Skip to main content

User roles and permissions in Zenlytic

Understand what each Zenlytic role can do, including who can use Zoë, Explore, dashboards, downloads, workspace settings, and Context Manager.

User roles and permissions in Zenlytic

Zenlytic roles control what a user can see and do in a workspace. A role is a set of permissions, such as viewing dashboards, chatting with Zoë, downloading data, editing the semantic layer, or managing workspace settings.

If a user cannot see a feature, open a tool, download results, or edit the data model, their role is the first thing to check.

Roles with data model edit access

These roles can edit the data model and can access Context Manager when Context Manager is enabled for the workspace:

  • Organization Admin

  • Admin

  • Developer

  • Developer without Deploy

These roles include data_model_edit.

Developer without Deploy can edit the data model, but cannot deploy changes to production unless they also have deploy permission through another role or workspace configuration.

Roles without data model edit access

These roles cannot edit the data model and cannot access Context Manager from chat:

  • Explore

  • View

  • Embed

  • Embed with Scheduling

  • Embed with SQL

  • Restricted

These roles do not include data_model_edit.

Common roles

Organization Admin

Organization Admin users have the broadest access. They can manage workspace settings, users, permissions, data model editing, deployment, content, downloads, workflows, and other admin actions.

Admin

Admin users have broad workspace access, including workspace settings, data model editing, deployment, content management, downloads, workflows, and user-related actions.

Developer

Developer users can work with the data model and deploy changes. They can also use Zoë, Explore, dashboards, downloads, SQL visibility, workflows, and content management features. They do not have the same workspace settings access as Admin users.

Developer without Deploy

Developer without Deploy users can edit the data model, but cannot deploy data model changes to production. This role is useful when someone should help build or modify the semantic layer, but should not control production deployment.

Explore

Explore is the standard role for users who need to ask questions, use Zoë, explore results, view dashboards, save or schedule content, and download data based on their permissions.

Explore users do not have data model edit access. They cannot use Context Manager from chat.

View

View users can view content and use limited analysis features, but have fewer download and exploration permissions than Explore users.

Restricted

Restricted users have very limited access. They can view content they are allowed to see, but cannot use Zoë or follow up with new questions.

Embed roles

Embed roles are used for embedded experiences. They are usually assigned automatically and may not appear as standard roles in the user interface.

Embed roles do not include data model edit access and cannot use Context Manager from chat.

Permission glossary

  • chat: Lets the user chat with Zoë.

  • view_content: Lets the user view dashboards and other shared content.

  • save_content: Lets the user save query results or modify saved content where allowed.

  • schedule_content: Lets the user schedule content for delivery.

  • explore_from_here: Lets the user continue analysis from an existing result or dashboard.

  • see_sql: Lets the user see SQL behind a result.

  • run_sql: Lets the user run SQL against the warehouse. This can grant broad data access, so it should be assigned carefully.

  • download_with_limit: Lets the user download limited result sets.

  • download_without_limit: Lets the user download larger result sets, up to the workspace limit.

  • data_model_edit: Lets the user edit the data model and use Context Manager when enabled.

  • deploy_to_production: Lets the user deploy data model changes to production.

  • change_branch: Lets the user change the branch the workspace is using.

  • edit_settings: Lets the user edit workspace settings.

  • workspace_management: Lets the user manage workspace-level configuration and users where applicable.

If a user cannot access something

Check these in order:

  1. Confirm the user is in the correct workspace.

  2. Confirm the user has the correct role.

  3. Confirm the workspace feature is enabled.

  4. Confirm any dashboard, group, or data access rules allow the user to see the content.

  5. If the issue still looks wrong, contact support with the user email, workspace name, role, and the feature they expected to access.

Related Articles
Workspace groups, dashboard access, and data permissions
Data access issues, permissions, and user attributes
Git and data model deployment troubleshooting
Overview of the Zenlytic Workspace
Who can access Context Manager from chat?
Did this answer your question?