Overview

Canner Enterprise uses a layered authorization mechanism: platform access control, data access control, to achieve global and regional dynamic authorization policies and separate data ownership and usages, allowing the original data source to be fully protected, domain experts can also obtain the necessary data usage rights.

Access Control Design

The access control in Canner Enterprise is similar to the folder access control design in Cloud Storages, You can set different permissions for folders or files in folders in the cloud storages, and the permissions can be for individual or group members.

The design is similar to Canner Enterprise. You can set different permissions for Data Source, Workspace, and Table in the platform, and the permissions can be for individual or group members.

Platform Access Control

Users in Canner Enterprise are divided into three roles, Admin, System Admin and Member (for explicit role permissions, please refer to User Management); different roles can use distinguish operations in Canner Enterprise.

1. Admin is who can set the global role of the platform and can use all system functionalities, including system status, billing, etc.
2. System Admin are responsible for overseeing various aspects of system management; they have the authority to access all settings except for billing and data policy. They can access data sources and workspaces only when invited.
3. Member is a general user who can use the platform's data source and workspace pages.