Role is a collection of privileges that determines users' access to ThoughtSpot objects and workflows. Roles can be high-level, like Super Admin, or specific based on your organization’s structure and requirements.
When the RBAC feature is enabled on your instance, administrators can grant granular privileges and thus implement fine-grained access control to ThoughtSpot features, objects, and metadata.
For example, on ThoughtSpot instances with no RBAC, members of the groups with administration privileges can view and administer users, groups, and roles. With RBAC, you can assign granular privileges and restrict application-wide access only to super admin users.
|ThoughtSpot privilege (without RBAC)||ThoughtSpot RBAC Roles|
Can administer ThoughtSpot
This privilege grants administration permissions to manage users and groups on instances that do not have the RBAC feature enabled.
RBAC allows multiple roles with granular privileges for administration control:
User administrator role with Can manage Users privilege
Group administrator role with Can manage Groups privilege
Role administrator role with Can manage Roles privilege
Org administrator role with Can manage Orgs privilege
Authentication administrator role with Can manage Authentication* privilege
Application administration role with Can manage Application settings* privilege