Managing user groups¶
User groups are simply containers of a group of users and security policies. The policies in the group are attached to the users. If you remove a user from a group, the access rules of the associated policies will be removed immediately.
System defined groups¶
Your account comes with a number of system-defined groups. You can and remove members to these groups with the exception of the everyone-group which everyone is a member of. At least one user must be a member of the administrators group.
The following system groups are available:
|Administrators||The user is an administrator at the organizational level and can invite new users, promote users to owner status, manage and delete users as well as create and delete workspaces. Only assign ownership status to those that are trusted to see all data associated with the organization.|
|Everyone||Every user is a member of this group and it provides basic access to the organization and accounts. It does not grant permissions to read any data or reports.|
|Power Users||Access all accounts and read and write reports and data.|
|Database Managers||Permissions to upload, manage and delete databases of existing datasets. Can not change schemas.|
|Report Builders||The ability to create, edit and delete reports.|
|Dataset Designers||Create, design, modify and delete datasets and schemas. Users with this policy can also upload, manage and delete databases.|
|Report Consumer||Read-only access to all reports and data in the account.|
Two of the built-in groups have special rules:
- Every user is automatically a member of the everyone group. You cannot remove users from this group.
- At least one user must be a member of the administrators group. The system does this to make sure that the account isn’t left without at least one user that has full control of the account. If you would like to remove the last user from the administrators group, first add someone else before you remove the user.
You cannot delete system-defined groups.
Finding a user’s group membership and policies¶
To see the group membership of a user, navigate to the user by clicking to the administration menu in the top right corner menu in the user interface and select users and click on the user you would like to inspect.
The user page shows the user’s group membership as well as any security policies attached through the user’s group membership.
Managing group membership¶
To see or adjust the members of a group, navigate to the group by clicking to the administration menu in the top right corner menu in the user interface and select groups and click on the group you would like to manage.
The group screen shows a list of the users that are members of the group as well as a list of security policies attached to the group.
Delete users and policies by hovering over them and selecting the trashcan icon.
Add users and policies by searching for them in the search bar and selecting them.
Creating a custom security group¶
To create a new group, navigate to the group by clicking to the administration menu in the top right corner menu in the user interface and select groups and click New Group. Follow the prompts and click ok.
You’ll need an enterprise subscription to create custom security groups.
Deleting a security group¶
To delete a group, navigate to the group by clicking to the administration menu in the top right corner menu in the user interface and select groups and click on the group you would like to delete.
You’ll need to remove all members of the group before you can delete it. Delete users by hovering over them and selecting the trashcan icon.