User groups and more flexible permissions

User groups

User groups allow setting parameters for multiple users at once. Define groups with specific parameters and assign users to them. This way, you can manage permissions for teams or departments without configuring each user individually. User groups can be configured by account admins under settings.

Model-level permissions

Model-level permissions control who can see and query a data model. Hide entire models from users based on their parameters like properties given via user groups or their email.

Define an access block on the model and combine conditions with AND/OR logic to match departments, regions, specific emails, or anything else on the user.

models:
  salaries:
    name: Salaries
 
    table: hr.salaries
 
    access:
      user_parameters:
        department: hr
        data_level: sensitive
 
    properties:
      employee_id:
        name: Employee ID
        type: String
      salary:
        name: Salary
        type: Number

Row-level permissions

You can now also use custom user parameters in addition to the user's email to filter rows within a model.

Row-level permissions filter which rows a user can access within a model, using {{user_parameters.<key>}} placeholders injected into SQL at query time. Reference the placeholder in the model's sql and each user sees only the rows matching their own parameters.

models:
  orders:
    name: Orders
 
    sql: |-
      SELECT * FROM orders
      WHERE region IN ({{user_parameters.region}})
 
    properties:
      order_id:
        name: Order ID
        type: String
      region:
        name: Region
        type: String

Read more in the documentation.