Skip to main content


Setting User or Group Permissions

User permissions are first set on the individual connection then more fine-tuned permissioning can be assigned to individual users or groups within the organization, streamlining the management process. All user permissions can be modified by a Connection Admin by navigating to the Admin menu and alreing the specific permissions set for a particular connection.

Connections Roles

Permissions assigned at the connection level are considered the user's base role to the data that connection offers. The individual user’s permissions will be added to the connection-level base role that is applied to all users of that connection.

Note that there are no specific model permissions, they are set at the connection level.

Data permissions can be set at several levels, in ascending order of querying flexibility for users:

  • No Access: These users will not be able to query or view content built on this connection.

  • Viewer: These users can view dashboards built on predefined Topics.

  • Restricted Querier: These users can create and view workbooks and dashboards, but can only query through predefined Topics.

  • Querier: These users can create workbooks and dashboards, and query both modeled data (Topics) or unmodeled data (SQL) to the connection. These users cannot touch the shared model files on the connection.

  • Connection Admin: These users have Querier access to query both modeled or unmodeled data, and can additionally edit the connection model and settings, including setting other users' permission to the given connection or adjusting the default permissions. These are the only users that can touch the shared model files on a connection.

Connection and Roles Matrix
PermissionNo AccessViewerRestricted QuerierQuerierConnection Admin
View names of workbooks on homepageX
Run Topic-based queries in a dashboard / workbookX1,2
Run all queries in a dashboard / workbookXX1X1
View custom SQL resultsXX1X1
Build / edit a dashboard / workbookXX
Export CSVsXX
Stage workbook model changes (new fields)XXX
Edit the shared data modelXXXX
Manage permissions to the connectionXXXX
Manage users globally3XXXXX
Content Permissions (Doesn't Currently Exist)Working on NowWorking on NowWorking on NowWorking on NowWorking on Now


  1. Viewers and Restricted Queriers can only run Topic-based queries. They are not permitted to run queries defined outside of Topics, or run any query in a workbook which has altered Topic or Join Relationship definitions. In the future, escalated privileges may be granted to a specific workbook or dashboard, allowing one-off access to specific users (or all users). 2 3 4 5

  2. User management is controlled by global admins, not at the connection level by connection admins.

  3. Viewers can only access dashboards, not workbooks