Permissions - a role that can run jobs only?

Hi ​@may_kwok ,

you can create a new Access level and set it up for each of the metadata model node where you need this specific access. For example on monitoringProject entity in the metadata model, there is a tab Access levels:

Under the Access levels are operations you can edit:

So you could take access level settings similar to View Metadata Access (so allow just viewing), and just enable the Run processing operation.

Please let me know if this helps, or if this is also something you considered and it didn’t help. 

Kind regards,

Anna

Thanks ​@anna.spakova will give this a go!

Amazing ​@anna.spakova thank you for your hint! Here are the exact steps I did:

1. Ensure the keycloak role that I want to grant to the users exists (create in keycloak, I called it MMM_poweruser) and synced over to ONE (users → update users)
2. Take db backup of ONE before making change
3. Go to Metadata model, monitoringProject node, Access Levels tab, and define something for Operate Access (Anna’s screenshots above). I set it so that the Operate access can:
   1. Access asset
   2. View sharing
   3. View properties
   4. View comments
   5. Read comments metadata
   6. Read comment thread metadata
   7. Run data processing
4. Go to governance roles, find my Governance role (I’m choosing ONE Operator), and set the Monitoring Project to have Operate Access

   

    

5. Then I need to go to each Group that I have, and add the Group role and allocate my MMM_poweruser role into it:

   

    

6. I have created a test user that belongs to MMM_poweruser and I am able to run project but not do anything else in the project.