User roles reference

Imply Polaris uses a role-based access control (RBAC) model to manage user access to protected data and resources. It leverages built-in roles in the form of user groups to deliver fine-grained control that allows for varying levels of access.

You can assign individual roles, add users to existing Polaris groups, or create new groups corresponding to the specific roles within your organization. To learn more about groups in Polaris, see User groups.

Predefined roles

Polaris roles determine the resources and the level of access available to users in the context of your organization.

This section lists the predefined roles and their permissions, grouped by category.

Data

  • ManageTables: View table data and modify schema.
  • ViewTables: View table data and schema.
  • ManageFiles: Upload and delete files.
  • ManageIngestionJobs: Start, stop, cancel, and delete an ingestion job.
  • ReadDataSources: Read data using the Query API. This role is automatically assigned to users who have the AccessQueries role.
  • ManageStreams: Stream data into the organization.

Analytics

  • AccessVisualization: View data cubes and dashboards.
  • AdministerDataCubes: View and manage all data cubes irrespective of their sharing and access configuration.
  • ManageDataCubes: Create, duplicate, modify, and delete data cubes within the access granted by their individual configuration.
  • AdministerDashboards: View and manage all dashboards irrespective of their sharing and access configuration.
  • ManageDashboards: Create, modify, and delete dashboards within the access granted by their individual configuration.
  • AccessQueryRawData: View the raw disaggregated data behind a data cube visualization. This permission is independent from the AccessQueries permission. A user without the AccessQueryRawData permission can still query raw data via the SQL tab if they have the AccessQueries permission.
  • AccessDownloadData: Download a limited number of rows for a data cube. The maximum row limit is 5000.
  • AccessDownloadLargeData: Download an unlimited number of rows for a data cube.
  • AccessQueries: Manage the queries within the access granted by their individual configuration. Note that users with SQL access can effectively perform arbitrary queries. Any user with the AccessQueries role also has the ReadDataSources role.
  • AdministerQueries: Create, manage, and view all saved SQL queries.
  • AccessReports: View all reports irrespective of their access configuration.
  • AdministerReports: View and manage all scheduled reports irrespective of their access configuration.
  • ManageReports: Create and manage reports within the access granted by their individual configuration.

Organizational

  • AdministerUsers: Create, modify, and delete users, assign and remove user roles, and view profile information of other users. Users in this role cannot create or modify a user to have more permissions than they have.
  • AdministerClients: View, create, and modify all API clients. This role is required to create and manage secrets for API access.
  • AdministerProjects: View all projects irrespective of their sharing and access configuration.
  • ManageProjects: Create and modify projects. A user in ManageProjects role can set a project's maximum size.

Monitoring

  • AccessAlerts: Access the Alerts tab.
  • AdministerAlerts: View and manage all alert configurations irrespective of their sharing and access configuration.
  • ManageAlerts: Modify alerts within the access granted via the individual configuration.
  • ManageAlertsWebhooks: Configure alerts to send webhook notifications.
  • AccessMetrics: Access the Detailed metrics tab and make changes. No access means that the user cannot view the page.
  • AccessMonitorQueries: Monitor database queries.

Management

  • AccessScaling: View performance pages in read-only mode. Users with the AccessScaling role cannot change the cluster size.
  • AdministerScaling: Make selections that impact performance—for example, change cluster, view usage, view Clarity metrics.
  • AdministerBilling: Manage invoices and credit card information.

Assign a role to a user

To assign a role to an existing user, follow these steps:

  1. In the Polaris console, click the user menu icon located in the top-right corner of the page.
  2. Select User management from the user menu.
  3. Click Users in the left sidebar.
  4. Select the user you want to assign a new role to.
  5. Go to the Role Mappings tab.
  6. Select the role you want to add from the Available Roles list. To select multiple roles, press and hold the Shift key while selecting the roles.
  7. Click Add selected.

For information on how to invite a new user to the organization, see Add a new user.

Add users to an organizationManage user groups