DataHub Role and Privilege Assignment Query Resolved

Original Slack Thread

Hello Everyone! I have just experienced the following issue and I am quite puzzled.
I have three Azure AD Groups which I ingested in DataHub. I read that the preferred way to handle permissions is by using roles, so I manually assigned the respective roles to the users ( (I read that the AD groups do not get DataHub roles by default) I have not changed or disabled any of the privileges.
With that setting I have a user with a Reader DataHub role who can create and run ingestions. According to a Reader should not be able to run ingestion, is that correct? Is the Manage Ingestion privileges’ the one controlling that?
I am probably missing something. Any help will be very appreciated.
Thank you!

After some more reading I think I have found the cause for this behavior.
As pointed out here, there is a policy which gives platform privileges for all users and it is enabled by default. I have disabled it and now the Reader and Writer roles work as described here .

Glad you figured this out!