Overview of Sisense User Roles

User roles is one way that Sisense enforces the Principle of Least Privilege, where users are given the minimum level of access necessary to do their jobs. In Sisense , there are three main categories of user roles:

  • Admin

    Admins have the highest level of permissions. This role is meant for those who need to configure and manage your Sisense deployment.

    Note:

    Sys.Admin is a special type of Administrator who installs Sisense on your system. There's only one Sys.Admin per account.

  • Designer

    Designer permissions are meant for those who need to create and share ElastiCubes and dashboards, but don't need access to Sisense configuration and management.

  • Viewer

    Viewers have the lowest level permissions. They can only view and explore dashboards shared with them, but their actions can't affect the data in any way.

Admin and Designer roles are further divided into sub-categories of users. This provides for more granular levels of permissions. For a more detailed explanation of user roles see Sisense User Roles.

Sisense user roles can be customized through the Sisense REST API. For more information, see Customizing User Roles.

User Role Precedence

User roles in Sisense are defined per user. However, Sisense users can also belong to a variety of groups and each group is assigned its own user role. If the group’s user role is different from that of any of the users, Sisense needs to determine for each of those users which role takes precedence.

  • Users who are created in Sisense manually are assigned their role when they are created.

    For example, if I manually create a user and assign that user to a Viewer role, and then add that user to a group in Sisense that has a Designer role, the user will still only have the permissions of a Viewer.

  • Users imported into Sisense and users created automatically in any way will be assigned the role of the group into which the users are imported to or created in.

    For example, if I import several users from Active Directory into a group in Sisense and assign that group to a Viewer role, but then add some of those imported users to another group which has a Designer role, those users will still only have the permissions of a Viewer.

.r.