Understanding privileges

If you are trying to do something in ThoughtSpot, and cannot access the screens to accomplish it, you may not have the correct privileges. In this case, you should contact your administrator and explain what you want to accomplish. Your administrator may be able to grant you additional privileges.

Permissions to see and edit Answers and Liveboards are not affected by privileges. They are given when these items are shared with you.

Here are the privileges that the administrator sets, and the capabilities they enable:

Can administer ThoughtSpot

Can manage users and groups and has view and edit access to all data. Users with this privilege can also download a saved Answer.

Can administer Org

This privilege is only available if your organization is using multi-tenancy with Orgs. Can manage users and groups and has view and edit access to all data. Users with this privilege can also download a saved Answer. If a user has this privilege in the Primary Org, they are also a cluster administrator, and can view and manage users, groups, and data for all Orgs across the cluster. If a user has this privilege in any other Org, they are only an Org administrator, and can only view and manage users, groups, and data for their specific Org(s). Refer to Cluster administrators and Org administrators for more information.

Can upload user data

Can upload their own data from the application’s Data page using Actions > Upload data.

This privilege is only available to Free Trial and Team Edition users.
Can download data

Can download data from search results and Liveboards.

Can share with all users

Can see the names of and share with users outside of the groups the user belongs to. Members of groups with this privilege can also share with groups marked as NOT SHAREABLE.

Can manage data

Can create connections. To view or edit other people’s connections, you must have the Can administer ThoughtSpot privilege.

Can create Worksheets and views.

Note that to edit a Worksheet or a view created by another user, you must have the Edit permission on that object, and it must be shared with you.

Can create SQL views.

Can manage sync

Can use ThoughtSpot Sync to set up secure pipelines to external business apps and sync data. Note that users with admin privileges see all pipelines and syncs created by their team through the Sync tab in the Data workspace, while users without admin privileges see only the syncs and pipelines they personally create.

Can use Sage

Users with this privilege can use the Early Access ThoughtSpot Sage features. These features must first be enabled by your administrator. For more information about Early Access features, see Early Access features. These features include Sage search, AI-suggested searches, and Contextual change analysis. You do not need this privilege for the AI-generated Worksheet synonyms feature.

Can manage catalog

Users with this privilege can set up or edit a connection to a catalog. User setting up the catalog connection can also configure which fields to display or hide on the column and table level knowledge cards.

Can schedule for others

Can create Liveboard schedules for other users and groups.

If a user previously had Can schedule for others privileges and the permission was removed, their existing schedules would continue to send as before. As owners of a Liveboard schedule, they could delete the schedule, but could not add or remove existing users.

Has SpotIQ privilege

Can use the SpotIQ feature.

If this privilege is not enabled for the user, they can still see "Did you know" SpotIQ insights on the ThoughtSpot home page.

Can administer and bypass RLS

Users in groups with this privilege (directly or through group inheritance):

  • Are exempt from row-level security (RLS) rules.

  • Can add/edit/delete existing RLS rules.

  • Can check or uncheck Bypass RLS on a Worksheet.

Your installation configuration may enable or disable the availability of this privilege. By default, it is enabled. Administrators or groups with the privilege Can administer ThoughtSpot can grant this privilege.

Has Developer privilege

Can access and use the ThoughtSpot Developer Portal to explore the ThoughtSpot APIs and developer tools, and build web applications with ThoughtSpot content.

The following table shows the intersection of user privilege and ability:

Create/Edit WS
Create View
Create Connection
Modify Col. Props.1
Download Data
Share within Group
Share with all users
Manage and bypass RLS rules
CrUD Relationships
Read Relationships
See Hidden Cols
Join with Upload Data
Schema Viewer
Use Scheduler
Use Auto-Analyze
Access Developer Portal
Run Sage queries
Can administer ThoughtSpot Y Y Y Y Y Y Y Y Y2 Y Y Y Y Y Y Y N
Can download data
N N N N Y Y N N N
Y4
N N N N N N N
Can manage data
Y Y Y Y N Y N N
Y4
Y4
Y5
Y N N N N N
Can share with
all users
N N N N N Y Y N N
Y4
N N N N N N N
Has SpotIQ privilege
N N N N N N N N N
Y4
N N N N Y N N
Can Administer and Bypass RLS
N N N N N Y N Y Y N N N N N N N N
Can manage sync Y Y Y Y N Y N N
Y4
Y4
Y5
Y N N N N N
Can use Sage N N N N N N N N N N N N N N N N Y
Can manage catalog Y Y Y Y N Y N N
Y4
Y4
Y5
Y N N N N N
Has Developer privilege N N N N N Y N N N N N N N N N Y N
None N N N N N Y N N N
Y4
N N N N N N N

Table notes:

  1. Applies to non-owners only.
  2. Any tables.
  3. Author of at least one table in relationship.
  4. Only when read permission for columns used in the relationship.
  5. With edit permission.


Was this page helpful?