Skip to main content

Manage user roles and permissions

Configure and manage user access levels within GDI's CKAN data catalogue system. This guide covers platform-wide and organisation-specific role management for system administrators.

CKAN user role hierarchy

CKAN operates with two levels of roles: platform-level roles that apply across the entire system, and organisation-level roles that control access within specific organisations.

Platform-level roles

Platform-level roles determine what users can do across the entire CKAN instance. The following table describes the three platform-level roles:

RoleCapabilitiesNotes
VisitorSearch and view public datasetsAnonymous/unauthenticated users
Registered userBecome a member of an organisation (requires admin approval)
Publish, edit, or add datasets based on their role in the organisation
Manage their own profile
The system typically disables organisation creation for regular users
SysadminAccess and edit any organisations
View and change user details
Permanently delete datasets
Customise the look and feel of the platform
Configure system-wide settings
Full administrative control over the entire system

Organisation-level roles

Organisation-level roles control access to datasets and administrative functions within a specific organisation. The following table describes the three organisation-level roles:

RoleCapabilitiesUse case
MemberView the organisation's private datasetsUsers who need access to restricted organisational data
EditorAll capabilities of a Member
Add new datasets to the organisation
Edit or delete any of the organisation's datasets
Make datasets public or private
Content contributors and data curators
Organisation adminAll capabilities of an Editor
Add users to the organisation, and set their role (member, editor, or admin)
Change the role of any user in the organisation, including other admin users
Remove members, editors, or other admins from the organisation
Edit the organisation's details (e.g., title, description, image)
Delete the organisation
Organisational data stewards and managers

Manage user access

Use CKAN's admin interface to configure platform-level and organisation-specific user permissions. Access the admin interface to assign roles, manage organisation memberships, and control system access levels.

Role assignment best practices

Follow these practices when assigning user roles:

  • Principle of least privilege: Grant users only the permissions they need to perform their tasks
  • Regular audits: Review user permissions periodically to ensure they remain appropriate
  • Documentation: Record role assignments and changes for audit trails
  • Approval workflows: Implement approval processes for sensitive roles like Sysadmin and Organisation Admin

For detailed role management procedures, see the CKAN authorisation documentation.

Next steps

After configuring user roles: