Understanding User Roles
Faros has four roles available to all your users: Owner, Administrator, Analyst and User.
Professional Edition organizations have two user roles available for their users: Owner and Analyst, while Enterprise Edition organizations have all four roles available.
Summary of user roles
| Role | Permissions |
|---|---|
| User | Users can explore their data and create / view reports and dashboards scoped to their data. ICs can see only their own data, while team leads can see the data of all the members in their teams and child teams. |
| Analyst | Analysts can explore data and create / view reports and dashboards. They have full access to data across the organization. |
| Administrator | Administrators have full analyst permissions. In addition, they can set and manage the data being exposed via Faros. |
| Owner | Owners are administrators who can manage Faros users and their roles and set up SSO. In the future, they will be able to view and modify billing and subscription information for accounts. |
User role permission details
| Permission | User | Analyst | Admin | Owner |
|---|---|---|---|---|
| View and create Dashboards | โ | โ | โ | โ |
| View user-specific data | โ | โ | โ | โ |
| Access to all graphs | โ | โ | โ | โ |
| View teams | โ | โ | โ | โ |
| View employees | โ | โ | โ | โ |
| View company data | โ | โ | โ | |
| External dashboard sharing | โ | โ | โ | |
| Manage team and team membership | โ | โ | ||
| Manage employees and employee connections | โ | โ | ||
| Manage repositories, applications, and boards | โ | โ | ||
| Inspect GraphQL and set filterable fields | โ | โ | ||
| Manage data sources and connections | โ | โ | ||
| Manage graphs | โ | โ | ||
| Create and revoke API Keys | โ | โ | ||
| Create and modify flows | โ | โ | ||
| Manage Faros users and roles | โ | |||
| Manage billing and subscription information for the account | โ | |||
| SSO setup | โ |
Assigning roles to users
Owners are the only people who can change the roles of other users within Faros. To update someoneโs role:
- Go to Settings โ Users
- When creating a new user, you will have the option to assign them to any of the roles.
- For existing users, select edit option in the โโฎโ menu on the userโs row. There will be a popup where you can edit the role.
- For customers creating users through an SSO integration, the last page of the SSO setup allows you to configure default user roles or map groups to specific roles. If you are creating users this way make sure to always include the base 'user' role in addition to more specific ones.
Defining user-specific data
Administrators and analysts have access to all the data that is tracked and measured in Faros, while a user will only be able to see data and reports relevant to themselves or, if they are a team lead, all members in their team and child teams. This is true whether the user is looking at dashboards or querying the reporting database directly via questions.
Example
Assume our sample org has the following team structure:
The chart below is from the Engineering Productivity module and shows the ratio of unplanned to total work for Team A and its subteams (Team A1 and Team A2).
Tasks are associated with a team via the board (or project). Because of the filter on Team A, This chart will use tasks that belong to boards owned by Team A, Team A1, and Team A2. Note that tasks are also assigned to individual employees.
If the person viewing the report is an admin or analyst, the report will use all the tasks in those boards to calculate the ratio, regardless of whom they are assigned to.
If the user viewing the report is not an analyst or admin, the report will only use tasks that are associated with themselves. If the user is a team lead, the report will also use tasks associated with members of their teams and sub-teams.
Here is a subsample of the task data across all teams:
When an administrator views the chart, the ratio will be calculated from rows 1-4, as they are all the tasks for boards associated with TeamA and its sub-teams (as that was the filter on the original chart.) If they wanted to view all the tasks listed above or see the ratio for all teams, they would need to set the filter to โall-teamsโ
The team lead for Team A will see a ratio calculated from rows 1-3, those are the rows with the tasks in Team A and the employee assignees or creators are in Team Aโs reporting structure.
Employee A1 will only see the ratio calculated from rows 1 & 2. Row 6 is not included, as the work is not in a Team A board. (Note that if Employee A1 wanted to view all their work across all boards, they would use the โall-teamsโ filter instead of the โTeam Aโ filter, and then the ratio would use rows 1, 2, and 6.)
The team lead for Team B only uses row 4 to calculate the ratio.
What objects are scoped to employees?
| Record Type | Who can see it |
|---|---|
| Activity Logs | Associated users |
| Commits | Authors |
| Incidents | Assignees |
| Pull Requests (individual PRs, comments, files, labels) | Authors, Commenters, Reviewers |
| Tasks (individual tasks, task boards, task tests) | Creators, Assignees |
Records that are not in the above tables (such as steps in a flow) are not scoped to individual people, so all users will be able to see them in their dashboards and reports.
Updated 3 months ago