Skip to main content
Cube D3 implements a role-based access control system with three main user roles: Admin, Developer, and User. Each role has specific permissions and access levels designed to support different responsibilities within the platform.

Deployment Structure

  • Database connections are managed through Semantic Model Deployments
  • Multiple Semantic Model Deployments can exist under one account
  • Roles can be either global (across all deployments) or deployment-specific
  • Admin role is always global

Role Permissions

Admin Role

  • Has highest level of privileges
  • Can manage semantic models
  • Can manage other users
  • Has access to admin section
  • Full query capabilities

Developer Role

  • Can create and edit semantic models
  • Can execute SQL queries against data sources
  • Can create and edit workbooks
  • Can create and edit data apps
  • No access to admin settings

User Role

  • Can query semantic models
  • Can create and edit workbooks
  • Can create and edit data apps
  • Can execute Semantic SQL queries
  • Cannot make changes to semantic models
  • Cannot query source data directly

Future Implementation

A Viewer role is planned for future implementation with the following capabilities:
  • Use Analytics Chat with ability to query Semantic Views and existing reports
  • View (read-only) access to shared data apps

Agent Permissions

Agents are connected to Semantic Model Deployments and inherit the permission level of the user they are operating under.

Typical Usage Scenarios

  • Users: Typically data consumers and analysts
  • Developers: Usually data stewards and data engineers
  • Admin: Typically assigned to data engineers managing the entire Cube D3 instance
I