Skip to main content

Overview

Traditional data platforms require separate role management for each tool—one set of permissions for your ETL platform, another for observability tools, and yet another for your data catalog. Matia eliminates this fragmentation by providing a unified RBAC system that governs access across all four core functionalities from a single interface. Core RBAC Benefits:
  • Unified Security Model: Single permission system across all Matia modules eliminates role conflicts and gaps
  • Hierarchical Inheritance: Roles automatically cascade permissions across product areas, reducing administrative overhead
  • Granular Control: Fine-grained permissions allow precise access control down to individual resources
  • Compliance Ready: Built-in audit trails and policy enforcement support enterprise governance requirements
Matia Tag

RBAC Foundation Concepts

Users: Individual accounts that access Matia with unique authentication credentials and assigned roles. Roles: Collections of permissions grouped by job function that determine what users can view, create, modify, or delete across Matia’s modules. Permissions: Specific access rights that define granular capabilities like viewing data connections, creating monitors, or managing catalog metadata.

Global Roles

Global roles provide platform-wide access that automatically applies across ETL Integrations, Data Observability, and Data Catalog modules. These roles serve as the foundation for your organization’s access control strategy.

Global Admin

Purpose: Complete administrative control over the entire Matia platform and all integrated modules. Core Capabilities:
  • Platform Management: Configure system settings, authentication methods, and security policies
  • User Administration: Manage all users, create and assign any roles, and control access across the platform
  • Resource Management: Full create, read, update, delete (CRUD) access to all data connections, observability monitors, and catalog assets
  • Integration Control: Configure and manage connections to external systems, APIs, and data sources
  • Audit and Compliance: Access all audit logs, generate compliance reports, and manage data governance policies
Cross-Module Access:
  • Integrations: Full pipeline creation, modification, and execution control
  • Observability: Complete monitoring setup, alert configuration, and incident management
  • Catalog: Unrestricted metadata management, lineage configuration, and data governance controls
Global Admin access should be limited to 2-3 trusted individuals to minimize security risk

Global Viewer

Purpose: Read-only access across all Matia modules for users who need visibility without modification capabilities. Core Capabilities:
  • Platform Overview: View system status, configuration summaries, and usage metrics
  • Resource Discovery: Browse and search all data connections, monitors, and catalog assets
  • Report Access: View dashboards, reports, and analytics across all modules
  • Documentation: Access all platform documentation and metadata descriptions
Cross-Module Access:
  • Integrations: View pipeline configurations, execution history, and connection details
  • Observability: Access monitoring dashboards, view alerts, and review incident history
  • Catalog: Browse data assets, view lineage, and access metadata without editing capabilities
Use Cases: Executive reporting, audit teams, business analysts requiring broad visibility without modification rights

Product-Specific Roles

Product-specific roles provide targeted access to individual Matia modules, allowing organizations to grant specialized permissions based on job functions and responsibilities. These roles can be combined with global roles for comprehensive access control.

Integrations Roles

Control access to ETL and Reverse ETL functionality, including data connections, pipeline management, and sync operations.

Integrations Admin

Full administrative control over data integration functionality. Key Permissions:
  • Connection Management: Create, modify, delete, and test all data source and destination connections
  • Pipeline Development: Build, deploy, and modify ETL/Reverse ETL pipelines and transformations
  • Execution Control: Start, stop, pause, and resume all data sync operations
  • Configuration Access: Manage integration settings, scheduling, and error handling policies
  • Resource Monitoring: Access detailed execution logs, performance metrics, and resource utilization data
Typical Users: Data engineers, ETL developers, integration specialists

Integrations Editor

Pipeline development and modification capabilities without full administrative access. Key Permissions:
  • Pipeline Management: Create and modify assigned pipelines and transformations
  • Connection Usage: Utilize existing connections but cannot create or delete them
  • Execution Monitoring: View pipeline status, logs, and basic performance metrics
  • Testing and Validation: Run test executions and validate data transformations
  • Limited Configuration: Modify pipeline-specific settings but not system-wide configurations
Restrictions: Cannot create new connections, modify system settings, or access other teams’ pipelines Typical Users: Data analysts, junior data engineers, pipeline developers

Integrations Viewer

Read-only access to integration configurations and execution status. Key Permissions:
  • Pipeline Visibility: View pipeline configurations, schedules, and execution history
  • Connection Overview: See connection details and test results without modification capability
  • Monitoring Access: Review execution logs, error reports, and basic performance data
  • Documentation: Access integration documentation and metadata descriptions
Typical Users: Business stakeholders, project managers, auditors

Observability Roles

Govern access to data monitoring, quality checks, alerting systems, and incident management across all data assets.

Observability Admin

Complete control over data monitoring and quality management systems. Key Permissions:
  • Monitor Configuration: Create, modify, and delete all data quality monitors and anomaly detection rules
  • Alert Management: Set up alert channels, notification rules, and escalation policies
  • Incident Response: Manage all incidents, assign ownership, and coordinate resolution activities
  • Policy Definition: Create and enforce data quality standards and governance policies
  • System Configuration: Manage monitoring infrastructure, thresholds, and automated responses
Cross-Module Integration: Configure monitoring for integration pipelines and catalog assets Typical Users: Data reliability engineers, observability specialists, platform administrators

Observability Editor

Hands-on monitoring and quality management without full administrative privileges. Key Permissions:
  • Monitor Management: Create and modify monitors for assigned data assets and domains
  • Alert Configuration: Set up alerts and notifications for owned monitors
  • Incident Investigation: Investigate data issues, document findings, and propose resolutions
  • Quality Assessment: Run data quality checks and generate quality reports
  • Collaboration: Comment on incidents, update investigation status, and coordinate with data owners
Restrictions: Cannot modify system-wide policies, delete others’ monitors, or access sensitive configuration settings Typical Users: Data stewards, quality analysts, domain data experts

Observability Viewer

Read-only access to monitoring dashboards, alerts, and data quality metrics. Key Permissions:
  • Dashboard Access: View all monitoring dashboards and data quality metrics
  • Alert Visibility: See active alerts, incident status, and resolution timelines
  • Report Generation: Generate and export data quality reports and trend analysis
  • Historical Analysis: Access historical monitoring data and quality trend information
Typical Users: Business users, executives, compliance teams, external auditors

Catalog Roles

Control access to metadata management, data lineage, documentation, and data discovery capabilities.

Catalog Admin

Full administrative control over metadata management and data governance. Key Permissions:
  • Metadata Management: Create, modify, and delete all metadata schemas, tags, and classifications
  • Lineage Configuration: Set up and maintain data lineage tracking across all systems
  • Governance Policies: Define and enforce data access policies, retention rules, and compliance requirements
  • Asset Organization: Manage collections, hierarchies, and organizational structures
  • Integration Setup: Configure metadata extraction from external systems and tools
Cross-Module Integration: Manage metadata for integration pipelines and observability monitors Typical Users: Data governance officers, chief data officers, metadata specialists

Catalog Editor

Content creation and curation capabilities for assigned data domains. Key Permissions:
  • Asset Documentation: Create and update documentation, descriptions, and usage guidelines
  • Metadata Enhancement: Add tags, classifications, and business context to data assets
  • Relationship Management: Define and maintain relationships between data assets
  • Quality Annotation: Document data quality issues and provide business context for findings
  • Collaboration: Review and approve metadata changes from other users
Domain Scope: Permissions typically scoped to specific business domains or data areas Typical Users: Data stewards, business analysts, domain experts, data curators

Catalog Viewer

Read-only access to catalog metadata, lineage, and documentation.
This role is included by default for all Matia users.
Key Permissions:
  • Browse & Search: Navigate and search all cataloged data assets, tables, and dashboards
  • View Metadata: Access detailed metadata, tags, classifications, and lineage
  • Documentation Access: Read documentation, definitions, and usage guidelines
  • Lineage Visualization: Explore lineage diagrams and data flow between assets
Restrictions: Cannot create, edit, or manage any catalog metadata or documentation Typical Users: All Matia users, business users, data consumers, auditors

Permission Inheritance and Hierarchy

Matia’s role system implements a sophisticated inheritance model that simplifies administration while maintaining granular control. Understanding how permissions flow through the system is essential for effective role management.

Inheritance Principles

Global Role Foundation: Global Admin and Global Viewer roles establish baseline permissions across all modules that cannot be reduced by product-specific roles. Product Role Enhancement: Product-specific roles can grant additional permissions beyond what global roles provide, but cannot restrict global permissions. Most Permissive Rule: When a user has multiple roles, they receive the highest level of access granted by any role combination. Resource-Level Override: Specific resource permissions can further restrict or enhance inherited role permissions.

Inheritance Examples

Example 1: Global Viewer + Integrations Admin 
Resulting Access:
- Integrations: Full Admin access (product role enhances global)
- Observability: Viewer access (global role applies)
- Catalog: Viewer access (global role applies)
- Platform Settings: Viewer access (global role applies)
Example 2: Global Admin + Observability Viewer 
Resulting Access:
- Integrations: Admin access (global role applies)
- Observability: Admin access (global role cannot be downgraded)
- Catalog: Admin access (global role applies)
- Platform Settings: Full Admin access (global role applies)
Example 3: Multiple Product Roles 
User Assignment: Integrations Editor + Catalog Admin
Resulting Access:
- Integrations: Editor access
- Observability: No access
- Catalog: Admin access
- Platform Settings: No access