Roles & Permissions

Understanding user roles and permissions in Cube.

Cube has three built-in default roles: Admin, Developer, and Explorer. Each role has specific permissions and access levels designed to support different responsibilities within the platform.

The Enterprise tier allows creation of custom roles with a customized set of permissions tailored to your organization's specific needs.

Default Roles

Admin Role

• Has highest level of privileges
• Can manage semantic models
• Can manage other users
• Has access to admin section
• Full query capabilities

Developer Role

• Can create and edit semantic models
• Can execute SQL queries against data sources
• Can create and edit workbooks
• Can create and edit data apps
• No access to admin settings

Explorer Role

• Can query semantic models
• Can create and edit workbooks
• Can create and edit data apps
• Can execute Semantic SQL queries
• Cannot make changes to semantic models
• Cannot query source data directly

Future Implementation

A Viewer role is planned for future implementation with the following capabilities:

• Use Analytics Chat with ability to query Semantic Views and existing reports
• View (read-only) access to shared data apps

Agent Permissions

Agents are connected to Semantic Model Deployments and inherit the permission level of the user they are operating under.

Each agent can be configured to use the Restrict Views feature which allows to select the views that are visible to the agent. This feature should not be used as a security measure. Configure data access policies instead.

Typical Usage Scenarios

• Explorers: Typically data consumers and analysts
• Developers: Usually data stewards and data engineers
• Admins: Typically assigned to data engineers managing the entire Cube instance (billed at the developer rate with additional privileges)