Docs
Project Users and Permissions
Managing Users and Roles

Managing Users and Roles

You can invite members to your project in Hashboard to allow them to query and explore data. You can use roles to limit the actions a user can take - it probably makes sense to start people with lower levels of permissions across the board and increase as you realize they need more advanced permissions.

All users in your project will be able to view data in your project, but only owners can add additional members and only editors can change data models.

It's a best practice to only allow analysts and analytically-inclined members of your team to edit data models. See Data Modeling Best Practices

Add a user

Direct link to your Hashboard user list (opens in a new tab)

  1. Go to the People (opens in a new tab) page using the link in the project dropdown.

  2. Click Users.

  3. Click + Add User.

  4. Fill out the form and click the submit button: Add User

    • Email: Email to send the invite to. Projects can be setup to only allow email addresses on your domain (eg. only emails ending in @yourcompany.com).
    • Full Name: User's display name. They can change this themselves at any time.
    • Role: The user's role (see below).

  5. The invited user will receive an email with an invite link. The user can then either create a username and password or use Google authentication to login.

Default roles

Hashboard allows you to select one or more roles as "Default roles" for your project. These roles are automatically selected when you add new users to your project.

You can change the default roles for your project by going to the People from the left sidebar and clicking on the Roles sections. Below the Roles section there is a Default Roles section where you can select the default roles for your project. You must have at least one default role selected at any given time, so to swap default roles, add a second role then remove the first role.

Deleting default roles— You cannot delete a role if it is selected as a default role.

System provided roles

There are four roles in Hashboard with increasing levels of permissions. When adding a new user, our system-provided default role is Editor.

RoleDescription
OwnerOwners can manage members in a project.
EditorEditors can manage data models and data connections, both creating and editing existing data models & data connections.
Collaborator PlusCollaborators Plus users can create and edit data models inside a project draft and run raw SQL queries.
CollaboratorCollaborators can explore data and create and edit saved explorations, dashboards, and metrics.
ViewerViewers can explore data via dashboards, saved views, and data models.

What permission do I need to Download underlying data?— Users need a role with the READ_RAW_DATA permission to download underlying data. All of Hashboard's system provided roles have this permission by default so to restrict the downloading of underlying data for a subset of users you would need to remove the READ_RAW_DATA permission from one of system provided roles, or create a new role that does not have the READ_RAW_DATA permission.


Configuring roles

Hashboard uses role based access control to allow users to do specific actions within Hashboard. You can assign system provided roles, configure data access and limit which actions specific users can take inside of Hashboard.

⚠️

Limitations— Roles are limited today in Hashboard to two main functions:

  1. Governing which actions can be taken such as creating saved explorations and editing dashboards.
  2. Governing access to data models. If you do not have access to read data from a data model, then saved explorations for that data model will not work.

Today, it is not possible to remove access from a specific saved exploration independently from a data model.

Adding new roles

  1. Navigate to the People page using the link on the left sidebar.
  2. Click Roles.
  3. Click the + New Role button.
  4. Fill out the form and click the submit button: Create Role
    • Name: The name of the role.
    • Description: A description of the role.
  5. Your new role should appear in the list of roles. Click the Edit button to edit the role.
  6. Your new role will initially have no permissions rules. Click the + button to add a new permission rule. Name your permission rule with a descriptive name.

    What are permission rules?— Permission rules are a set of permissions that all operate on a common resource or resources. For example, you can create a permission rule that allows users with the role to read all dashboards in a project. You can also create a separate permission rule that allows users with the role to read only a specific data model.


  7. Select resources that the rule will apply to with the Data Access section. Click the Add button to select from a list of all data models as well as a wildcard that targets any data model. Alternatively you can click the Add all button to add all models to the rule and the selectively remove models.
  8. If you want the role to access data using a specific set of credentials, you can add role-based database credentials to the rule. These are optional and when omitted, the users of the role will use the default credentials for the data connection.
  9. Select permissions that the rule will apply to with the Permissions section. Click the Add button to select from a list of all permissions. Alternatively you can click the Add all button to add all permissions to the rule and the selectively remove permissions. You can also easily start from the system defined roles by clicking one of additional buttons in the Permissions section.
  10. Select permissions that the will apply when the user is inside a project draft with the Draft Permissions section.

    What are draft permissions?— Draft permissions are permissions granted when inside a project draft. These permissions are additive to the permissions a role has when not inside a project draft. A common use-case is for draft permissions is to grant users of a specific role the ability to create and update data models inside a project draft, but not when outside of a draft.


  11. Once you are done configuring a permission rule, you can either add more permission rules or click the Save button to save the role.
  12. After you save, the role is now available to assign to users.

Modifying roles

  1. Navigate to the People page using the link on the left sidebar.
  2. Click Roles.
  3. Click the Edit button for the role you want to modify.
  4. You can edit the role name and description in the main role page.
  5. To change the permissions associated with the role, select one of the permission rules from the Permission Rules section.
  6. In the permission rule editor, you can update the resources and permissions associated with the rule. You can also add role-based database credentials to a permission rule from here.
  7. When you are done updating the role, click the Save button to save the changes.

Deleting roles

Aside from roles selected as default roles, you can delete roles at any time.

🚫

When you delete a role, users with the deleted role will immediately lose that role and any permissions associated with it.

There is not way to restore a deleted role within Hashboard, but if you accidentally delete a role and need to restore it, contact us at support@hashboard.com and our support team can restore it for you.

Permissions OverviewPermissions Reference