Skip to main content

Manage user groups

In Imply Polaris, a group represents a collection of permissions, which enable users to perform specific actions at the organization or project level. When you add a user to a group, you grant that user all of the permissions within the group. There is no limit to the number of groups a user can belong to. Users who belong to multiple groups inherit permissions assigned to each group.

Polaris provides a set of predefined groups that support common use cases. You can use the predefined groups or create new groups with specific permissions.

info

Predefined groups are maintained by Polaris and cannot be modified.

Predefined groups

Predefined groups are scoped to the organization, that is they grant specific permissions across all existing and future projects. These groups are managed by Polaris and cannot be modified or deleted.

If you want to create a custom group that is scoped to a specific project but has the same set of permissions as a predefined group, you can duplicate the predefined group and edit the assigned projects.

Organization Admin

When you create a Polaris account, you are added to the Organization Admin group by default.

This group is authorized to manage all operations across the organization. Members can create and manage projects, add and remove users and user groups, configure API keys, view metering and billing data across all projects, access audit logs, and set maximum project size to control cost and auto-scaling.

info

Only members of the Organization Admin group can add new users to this group.

Project Admin

This group is authorized to administer existing projects. Members can manage project's assets, view usage data, and set a maximum project size. Members cannot create or delete projects.

There can be more than one Project Admin per project.

Data Manager

This group is authorized to ingest, query, and meter data in Polaris. Members can manage files, data cubes, tables, input sources, and SQL queries. Members cannot view billing information.

Data Analyst

This group is authorized to transform data into assets that can be used by the organization. Members can create data cubes and dashboards, run queries, and view reports. Members cannot view metering, modify input sources and tables, or set a project's maximum size.

Viewer

Members of this group have read-only access to tables and visualization resources, such as data cubes and dashboards.

Permissions assigned to predefined groups

The following table shows permissions assigned to the predefined groups.

PermissionOrganization AdminProject AdminData ManagerData AnalystViewer
AccessAlertsxxxx
AccessAuditLogsx
AccessDownloadDataxxxx
AccessDownloadLargeDataxxxx
AccessMetricsxxx
AccessMonitoringxxx
AccessMonitorQueriesxxx
AccessQueriesxxxx
AccessQueryRawDataxxx
AccessReportsxxxx
AccessScalingxxxx
AccessVisualizationxxxxx
AdministerAlertsxx
AdministerApiKeysx
AdministerBillingx
AdministerClientsx
AdministerDashboardsxx
AdministerDataCubesxx
AdministerEmbedLinksxx
AdministerProjectsx
AdministerQueriesxxx
AdministerReportsxx
AdministerScalingxxx
AdministerUsersx
ManageAlertsxxx
ManageAlertsWebhooksxxx
ManageApiKeysx
ManageDashboardsxxxx
ManageDataCubesxxxx
ManageFilesxxx
ManageIngestionJobsxxx
ManageProjectsxx
ManageReportsxxx
ManageConnectionsxxx
ManageTablesxxx
ViewTablesxxxxx

Manage groups

You can manage groups using the Polaris UI or the Identity management API.

In the top right corner of the UI, click the Administration gear icon. In the left sidebar, click User groups to display the Groups page, where you can view, create, and manage groups.

User groups page

Create a group

Users with the AdministerUsers permission and members of the Organization Admin group can create new groups.

To create a new group, do the following:

  1. On the Groups page, click New user group.
  2. Enter the group name and click Create user group. This creates an empty user group.
  3. To add users to the group, go to the Users tab and click Add users. Select the users you want to add from the list.
  4. To specify which projects this group can access, go to the Projects tab. Here, you can scope the group's permissions.
    • Select Applies to all projects to scope the group's permissions to all existing and future projects.
    • Select Applies to specific projects to scope the group's permissions to selected projects only.
  5. To add permissions, go to the Permissions tab and click Add permissions. In the Add permissions to user group dialog, select the permissions you want to apply to the group. You can select all permissions or choose between organization and project-level permissions.

You can also duplicate an existing group by clicking Duplicate on the group's details page.

Edit a group

You can edit a group's name, permissions, and project access from the group's details page.

To edit the group's name, click Edit details in the top-right corner of the page.

Edit group details

To add new users to a group, go to the Users tab and click Add users. Select the users you want to add to the group.

To remove a permission or a project assignment, navigate to the relevant tab and click the ellipsis icon next to the name of the resource, then click Remove from the group.

The following screenshot shows how to remove the AdministerAlerts permission from the group named Alerts and reports:

User menu

Delete a group

To delete a group, follow these steps:

  1. On the Groups page, click the ellipsis for the group you want to delete and select Delete.
  2. Confirm your selection and click Delete user group.