User and Data Access Management

👤 This documentation is intended for Team Admins and Workspace Admins. Check with your Team Admin for additional access.

Overview

In this article we'll discuss the permissions structure within Preset so you can set up your team for success. There are layers of access management you can user to get the right users to the right data and level of functionality.

Team Level Roles

A team is the highest level of user management.

There are two types of users at the Team Level:

Administrator

• Send invites
• Manage access/roles for Team Members.
• Manage access/roles in Workspaces.
• Create new workspaces.
• Edit workspace settings.

User

• Connect to a team based on an invitation.
• Access workspace(s) based on provided permissions.

Updating Team Level Roles

The team level user settings are defined when a user is invited but can be changed by a team admin from the Preset Manager by clicking "Manage Team" and navigating to the "Members & Invites" tab.

Workspace Level Roles

You can control user access to parts of the Preset interface and specific data beginning at the workspace level. Within a workspace, a user's access permissions fall into one of four categories:

The roles of Workspace Admin, Primary Contributor, and No access are all fairly self-explanatory. The user has either admin access, full non-admin access, or no access whatsoever, respectively.

The four data and interface restricted access roles allow administrators to restrict access to data and limit access to certain Preset features. When assigning a user to one of these roles, they will (by default) not have access to any data and you will define role-based access for them.

Role Details

Workspace role definitions are as follows:

Further details about which functionalities are available to each Workspace Role can be found on this article.

Workspace Admin

Workspace Administrators will be able to see and edit all databases, datasets, charts and dashboards within the workspace as well as create and modify data access roles and row level security settings.

Primary Contributor

Primary Contributors have access to most of the functionality within the workspace. They can access all published dashboards whether they are the owner or not, but can only see draft dashboards where they are the owner. They also can't change any data access role or row level security settings.

Data restriction (via data access roles) is possible for the following workspace roles:

Secondary Contributor

Secondary Contributors have access to all data within a workspace, but is subject to data restrictions as defined by a data access role. This role grants data access restricted dataset write access to the users. For example, they can create physical datasets from databases or schemas they have access to, they can edit datasets if they are the owner, they can create and manage alerts/reports, and they can upload CSVs if CSV upload is enabled the database they have access to. 

Limited Contributor
Similar to the Secondary Contributor, this user role has access to all data within a workspace, but is subject to data restrictions as defined by a data access role. Limited Contributors can't create physical datasets from databases and schemas, and they can't upload CSVs to databases. However, they can create virtual datasets and charts/dashboards using the data they have access to. 

Viewer
This user role only has access to visualizations (charts and dashboards) that are published, and is also subject to any defined data access role-based restrictions. For example, an external marketing agency may be given view access to published visualizations from a specified dataset. 

Dashboard Viewer
This user role only has access to dashboards that are published, and is also subject to any defined data access role-based restrictions. For example, a potential business partner is given view access rights to a quarterly product sales dashboard used in a presentation by your company.

NOTE:  Until a Data Access Role has been assigned to the three above user roles, they will not be able to view any Dashboards and/or Charts and/or Datasets.

Updating Workspace Level Roles

Workspace level roles are defined at the time a user invite is sent, but can be updated later from the Workspace Roles interface.

To change a user's role at the workspace level, first navigate to the Preset manager. From there, select the three dots on the top right hand side of the workspace you want to change the user's role in and select Edit Workspace Roles.

The workspace roles can then be changed from the Workspace role column.

Data Level Roles

Data access begins with workspace roles, which are broadly responsible for determining whether a user has restricted access or not.

Restricted data access is then configured using data access roles, which can be used to configure either wide access coverage (e.g. all databases) or access to specific datasources.

Lastly, Preset's row level security feature enables organizations to more achieve granular data control by configuring which data access roles can query & view specific data within datasets.

For More Resources See:

User Management

Invite Others to your Team
How to manage a team, invite colleagues, manage invitations, and change user permissions.

Data Access Management

Role-based Access Control (RBAC)
Typical workflow for a Preset Administrator, grant user access to a workspace, introduction to data access roles, and how to add a row level security filter.

Data Access Roles at Preset
Introduction to workspace roles and how access can be restricted using data access roles.

Row Level Security (RLS)
Explanation of how RLS is used in tandem with Data Access Roles to exert a granular level of control over who can query and view specific data in selected datasets.

Single Sign On (SSO)
How to integrate SAML with Preset to implement single sign on to Preset for your organization.

SCIM with Okta
How to set up SCIM with the user authentication management platform, Okta.