User Roles Overview
User roles is one way that Sisense enforces the Principle of Least Privilege, where users are given the minimum level of access necessary to do their jobs. In Sisense, there are three main categories of user roles:
Admins have the highest level of permissions. This role is meant for those who need to configure and manage your Sisense deployment.Note:
Sys.Admin is a special type of Administrator who installs Sisense on your system. There's only one Sys.Admin per account.
Designer permissions are meant for those who need to create, design, edit and share dashboards. Designers determine whether the user with whom they share a dashboard has editing rights (is a Designer) or only viewing rights (Viewer).
- Data Designer
Data designer permissions are meant for those who can create and share ElastiCubes. Data Designers can access the Admin page where they can manage the ElastiCubes and live Connections they have access to in the Data Sources page. In addition, Data Designers can see servers, but cannot add new servers. Data Designers do not have access to User Management and System Configuration.
Viewers have the lowest level permissions. They can only view and explore dashboards shared with them, but their actions cannot affect the data in any way.
Admin and Designer roles are further divided into sub-categories of users. This provides for more granular levels of permissions. For a more detailed explanation of user roles, see Sisense User Roles.
Sisense user roles can be customized through the Sisense REST API. For more information, see Using the REST API.
User Role Precedence
User roles in Sisense are defined per user. However, Sisense users can also belong to a variety of groups and each group is assigned its own user role. If the group's user role is different from that of any of the users, Sisense needs to determine for each of those users which role takes precedence.
- Users who are created in Sisense manually are assigned their role when they are created.
For example, if I manually create a user and assign that user to a Viewer role, and then add that user to a group in Sisense that has a Designer role, the user will still only have the permissions of a Viewer.
- Users imported into Sisense and users created automatically in any way will be assigned the role of the group
into which the users are imported to or created in.
For example, if I import several users from Active Directory into a group in Sisense and assign that group to a Viewer role, but then add some of those imported users to another group which has a Designer role, those users will still only have the permissions of a Viewer.