> ## Documentation Index
> Fetch the complete documentation index at: https://docs.cube.dev/llms.txt
> Use this file to discover all available pages before exploring further.

# Roles & Permissions

> _Understanding user roles and permissions in Cube._

Cube has four built-in default roles: Admin, Developer, Explorer, and Viewer. Each role has specific permissions and access levels designed to support different responsibilities within the platform.

The Enterprise tier allows creation of custom roles with a customized set of permissions tailored to your organization's specific needs.

## Permissions matrix

| Permission                                    | Admin | Developer | Explorer | Viewer |
| --------------------------------------------- | :---: | :-------: | :------: | :----: |
| Manage users and account settings             |   ✅   |     ❌     |     ❌    |    ❌   |
| Manage deployments and their settings         |   ✅   |     ✅     |     ❌    |    ❌   |
| Edit semantic model                           |   ✅   |     ✅     |     ❌    |    ❌   |
| Execute SQL queries against data sources      |   ✅   |     ✅     |     ❌    |    ❌   |
| Explore and query semantic models             |   ✅   |     ✅     |     ✅    |    ❌   |
| Create and edit workbooks                     |   ✅   |     ✅     |     ✅    |    ❌   |
| View published dashboards                     |   ✅   |     ✅     |     ✅    |    ✅   |
| Export data from dashboards (CSV, PDF, PNG)   |   ✅   |     ✅     |     ✅    |    ✅   |
| Access Analytics Chat                         |   ✅   |     ✅     |     ✅    |    ✅   |
| Query from external tools (Tableau, Power BI) |   ✅   |     ✅     |     ✅    |    ✅   |

<Info>
  Admin roles are billed at the developer rate.
</Info>

## Agent Permissions

Agents are connected to Semantic Model Deployments and inherit the permission level of the user they are operating under.

Each agent can be configured to use the *Restrict Views* feature which allows to select the views that are visible to the agent.
This feature should not be used as a security measure. Configure [access policies][ref-data-access-policies] instead.

## Typical Usage Scenarios

* Viewers: Business users who consume published dashboards, use Analytics Chat, and query data through external tools like Tableau or Power BI
* Explorers: Typically data consumers and analysts
* Developers: Usually data stewards and data engineers
* Admins: Typically assigned to data engineers managing the entire Cube instance (billed at the developer rate with additional privileges)

[ref-data-access-policies]: /docs/data-modeling/data-access-policies