Privileges and Roles
System privileges determine the workflows and actions that users can perform within the ThoughtSpot application context.
Privileges๐
ThoughtSpot allows you to define several types of privileges:
-
Role-specific privileges for administrators, developers, and other user personas.
-
Data-related privileges to allow or prevent access to upload, download, or manage data.
-
Workflow-specific privileges to enable or disable access to features such as SpotIQ analysis, scheduling Liveboards, or the experimental features available for evaluation and early adoption.
For more information about privileges, see Understand groups and privileges.
Roles๐
In ThoughtSpot 9.8.0.cl and later versions, privileges can be assigned via Roles and assigned to groups if Role-Based Access Control (RBAC) is enabled. The RBAC feature is in beta and turned off by default on ThoughtSpot instances. To enable this feature on your instance, contact ThoughtSpot Support.
If RBAC is not enabled, administrators can configure privileges and assign it directly to groups.
User and group shareability๐
Shareable is a property of a user or group object which controls visibility of users and groups in the Share dialog. If a userโs visibility and the group that they belong to is Shareable and the user initiating the share action also belongs to the same group, the userโs email address will be displayed in the Share dialog.
Users with administration or Can share with all users (SHAREWITHALL) privilege will see all users and groups in the Share dialog.
Granular control of menu actions within browser๐
If you are using Visual Embed SDK to embed ThoughtSpot objects and you want to restrict user access to certain menu actions, you can use the visibleActions, disabledActions or hiddenActions attributes. For more information, see Show or hide UI actions.