Permissions
Permissions
AI for Database uses role-based access control (RBAC) to manage who can do what within your organization.
Built-in Roles
Owner -- Full access to everything. Can manage billing, delete the organization, and assign roles. Only one owner per organization.
Admin -- Can manage connections, invite team members, configure integrations, and view audit logs. Cannot delete the organization or change billing.
Editor -- Can create and edit queries, dashboards, workflows, and alerts. Cannot manage connections or team settings.
Viewer -- Can view dashboards and run existing saved queries. Cannot create new queries, modify dashboards, or access connection settings.
Role Permissions Matrix
| Permission | Owner | Admin | Editor | Viewer |
|---|---|---|---|---|
| Manage billing | Yes | No | No | No |
| Manage connections | Yes | Yes | No | No |
| Invite team members | Yes | Yes | No | No |
| View audit logs | Yes | Yes | No | No |
| Create queries | Yes | Yes | Yes | No |
| Create dashboards | Yes | Yes | Yes | No |
| Create workflows | Yes | Yes | Yes | No |
| View dashboards | Yes | Yes | Yes | Yes |
| Run saved queries | Yes | Yes | Yes | Yes |
Custom Roles (Enterprise)
Enterprise plans support custom roles with fine-grained permissions. Create roles that match your organization's structure:
- Data Analyst -- can query and build dashboards but not create workflows
- Ops Manager -- can create workflows and alerts but not modify connections
- Executive -- can view dashboards and receive reports only
Custom roles are configured in Settings > Roles & Permissions.
SSO and Provisioning
Enterprise plans support SSO via SAML 2.0 and SCIM provisioning. When a user signs in through your identity provider, they are automatically assigned a default role that you configure. Roles can also be mapped from IdP groups.