Permissions reference

Permissions determine the operations a user can perform. You grant permissions to users through groups, which represent collections of permissions. When you assign a group to a user, you grant the user all of the permissions within that group.

This topic lists all of the available permissions, organized by category.

Analytics

  • AccessAlerts: Access the Alerts tab.
  • AccessDownloadData: Download a limited number of rows for a data cube. The maximum row limit is 5000.
  • AccessDownloadLargeData: Download an unlimited number of rows for a data cube.
  • AccessQueries: Manage the queries within the access granted by their individual configuration. Note that users with SQL access can effectively perform arbitrary queries. Any user with the AccessQueries permission also has the ReadDataSources permission.
  • AccessQueryRawData: View the raw disaggregated data underlying the data cube. Users with the AccessQueryRawData permission can access the Raw data dialog by clicking Toggle options > View raw data. The Raw data dialog respects all the settings on the data cube except for the controls that can be changed by a user who doesn't have permission to edit the data cube—for example, the selected visualization, non-required filters, splits, and compares.
  • AccessReports: View all reports irrespective of their access configuration.
  • AccessVisualization: View data cubes and dashboards.
  • AdministerAlerts: View and manage all alert configurations irrespective of their sharing and access configuration.
  • AdministerDashboards: View and manage all dashboards irrespective of their sharing and access configuration.
  • AdministerDataCubes: View and manage all data cubes irrespective of their sharing and access configuration.
  • AdministerEmbedLinks: View and manage embedding links.
  • AdministerQueries: Create, manage, and view all saved SQL queries.
  • AdministerReports: View and manage all scheduled reports irrespective of their access configuration.
  • ManageAlerts: Modify alerts within the access granted via the individual configuration.
  • ManageAlertsWebhooks: Configure alerts to send webhook notifications.
  • ManageDashboards: Create, modify, and delete dashboards within the access granted by their individual configuration.
  • ManageDataCubes: Create, duplicate, modify, and delete data cubes within the access granted by their individual configuration.
  • ManageReports: Create and manage reports within the access granted by their individual configuration.

Data

  • ManageIngestionJobs: Start, stop, cancel, and delete an ingestion job.
  • ManageFiles: Upload and delete files.
  • ManageConnections: Create and edit connections.
  • ManageTables: View table data and modify schema.
  • ReadDataSources: Read data using the Query API. This permission is automatically assigned to users who have the AccessQueries permission.
  • ViewTables: View table data and schema.

Monitoring

  • AccessMetrics: Access the Detailed metrics tab and make changes. No access means that the user cannot view the page.
  • AccessMonitorQueries: Monitor database queries.

Management

  • AccessScaling: View performance pages in read-only mode. Users with the AccessScaling permission cannot change the project size.
  • AdministerApiKeys: View, create, edit, and delete all API keys for the organization.
  • AdministerBilling: Manage invoices and credit card information.
  • AdministerClients: View, create, and modify all OAuth clients. This permission is required to create and manage access tokens for OAuth authentication.
  • AdministerProjects: View all projects irrespective of their sharing and access configuration.
  • AdministerScaling: Make selections that impact performance—change project size, view usage, and view Clarity metrics.
  • AdministerUsers: Create, modify, and delete users; assign and remove user permissions; and view profile information of other users. The permissions that you can assign to new users are determined by the permissions assigned to you—you can only assign the permissions that you have been granted.
  • ManageApiKeys: View and create API keys for the organization; manage and delete their own API keys. Users with the ManageApiKeys permission can only modify the API keys that they created.
  • ManageProjects: Create and modify projects. Users with the ManageProjects permission can set a project's maximum size.

For information on how to invite a new user to the organization, see Invite users to your organization.

Invite users to your organizationManage user groups