Secoda Docs
Get Started
  • Getting Started with Secoda
    • Secoda as an Admin
      • Deployment options
      • Sign in options
      • Settings
      • Connect your data
        • Define Service Accounts
        • Choose which schemas to extract
      • Customize the workspace
      • Populate Questions with FAQs
      • Invite your teammates
        • Joining & Navigating between Multiple Workspaces
      • Onboard new users
        • Onboarding email templates
        • Onboarding Homepage template
        • Training session guide
      • User engagement and adoption
        • Tips & Tricks to share with new users
    • Secoda as an Editor
    • Secoda as a Viewer
      • Introduction guide
      • Requesting changes in Secoda
  • Best practices
    • Setting up your workspace
    • Integrating Secoda into existing workflows
    • Documentation best practices
    • Glossary best practices
    • Data governance
    • Data quality
    • Clean up your data
    • Tool migrations using Secoda
    • Slack <> Questions workflow
    • Defining resources workflow
    • Streamline data access: Private and public teams workflow
    • Exposing Secoda to external clients
  • Resource Management
    • Editing Properties
      • AI Description Editor
      • Bulk Editing
      • Propagation
      • Templates
    • Resource Sidesheet
    • Assigning Owners
    • Custom Properties
    • Tags
      • Custom Tags
      • PII Identifier
      • Verified Identifier
    • Import and Export Resources
    • Related Resources
  • User Management
    • Roles
    • Teams
    • Groups
  • Integrations
    • Integration Settings
    • Data Warehouses
      • BigQuery
        • BigQuery Metadata Extracted
      • Databricks
        • Databricks Metadata Extracted
      • Redshift
        • Redshift Metadata Extracted
      • Snowflake
        • Snowflake Metadata Extracted
        • Snowflake Costs
        • Snowflake Native App
      • Apache Hive
        • Apache Hive Metadata Extracted
      • Azure Synapse
        • Azure Synapse Metadata Extracted
      • MotherDuck
        • MotherDuck Metadata Extracted
      • ClickHouse
        • ClickHouse Metadata Extracted
    • Databases
      • Druid
        • Druid Metadata Extracted
      • MySQL
        • MySQL Metadata Extracted
      • Microsoft SQL Server
        • Page
        • Microsoft SQL Server Metadata Extracted
      • Oracle
        • Oracle Metadata Extracted
      • Salesforce
        • Salesforce Metadata Extracted
      • Postgres
        • Postgres Metadata Extracted
      • MongoDB
        • MongoDB Metadata Extracted
      • Azure Cosmos DB
        • Azure Cosmos DB Metadata Extracted
      • SingleStore
        • SingleStore Metadata Extracted
      • DynamoDB
        • DynamoDB Metadata Extracted
    • Data Visualization Tools
      • Amplitude
        • Amplitude Metadata Extracted
      • Looker
        • Looker Metadata Extracted
      • Looker Studio
        • Looker Studio Metadata Extracted
      • Metabase
        • Metabase Metadata Extracted
      • Mixpanel
        • Mixpanel Metadata Extracted
      • Mode
        • Mode Metadata Extracted
      • Power BI
        • Power BI Metadata Extracted
      • QuickSight
        • QuickSight Metadata Extracted
      • Retool
        • Retool Metadata Extracted
      • Redash
        • Redash Metadata Extracted
      • Sigma
        • Sigma Metadata Extracted
      • Tableau
        • Tableau Metadata Extracted
      • ThoughtSpot
        • ThoughtSpot Metadata Extracted
      • Cluvio
        • Cluvio Metadata Extracted
      • Hashboard
        • Hashboard Metadata Extracted
      • Lightdash
        • Lightdash Metadata Extracted
      • Preset
        • Preset Metadata Extracted
      • Superset
        • Superset Metadata Extracted
      • SQL Server Reporting Services
        • SQL Server Reporting Services Metadata Extracted
      • Hex
        • Hex Metadata Extracted
      • Omni
        • Omni Metadata Extracted
    • Data Pipeline Tools
      • Census
        • Census Metadata Extracted
      • Stitch
        • Stitch Metadata Extracted
      • Airflow
        • Airflow Metadata Extracted
      • Dagster
        • Dagster Metadata Extracted
      • Fivetran
        • Fivetran Metadata Extracted
      • Glue
        • Glue Metadata Extracted
      • Hightouch
        • Hightouch Metadata Extracted
      • Apache Kafka
        • Apache Kafka Metadata Extracted
      • Confluent Cloud
        • Confluent Cloud Metadata Extracted
      • Polytomic
        • Polytomic Metadata Extracted
      • Matillion
        • Matillion Metadata Extracted
      • Airbyte
        • Airbyte Extracted Metadata
      • Informatica
        • Informatica Metadata Extracted
      • Azure Data Factory
        • Azure Data Factory Metadata Extracted
    • Data Transformation Tools
      • dbt
        • dbt Cloud
          • dbt Cloud Metadata Extracted
        • dbt Core
          • dbt Core Metadata Extracted
      • Coalesce
        • Coalesce Metadata Extracted
    • Data Quality Tools
      • Cyera
      • Dataplex
        • Dataplex Metadata Extracted
      • Great Expectations
        • Great Expectations Metadata Extracted
      • Monte Carlo
        • Monte Carlo Metadata Extracted
      • Soda
        • Soda Metadata Extracted
    • Data Lakes
      • Google Cloud Storage
        • GCS Metadata Extracted
      • AWS S3
        • S3 Metadata Extracted
    • Query Engines
      • Trino
        • Trino Metadata Extracted
    • Custom Integrations
      • File Upload
        • CSV File Format
        • JSONL File Format
        • Maintain your Resources
      • Marketplace
        • Secoda SDK
        • Upload and Connect your Marketplace Integration
        • Publish the Integration
        • Example Integrations
      • Secoda Fields Explained
    • Security
      • Connecting via Reverse SSH Tunnel
      • Connecting via SSH Tunnel
      • Connecting via VPC Peering
      • Connecting via AWS Cross Account Role
      • Connecting via AWS PrivateLink
        • Snowflake via AWS PrivateLink
        • AWS Service via AWS PrivateLink
      • Recommendations to Improve SSH Tunnel Concurrency on SSH Bastion
    • Push Metadata to Source
  • Extensions
    • Chrome
    • Confluence
      • Confluence Metadata Extracted
      • Confluence best practices
    • Git
    • GitHub
    • Jira
      • Jira Metadata Extracted
    • Linear
    • Microsoft Teams
    • PagerDuty
    • Slack
      • Slack user guide
  • Features
    • Access Requests
    • Activity Log
    • Analytics
    • Announcements
    • Audit Log
    • Automations
      • Automations Use Cases
    • Archive
    • Bookmarks
    • Catalog
    • Collections
    • Column Profiling
    • Data Previews
    • Data Quality Score
    • Documents
      • Comments
      • Embeddings
    • Filters
    • Glossary
    • Homepage
    • Inbox
    • Lineage
      • Manual Lineage
    • Metrics
    • Monitors
      • Monitoring Use Cases
    • Notifications
    • Policies
    • Popularity
    • Publishing
    • Queries
      • Query Blocks
        • Chart Blocks
      • Extracted Queries
    • Questions
    • Search
    • Secoda AI
      • Secoda AI User Guide
      • Secoda AI Use Cases
      • Secoda AI Security FAQs
      • Secoda MCP Server
    • Sharing
    • Views
  • Enterprise
    • SAML
      • Okta SAML
      • OneLogin SAML
      • Microsoft Azure AD SAML
      • Google SAML
      • SCIM
      • SAML Attributes
    • Self-Hosted
      • Additional Resources
        • Additional Environment Variables
          • PowerBI OAuth Application (on-premise)
          • Google OAuth Application (on-premise)
          • Github Application (on-premise)
          • OpenAI API Key Creation (on-premise)
          • AWS Bucket with Access Keys (on-premise)
        • TLS/SSL (Docker compose)
        • Automatic Updates (Docker compose)
        • Backups (Docker compose)
        • Outbound Connections
      • Self-Hosted Changelog
    • SIEM
      • Google Chronicle
  • API
    • Get Started
    • Authentication
    • Example Workflows
    • API Reference
      • Getting Started
      • Helpful Information
      • Audit Logs
      • Charts
      • Collections
      • Columns
      • Custom Properties
      • Dashboards
      • Databases
      • Documents
      • Events
      • Groups
      • Integrations
      • Lineage
      • Monitors
      • Resources
      • Schemas
      • Tables
      • Tags
      • Teams
      • Users
      • Questions
      • Queries
      • Getting Started
      • Helpful Information
      • Audit Logs
      • Charts
      • Collections
      • Columns
      • Custom Properties
      • Dashboards
      • Databases
      • Documents
      • Events
      • Groups
      • Integrations
      • Lineage
      • Monitors
      • Resources
      • Schemas
      • Tables
      • Tags
      • Teams
      • Users
      • Questions
      • Queries
  • FAQ
  • Policies
    • Terms of Use
    • Secoda AI Terms
    • Master Subscription Agreement
    • Privacy Policy
    • Security Policy
    • Accessibility Statement
    • Data Processing Agreement
    • Subprocessors
    • Service Level Agreement
    • Bug Bounty Program
  • System Status
  • Changelog
Powered by GitBook
On this page
  • Introduction​
  • What is a Custom Role?​
  • Understanding Custom Roles
  • Creating a Custom Role
  • Best Practices
  • Permissions

Was this helpful?

  1. User Management

Roles

Last updated 1 month ago

Was this helpful?

Introduction

Secoda provides the ability to declare fine-grained access controls through Custom Roles. Some examples of roles that can be created are:

  • Table Owners should be allowed to edit documentation, but not Tags.

  • Jenny, our Data Steward, should be allowed to edit Tags for any Dashboard, but no other metadata.

  • John, a Data Analyst, should be allowed to edit the Related Resources for a specific Data Pipeline he is a downstream consumer of.

  • The Data Platform team should be allowed to manage users and groups, view platform analytics, and manage roles.

Custom Roles are current in Early Access. To get early access please fill out the form .

What is a Custom Role?

Custom roles allow workspace administrators to create tailored permission sets that go beyond Secoda's default roles (Admin, Editor, Viewer, and Guest). With custom roles, you can define precise access levels for different teams and use cases within your organization.

Understanding Custom Roles

Custom roles provide granular control over:

  • Resource access (tables, dashboards, documents, etc.)

  • Feature permissions (API access, monitoring, automation, etc.)

  • Administrative capabilities

Unlike default roles which have predefined permission sets, custom roles let you:

  • Choose specific permissions for each feature

  • Set different access levels for different resource types

  • Create role-based access control (RBAC) that matches your organization's needs

Creating a Custom Role

To create a custom role:

  1. Navigate to Settings > Members and permissions

  2. Click on the "Roles" tab

  3. Select "Create Role"

  4. Provide:

    • Role name

    • Description

    • Select permissions for each feature category

Permission Categories

Custom roles can be configured with permissions across several categories:

  • User Management

    • Users: Create, update, read, or delete users

    • Groups: Manage group memberships and settings

    • Roles: Create and modify roles

  • Resource Management

    • Read: View resources and their metadata

    • Write: Edit resources and their properties

    • Manage: Full control including deletion. This includes management of properties including description, owner, tags, verified, etc.

  • Settings

    • Workspace: Configure general workspace settings

    • Security: Manage SAML and security settings

    • API Keys: Generate and manage API access

    • Properties: Configure custom properties

    • Billing: Access billing and subscription settings

    • Import/Export: Manage data imports and exports

    • Appearance: Customize workspace appearance

  • Features

    • AI Assistant: Configure and use Secoda AI

    • Quality Score: Manage data quality metrics

    • Questions: Create and manage Q&A

    • Automations: Set up automated workflows

    • Monitors: Configure data monitoring

    • Views: Create and manage custom views

    • Analytics: Access usage analytics

    • Queries: View and manage queries

    • Lineage: View and edit data lineage

    • Tags: Create and manage resource tags

    • Collections: Organize resources in collections

Best Practices

  1. Principle of Least Privilege: Grant only the permissions necessary for each role

  2. Document Role Purposes: Add clear descriptions to explain each role's intended use

  3. Regular Review: Periodically audit custom roles to ensure they align with current needs

Permissions

Out of the box, Secoda is deployed with a set of default Roles. The set of default roles are Viewers, Editors, and Admins.

Manage is all permissions (Create, Update, Delete, and View)

User Management

Name
Admin
Editor
Viewer

Groups

Manage

View

View

Roles

Manage

View

View

Teams

Manage

View

View

Users

Manage

View

View

Resource Management

Name
Admin
Editor
Viewer

Resources

Manage

Create, Update

View

Settings

Name
Admin
Editor
Viewer

API keys

Manage

Create, Update

View

Billing

Manage

None

None

Import and export

Manage

None

None

Workspace

Manage

View

View

Features

Name
Admin
Editor
Viewer

Analytics

Manage

View

None

Announcements

Manage

Manage

View

Automations

Manage

View

None

Column profile

Manage

Manage

View

Data quality score

Manage

Create, Update

View

Integrations

Manage

View

View

Lineage

Manage

Create, Update

View

Monitors

Manage

Create, Update

View

Policies

Manage

Manage

View

Preview

View

View

View

Properties

Manage

Manage

View

Secoda AI

Manage

View

View

Questions

Manage

Create, Update

Create, View

Queries

Manage

Create, Update

View

Tags

Manage

Create, Update

View

Views

Manage

Create, Update

View

​
here
​