Roles & Permissions
Understanding user roles and permissions in Cube.
Cube has four built-in default roles: Admin, Developer, Explorer, and Viewer. Each role has specific permissions and access levels designed to support different responsibilities within the platform.
The Enterprise tier allows creation of custom roles with a customized set of permissions tailored to your organization’s specific needs.
Permissions matrix
| Permission | Admin | Developer | Explorer | Viewer |
|---|---|---|---|---|
| Manage users and account settings | ✅ | ❌ | ❌ | ❌ |
| Manage deployments and their settings | ✅ | ✅ | ❌ | ❌ |
| Edit semantic model | ✅ | ✅ | ❌ | ❌ |
| Execute SQL queries against data sources | ✅ | ✅ | ❌ | ❌ |
| Explore and query semantic models | ✅ | ✅ | ✅ | ❌ |
| Create and edit workbooks | ✅ | ✅ | ✅ | ❌ |
| View published dashboards | ✅ | ✅ | ✅ | ✅ |
| Access Analytics Chat | ✅ | ✅ | ✅ | ✅ |
| Query from external tools (Tableau, Power BI) | ✅ | ✅ | ✅ | ✅ |
Admin roles are billed at the developer rate.
Agent Permissions
Agents are connected to Semantic Model Deployments and inherit the permission level of the user they are operating under.
Each agent can be configured to use the Restrict Views feature which allows to select the views that are visible to the agent. This feature should not be used as a security measure. Configure access policies instead.
Typical Usage Scenarios
- Explorers: Typically data consumers and analysts
- Developers: Usually data stewards and data engineers
- Admins: Typically assigned to data engineers managing the entire Cube instance (billed at the developer rate with additional privileges)
Was this page useful?