Users
The Users page defines who has access to a project. Here you can view members, update permissions and add and delete users from a project.
If you need to have your level of access changed but don't have the necessary permissions yourself, contact the administrator(s) of the project.
Adding Users
To add a new user to a project, go to the Users page under the project you want to add to, and click the "Add User" button at the top right.
You will get a pop up with a form to fill out for your new user. The form entries are:
- User: The email address of the user you want to add. This will autocomplete for internal staff, but you can enter in any email address.
- Role: The role that you want the user to have, which will define what they have permission to do. See the role options above for information on how to choose a role.
- Send notification to user: Check this box if you would like the user to receive an email notifying them that they have been added to your project.
If the email entered is not already affiliated with your Cirro organization, you will also be prompted to add the new user's name and organization.
Users will receive an email notification informing them that they have been added to a project. If the user is external and has not been added to a project before, they will also receive information on how to log in to Cirro.
Users can also request access to a project themselves, as long as the project is flagged to allow this behavior in the project settings. If a user requests access, administrators will be sent a link in an email which they can use to accept or deny access.
Editing or Deleting Users
The users are organized in a table and by default are sorted by the user's name. You can change the sorting and add/remove columns using the three dots in the table header 
, and also filter the users using the sidebar on the right side of the page.
To change something about a user, click on the user in question to get a pop up with options. To update the user's permissions, you can can select a new role from the drop down and click "Update". Or you can also delete the user from the project entirely by clicking "Remove".
Project admins can also click the "Governance Summary" button to see the user's compliance to any governance requirements applied to the project, including all the enacted governance requirements assigned to the user with information on if they've completed the requirement and links to any files they had to upload to certify completion..
User Roles
There are three possible roles for project users that map to different sets of permissions.
- Collaborator: This is View Only. This role can access the data and analysis that has been run by others.
- Contributor: This is Mid-Range Control. This role can spend money. They can upload data and run analysis like running pipelines and launching notebooks.
- Admin: This is Full Control. This role can do anything, including destructive actions. They can change permissions for other users and delete datasets, notebooks, etc.
There are also roles that exist across all projects. The most inclusive of these is the Organization Administrator role, which will have access to the System section of Cirro.
Breakdown of Project-Level Role Permissions
Users can be assigned one of the three following permission roles inside a project.
| Action | Collaborator | Contributor | Administrator |
|---|---|---|---|
| View Projects | ✓ | ✓ | ✓ |
| View Datasets | ✓ | ✓ | ✓ |
| View References | ✓ | ✓ | ✓ |
| View & Edit Dashboards | ✓ | ✓ | ✓ |
| Add & Edit Datasets | ✓ | ✓ | |
| Edit Samples | ✓ | ✓ | |
| Add & Edit References | ✓ | ✓ | |
| Run Analysis Pipelines | ✓ | ✓ | |
| Create & Run Notebooks | ✓ | ✓ | |
| Add Dashboards | ✓ | ✓ | |
| View Project Users | ✓ | ✓ | |
| View Project Costs | ✓ | ✓ | |
| Edit Project Settings | ✓ | ||
| Add & Edit Project Tags | ✓ | ||
| View Extended Dataset Lineage | ✓ | ||
| Delete Datasets | ✓ | ||
| Edit Samples Schema | ✓ | ||
| Link Custom Pipelines to Project | ✓ | ||
| Add Users & Manage Permissions | ✓ |
Breakdown of Item-Owner Role Permissions
While a user may have been assigned a project role, if they have created any items inside that project they will have more access to those items than their project role may suggest. This case applies when a user creates items like datasets, notebooks, dashboards, and billing accounts.
| Action | Item Owner |
|---|---|
| Edit their Items | ✓ |
| Delete their Items | ✓ |
Breakdown of Organization-Level Role Permissions
There are a few more unique roles that apply not at a project level, but instead at an organization, or global, level which apply across all projects in an organization.
Note: Due of the significant overlap in permissions between system administrator and tenant administrator, our documentation will refer to both roles as "organization administrator", unless there is a case where their permissions differ.
| Action | Pipeline Developer | Billing Account Owners & Delegates | System Administrator | Tenant Administrator |
|---|---|---|---|---|
| Create Custom Pipelines | ✓ | ✓ | ✓ | |
| View Extended Dataset Lineage | ✓ | ✓ | ✓ | |
| Create Projects | ✓ | ✓ | ✓ | |
| Edit Billing Accounts | ✓ | ✓ | ✓ | |
| Create Billing Accounts | ✓ | ✓ | ||
| Set Projects' Data Classifications | ✓ | ✓ | ||
| Apply Governance Requirements to Projects | ✓ | ✓ | ||
| View All Projects in the Organization | ✓ | ✓ | ||
| View and Download All Project Data in the Organization | ✓ |