Application Roles
Model roles are roles on Project Permission Management, Report Catalog Permission Management, Dashboard Catalog Permission Management, and OLAP Permission Management (OPM) level. Whenever a model is created, these roles are created and assigned to predefined permissions and built-in groups. Project roles, report catalog roles, Dashboard Catalog roles, and OLAP roles have been merged into Application Roles in BI Services except the OLAP role BulkImport:
| Role | Permissions | Protection | Migration/Changes |
|---|---|---|---|
| ViewRole |
View (all models) Browse Folders and Reports |
Yes |
Merge of original ViewerRole and ReportViewerRole Assigned to Browse Folders and Reports |
| MasterRole | All permissions (all models) | Yes | |
| AdministratorRole |
Administer Permissions (all models) View (all models) Administer OLAP Database |
Yes | |
| DesignerRole |
View (all models) Edit (all models) Delete (all models) Browse Folders and Reports (report catalog) Write Values (OPM) Edit Scripts (report catalog) Create Schedule (report catalog) Administer Schedules (report catalog) |
Yes |
Created anew in each existing model Replaces ReportDesignerRole Assigned to consistent permissions in all models |
| BulkImport | Yes | OPM role that is not treated as Application Role |
Existing repositories are migrated according to these rules:
- The roles ReportViewerRole and ReportDesignerRole are preserved as they are defined in existing models. These roles will not be created in models that are created after the repository migration. For new models created after the repository migration, only the new roles will be created and assigned to built-in groups.
- The role DesignerRole is added to all existing models and assigned with all defined permissions. The role is not assigned to any user or group.
- Permission assignments to roles are not changed in existing models.
Model Roles are protected according to these rules:
- All roles are protected in new repositories or in newly created models in migrated repositories including their permission assignments.
- In existing models of migrated repositories, only the DesignerRole including the permission assignments is protected.
See these topics for further details: