# Sisense Service Permissions

> Sisense services run only as part of the Sisense user and will not use Root user permissions.

*Source: https://docs.sisense.com/main/SisenseLinux/sisense-service-permissions.htm*

---

Last updated: June 10, 2026

|  |  |
| --- | --- |
| [Tier](https://www.sisense.com/pricing/#pricing) | [Deployment](https://docs.sisense.com/main/SisenseLinux/introduction-to-sisense-cloud-managed-services.md#ComparisonofManagedCloudandSelfHosted) |
| Enterprise | Cloud     On-Prem |

Sisense services run only as part of the Sisense user and will not use Root
user permissions. The Sisense application is installed as a Kubernetes namespace with about 30 microservices.
The services run as the Sisense User - ID - 1000.

For deploying Sisense on a 3rd party cloud provider's Kubernetes (EKS / AKS / GKE / OpenShift), Sisense requires a
Sudo to Root on the bastion machine during the installation.

During the installation, Sisense requires an Administrator role on the cluster. After the installation, the user's
role can be reduced.

If you cannot provide Sudo permissions for the installation, there is a workaround to install Sisense with a Root
user:

1. Log in or switch to the Root user:

   `sudo su -`
2. Enable SSH access:

   `ssh-keygen`  
   `cd /root/.ssh`  
   `cat id_rsa.pub >> authorized_keys`  
   Optional: You can back up the keys as follows:
     
   `authorized_keys`  
   `cp authorized_keys`  
   `authorized_keys.back`
3. Download or unpack the Sisense Linux installation archive:

   `wget sisense_linux_latest.tar.gz`  
   `tar zxf sisense_linux_latest.tar.gz`
4. Modify the installation by removing the comments out of the user validation:

   `vi sisense.sh`  
   `#validate_user_and_permission`
5. Configure your installation file:

   `vi single_config.yaml]`
6. Modify the following values:

   `k8s_nodes:- { node: node1, internal_ip: 0.0.0.0, external_ip: 0.0.0.0 }  
    linux_user = root  
    ssh_key = "/root/.ssh/id_rsa"`

   Instead of node1, enter your hostname. Replace the value of internal ip with your host' private IP and
   external ip with your host public IP , even if they are both the same.
7. Run the installation.

   `./sisense.sh single_config.yaml`
8. Disable SSH access:

   `mv authorized_keys authorized_keys_remove`  
   **Optional**: You can restore the authorized keys if you backed them up.

## Monitoring

Monitoring and logging use optional infrastructure components such as Grafana, Prometheus, FluentD, and Metric bit.
Some of them require the Root user, but they are optional and can be turned off if necessary.
