization settings and default access permissions.
+
+New in Soda Cloud, you can create and edit new global or dataset roles to customize access to resources and functionalities in your organization.
+
+See: [Manage global roles, user groups, and settings]({% link soda-cloud/roles-global.md %})<br />
+See: [Manage dataset roles]({% link soda-cloud/roles-dataset.md %})

_release-notes/user-groups.md

@@ -7,4 +7,4 @@ products:
 
 Create user groups in Soda Cloud to manage role-based permissions (**Admin**, **Manager**, **Editor**, **Viewer**) to resources. Once created, assign role-based permission to access a dataset to user groups, or assign user groups as alert notification rules recipients, and more. 
 
-Refer to [Create custom user groups]({% link soda-cloud/roles-and-rights.md %}#create-custom-user-groups) for details.
+Refer to [Create custom user groups]({% link soda-cloud/roles-global.md %}#manage-user-groups) for details.

api-docs/openapi_backend_publicapi_v1.yaml

@@ -488,7 +488,7 @@ paths:
 
         ## Authorization
 
-        Only Soda Cloud Admins may execute this query. See [Soda Cloud roles and rights](https://docs.soda.io/soda-cloud/roles-and-rights.html) for more information.
+        Only Soda Cloud Admins may execute this query. See Soda Cloud roles and rights for more information.
 
         ## Tags
 
@@ -584,7 +584,7 @@ paths:
 
         ## Authorization
 
-        Only Soda Cloud Admins may execute this query. See [Soda Cloud roles and rights](https://docs.soda.io/soda-cloud/roles-and-rights.html) for more information.
+        Only Soda Cloud Admins may execute this query. See Soda Cloud roles and rights for more information.
 
         ## Tags
 

index.html

@@ -37,7 +37,7 @@ <h2>Get started</h2>
                 <div>
                     <img src="/assets/images/icons/[email protected]" width="54" height="40">
                     <h2>What's new?</h2>
-                    <a href="/soda-cloud/roles-and-rights.html#create-custom-user-groups">Create user groups</a>  
+                    <a href="/soda-cloud/roles-global#create-custom-user-groups">Create user groups</a>  
                     <a href="/soda-cloud/anomaly-dashboard.html">Anomaly detection dashboards</a> 
                     <a href="/soda-cl/anomaly-detection.html">Anomaly detection</a> 
                     <a href="/soda-agent/managed-agent.html">Set up Soda-hosted Agent</a>                                    

soda-agent/deploy.md

@@ -1354,7 +1354,7 @@ This tab is the fifth step in the guided workflow if the **5. Check** tab is abs
 | Field or Label | Guidance | 
 |----------------|----------|
 | Data Source Owner | The Data Source Owner maintains the connection details and settings for this data source and its Default Scan Definition. |
-| Default Dataset Owner | The Datasets Owner is the user who, by default, becomes the owner of each dataset the Default Scan discovers. Refer to [Manage roles and permissions in Soda Cloud]({% link soda-cloud/roles-and-rights.md %}) to learn how to adjust the Dataset Owner of individual datasets.|
+| Default Dataset Owner | The Datasets Owner is the user who, by default, becomes the owner of each dataset the Default Scan discovers. Refer to [Manage roles and permissions in Soda Cloud]({% link soda-cloud/roles-global.md %}#data-source-dataset-agreement-and-check-owners) to learn how to adjust the Dataset Owner of individual datasets.|
 
 <br />
 

soda-agent/managed-agent.md

@@ -138,7 +138,7 @@ This tab is the fifth step in the guided workflow if the **5. Check** tab is abs
 | Field or Label | Guidance | 
 |----------------|----------|
 | Data Source Owner | The Data Source Owner maintains the connection details and settings for this data source and its Default Scan Definition. |
-| Default Dataset Owner | The Datasets Owner is the user who, by default, becomes the owner of each dataset the Default Scan discovers. Refer to [Manage roles and permissions in Soda Cloud]({% link soda-cloud/roles-and-rights.md %}) to learn how to adjust the Dataset Owner of individual datasets.|
+| Default Dataset Owner | The Datasets Owner is the user who, by default, becomes the owner of each dataset the Default Scan discovers. Refer to [Manage roles and permissions in Soda Cloud]({% link soda-cloud/roles-global.md %}#data-source-dataset-agreement-and-check-owners) to learn how to adjust the Dataset Owner of individual datasets.|
 
 <br />
 

soda-cl/check-attributes.md

@@ -8,7 +8,7 @@ parent: Organize, alert, investigate
 # Add check attributes
 *Last modified on {% last_modified_at %}*
 
-As a Soda Cloud Admin user, you can define **check attributes** that your team can apply to checks when they write them.
+As user with [permission]({% link soda-cloud/roles-global.md %}#global-roles-and-permissions) to do so, you can define **check attributes** that your team can apply to checks when they write them.
 {% include code-header.html %}
 ```yaml
 checks for dim_product:
@@ -38,11 +38,11 @@ Use attributes to organize your checks and alert notifications in Soda Cloud.
 
 ## Prerequisites
 
-* To *define* new check attributes, you must have [Admin permissions]({% link soda-cloud/roles-and-rights.md %}) on your Soda Cloud account. Any Soda Cloud user or Soda Library user can *apply* existing attributes to new or existing checks.
+* To *define* new check attributes, you must have the permission to do so on your Soda Cloud account. Any Soda Cloud user or Soda Library user can *apply* existing attributes to new or existing checks.
 
 ## Define a check attribute
 
-Note that you can only define or edit check attributes as an [Admin]({% link soda-cloud/roles-and-rights.md %}) in Soda Cloud. You cannot define new attributes in Soda Library. Once defined in Soda Cloud, any Soda Cloud or Soda Library user can [apply the attribute](#apply-an-attribute-to-one-or-more-checks) to new or existing checks.
+Note that you can only define or edit check attributes as a user with [permission]({% link soda-cloud/roles-global.md %}) to do so in Soda Cloud. You cannot define new attributes in Soda Library. Once defined in Soda Cloud, any Soda Cloud or Soda Library user can [apply the attribute](#apply-an-attribute-to-one-or-more-checks) to new or existing checks.
 
 1. In your Soda Cloud account, navigate to **your avatar** > **Attributes** > **New Attribute**. 
 2. Follow the guided steps to create the new attribute. Use the details below for insight into the values to enter in the fields in the guided steps. 

soda-cl/failed-row-samples.md

@@ -260,7 +260,7 @@ See also: [Configuration and setting hierarchy](#configuration-and-setting-hiera
 
 If your data contains sensitive or private information, you may *not* want to collect any failed row samples, whatsoever. In such a circumstance, you can disable the collection of failed row samples completely. To prevent Soda Cloud from receiving any sample data or failed row samples for any datasets in any data sources to which you have connected your Soda Cloud account, proceed as follows:
 
-1. As an Admin, log in to your Soda Cloud account and navigate to **your avatar** > **Organization Settings**.
+1. As a user with [permission]({% link soda-cloud/roles-global.md %}#global-roles-and-permissions) to do so, log in to your Soda Cloud account and navigate to **your avatar** > **Organization Settings**.
 2. In the **Organization** tab, uncheck the box to **Allow Soda to collect sample data and failed row samples for all datasets**, then **Save**. <br />
 ![disable-all](/assets/images/disable-all.png){:height="450px" width="450px"}
 

soda-cl/failed-rows-checks.md

@@ -50,7 +50,7 @@ checks for dim_customer:
 
 To send failed rows samples to Soda Cloud, samples collection must be enabled in Soda Cloud. 
 
-As a Soda Cloud Admin, navigate to **your avatar** > **Organization Settings**, then check the box to **Allow Soda to collect sample data and failed row samples for all datasets**. 
+As a user with [permission]({% link soda-cloud/roles-global.md %}#global-roles-and-permissions) to do so, navigate to **your avatar** > **Organization Settings**, then check the box to **Allow Soda to collect sample data and failed row samples for all datasets**. 
 
 
 ## Define failed rows checks

soda-cl/soda-cl-overview.md

@@ -97,7 +97,7 @@ Create **no-code checks** for data quality directly in the Soda Cloud user inter
 
 * You, or an Admin on your Soda Cloud account, has [deployed a Soda Agent]({% link soda-agent/deploy.md %}) version 0.8.52 or greater, and connected it to your Soda Cloud account.
 * You, or an Admin on your Soda Cloud account, has [added a new datasource]({% link soda-agent/deploy.md %}#add-a-new-data-source) via the Soda Agent in your Soda Cloud account *and* configured the data source to [discover the datasets]({% link soda-cl/profile.md %}#add-dataset-discovery) in the data source for which you want to write no-code checks. (Soda must have access to dataset names and column names to present those values in dropdown menus during no-code check creation.)
-* You must have permission to edit the dataset as an Admin, Manager, or Editor; see [Manage roles and permissions]({% link soda-cloud/roles-and-rights.md %}).
+* You must have permission to edit the dataset; see [Manage dataset roles]({% link soda-cloud/roles-dataset.md %}).
 
 ### Create a new check
 
@@ -110,7 +110,7 @@ SodaCL includes over 25 built-in metrics that you can use to write checks, a sub
   </tr>
 </table>
 
-1. As an Admin, or Manager or Editor of a dataset to which you wish to add checks, navigate to the dataset, then click **Add Check**. You can only create a check via the no-code interface for datasets in data sources connected via a Soda Agent. 
+1. As a user with [permission]({% link soda-cloud/roles-dataset.md %}#dataset-roles-and-permissions) to do so of a dataset to which you wish to add checks, navigate to the dataset, then click **Add Check**. You can only create a check via the no-code interface for datasets in data sources connected via a Soda Agent. 
 2. Select the type of check you wish to create, then complete the form to create the check. Refer to table below for guidance on the values to enter.
 3. Optionally, **Test** your check, then click **Propose check** to initiate a **[Discussion]({% link soda/glossary.md %}#discussion)** with colleagues. Soda executes the check during the next scan according to the schedule you selected, or whenever a Soda Cloud user runs the schedule scan manually. <br />Be aware that a schema check requires a minimum of two measurements before it yields a useful check result because it needs at least one historical measurement of the existing schema against which to compare a new measurement to look for changes. Thus, the first time Soda executes this check, the result is `[NOT EVALUATED]`, indicated by a gray, question mark status icon.
 4. Click **Add Check** to include the new, no-code check in the next scheduled scan of the dataset. Note that a user with Viewer permissions cannot add a check, they can only propose checks.
@@ -160,7 +160,7 @@ By default, alert notifications for your no-code check go to the **Dataset Owner
 
 ### Edit an existing check
 
-1. As an Admin, or Manager or Editor of a dataset in which the no-code check exists, navigate to the dataset.
+1. As a user with permission to do so, navigate to the dataset in which the no-code check exists.
 2. To the right of the check you wish to edit, click the stacked dots, then select **Edit Check**. You can only edit a check via the no-code interface if it was first created as a no-code check, as indicated by the cloud icon in the **Origin** column of the table of checks.
 3. Adjust the check as needed, test your check, then save. Soda executes the check during the next scan according to the scan definition you selected.
 4. Optionally, you can execute your check immediately. Locate the check you just edited and click the stacked dots, then select **Execute Check**. Soda executes *only* your check.

soda-cloud/anomaly-dashboard.md

@@ -79,7 +79,7 @@ Activate an anomaly dashboard to one or more datasets by configuring profiling f
 
 Use the following procedure to activate the anomaly dashboard for an existing dataset in a data source you already connected to your Soda Cloud account via a self-hosted or Soda-hosted agent.
 
-1. If you have been assigned an Admin, Manager, or Editor [role]({% link soda-cloud/roles-and-rights.md %}#access-to-resources) for a dataset, navigate to the **Datasets** dashboard, then open the dataset to which you wish to activate an anomaly dashboard. 
+1. If you have the [permission]({% link soda-cloud/roles-dataset.md %}) to do so for a dataset, navigate to the **Datasets** dashboard, then open the dataset to which you wish to activate an anomaly dashboard. 
 2. Navigate to the **Anomalies** tab where a message appears that advises you that the anomaly dashboard has not been activated for this dataset. Click **Activate**. 
 3. Follow the guided steps and carefully read the warning about the changes to any existing profiling you have configured for the data source (see below). If you accept the permanent changes, specify the time of day you wish to run the daily anomaly scan, then proceed.
 ><hr>