Skip to main content

Permissions

Organization (Global) Permissions

Your organization will set global permissions for your administratiors in the environment. Every Omni user has an Organization role of either Admin or Member.

Organization permissions are set on the Users page, for example environment.omniapp.co/users.

Organization Admins have full access to all Connections in the Organization. Organization Admins can manage Users and other Organization-level settings like the Organization name.

Members are the baseline role in Omni. They can be given default permission to a dataset, but will only recieve access to data on a connection by connection basis. By default, a member will not have access to any data in the environment until connection defaults have opened permissions to members.

Connection (Model) Permissions

For each connection, permissions can be controlled at several levels: globally (the base role), by group, and by user. Users will have the Union of these permissions, meaning if a user does not have individual permissions to a connection, but they are in a group with permissions to said connection, then they will have permissions to query the data.

Note that there are no specific model permissions, they are set at the connection level.

Data permissions can be set at several levels, in ascending order of querying flexibility for users:

No Access

Users will not be able to query against this connection or its models unless explicitly given access.

Query Topics

These users can create workbooks and dashboards, but can only query the connection through pre-defined Topics.

Querier

These users can create workbooks and dashboards, and query both modeled data (Topics) or unmodeled data (SQL) to the connection. These users cannot touch the shared model files on the connection.

Connection Admin

These users have Querier access to query both modeled or unmodeled data, and can additionally edit the connection model and settings, including setting other users' permission to the given connection or adjusting the default permissions. These are the only users that can touch the shared model files on a connection.

Connection Permissions Matrix

PermissionNo AccessQuery TopicsQuerierConnection Admin
View names of workbooks on homepage
View contents of a modeled dashboard / workbookX1
View contents of an unmodeled dashboard / workbookX2X2
View custom SQL resultsX2X2
Build a dashboard / workbookX
Export CSVsX
Write SQLXX
Stage workbook changesXX
Edit the shared data modelXXX
Manage permissions to the connectionXXX
Manage users globally3XXXX

  1. User management is controlled by global admins, not at the connection level by connection admins.
  2. No Access users and Query Topic users cannot access un-modeled data in Omni today. In the future, escalated privileges may be granted to a specific workbook or dashboard, allowing one-off access to specific users (or all users).
  3. No Access users are not currently able to access any content. In the future, ad hoc content permissions can be granted to escalate privileges for a specific piece of content to a specific user (or all users).