# User Roles Overview

> User roles is one way that Sisense enforces the Principle of Least Privilege, where users are given the minimum level of access necessary to do their jobs.

*Source: https://docs.sisense.com/main/SisenseLinux/user-roles-overview.htm*

---

Last updated: June 10, 2026

|  |  |
| --- | --- |
| [Tier](https://www.sisense.com/pricing/#pricing) | [Deployment](https://docs.sisense.com/main/SisenseLinux/introduction-to-sisense-cloud-managed-services.md#ComparisonofManagedCloudandSelfHosted) |
| Launch     Grow    Enterprise | Cloud     On-Prem |

User roles is one way that Sisense enforces the Principle of Least Privilege, where users are given the minimum level
of access necessary to do their jobs. The following are the main categories of user roles:

- **Admin & Data Admin**
    
  Admins have the highest level of permissions. This role is meant for those who need to configure and
  manage your Sisense deployment.  

  **Note:**  

  Sys.Admin is a special type of Administrator who installs Sisense on your system. There's only one Sys.Admin per
  account.

  

- **Designer & Data Designer**
    
  Designer permissions are meant for those who need to create, design, edit and share dashboards. Designers
  determine whether the user with whom they share a dashboard has editing rights (is a Designer) or only viewing
  rights (Viewer).
    
  Data designer permissions are meant for those who can create and share ElastiCubes. Data Designers can
  access the Admin page where they can manage the ElastiCubes and live Connections they have access to in the Data
  Sources page. In addition, Data Designers can see servers, but cannot add new servers. Data Designers do not
  have access to User Management and System Configuration.
- **Viewer & Basic User**
    
  Viewers and Basic Users have the lowest level permissions. They can only view and explore dashboards shared with them, but
  their actions cannot affect the data in any way.

Admin and Designer roles are divided into sub-categories of users. This provides for more granular levels of
permissions. For a more detailed explanation of user roles, see [Sisense User Roles](https://docs.sisense.com/main/SisenseLinux/sisense-user-roles.md).

Sisense user roles can be customized through the Sisense REST API. For more information, see [Using the REST API](https://developer.sisense.com/guides/restApi/).

## User Role Precedence

User roles in Sisense are defined per user. However, Sisense users can also belong to a variety of groups and each
group is assigned its own user role. If the group's user role is different from that of any of the users, Sisense
needs to determine for each of those users which role takes precedence.

- Users who are created in Sisense manually are assigned their role when they are created.
    
  For example, if I manually create a user and assign that user to a Viewer role, and then add that user to
  a group in Sisense that has a Designer role, the user will still only have the permissions of a Viewer.
- Users imported into Sisense and users created automatically in any way will be assigned the role of the group
  into which the users are imported to or created in.
    
  For example, if I import several users from Active Directory into a group in Sisense and assign that group
  to a Viewer role, but then add some of those imported users to another group which has a Designer role, those
  users will still only have the permissions of a Viewer.
