User and Data Access Management
User and Data Access Management is only available for teams on the Professional and Enterprise Plans.
👤 This documentation is intended for Team Admins and Workspace Admins. Check with your Team Admin for additional access.
In this article we'll discuss the permissions structure within Preset so you can set up your team for success. There are layers of access management you can user to get the right users to the right data and level of functionality.
Team Level Roles
A team is the highest level of user management.
There are two types of users at the Team Level:
- Send invites
- Manage access/roles for Team Members.
- Manage access/roles in Workspaces.
- Create new workspaces.
- Edit workspace settings.
- Connect to a team based on an invitation.
- Access workspace(s) based on provided permissions.
Updating Team Level Roles
The team level user settings are defined when a user is invited but can be changed by a team admin from the Preset Manager by clicking "Manage Team" and navigating to the "Members & Invites" tab.
Workspace Level Roles
You can control user access to parts of the Preset interface and specific data beginning at the workspace level. Within a workspace, a user's access permissions fall into one of four categories:
|Full Admin access||Workspace Admin|
|Full non-Admin access||Primary Contributor|
|Data and interface restricted access||Limited Contributor, Viewer, Dashboard Viewer|
|No access||No access|
The roles of Workspace Admin, Primary Contributor, and No access are all fairly self-explanatory. The user has either admin access, full non-admin access, or no access whatsoever, respectively.
The three data and interface restricted access roles allow administrators to restrict access to data and limit access to certain Preset Features. When assigning a user to one of these roles, they will (by default) not have access to any data and you will define role based access for them.
Workspace role definitions are as follows:
|Role||Feature Access||Data Access||Role Management|
|Limited Contributor||All||Restricted by Data Access Role||No|
|Viewer||Published Charts and Dashboards||Restricted by Data Access Role||No|
|Dashboard Viewer||Published Dashboards||Restricted by Data Access Role||No|
Workspace Administrators will be able to see and edit all databases, datasets, charts and dashboards within the workspace as well as create and modify data access roles and row level security settings.
Primary Contributors have access to all functionality within the workspace, but will only be able to see published dashboards and draft dashboards where they are the owner. They will also not be able to change any data access role or row level security settings.
Data restriction (via data access roles) is possible for the following workspace roles:
This user role has access to all data within a workspace, but is subject to data restrictions as defined by a data access role. For example, a data scientist hired as a temporary employee for a project may only be able to build charts and dashboards from a specific database.
This user role only has access to visualizations (charts and dashboards) that are published, and is also subject to any defined data access role-based restrictions. For example, an external marketing agency may be given view access to published visualizations from a specified dataset.
This user role only has access to dashboards that are published, and is also subject to any defined data access role-based restrictions. For example, a potential business partner is given view access rights to a quarterly product sales dashboard used in a presentation by your company.
NOTE: Until a Data Access Role has been assigned to the three above user roles, they will not be able to view any Dashboards and/or Charts and/or Datasets.
Updating Workspace Level Roles
Workspace level roles are defined at the time a user invite is sent, but can be updated later from the Workspace Roles interface.
To change a user's role at the workspace level, first navigate to the Preset manager. From there, select the three dots on the top right hand side of the workspace you want to change the user's role in and select Edit Workspace Roles.
The workspace roles can then be changed from the Workspace Role column.
Data Level Roles
Data access begins with workspace roles, which are broadly responsible for determining whether a user has restricted access or not.
Restricted data access is then configured using data access roles, which can be used to configure either wide access coverage (e.g. all databases) or access to specific datasources.
Lastly, Preset's row level security feature enables organizations to more achieve granular data control by configuring which data access roles can query & view specific data within datasets.
For More Resources See:
Invite Others to your Team
How to manage a team, invite colleagues, manage invitations, and change user permissions.
Data Access Management
Role-based Access Control (RBAC)
Typical workflow for a Preset Administrator, grant user access to a workspace, introduction to data access roles, and how to add a row level security filter.
Data Access Roles at Preset
Introduction to workspace roles and how access can be restricted using data access roles.
Row Level Security (RLS)
Explanation of how RLS is used in tandem with Data Access Roles to exert a granular level of control over who can query and view specific data in selected datasets.
Single Sign On (SSO)
How to integrate SAML with Preset to implement single sign on to Preset for your organization.
SCIM with Okta
How to set up SCIM with the user authentication management platform, Okta.