Please use the form below to provide your feedback. Because your feedback is valuable to us, the information you submit in this form is recorded in our issue tracking system (JIRA), which is publicly available. You can track the status of your feedback using the ticket number displayed in the dialog once you submit the form.

System Defined Roles

    For authorizing users, Enterprise Analytics has some pre-built roles with predefined sets of privileges that can be assigned to users.

    System defined roles are pre-built permission sets that provide standardized access control for Enterprise Analytics users. These roles simplify security management by offering ready-to-use privilege combinations that administrators can assign without custom configuration.

    These roles:

    • Ensure consistency across user permissions and simplify the management of access control.

    • Provide a straightforward approach to assigning permissions, particularly for users who may not have in-depth knowledge of Enterprise Analytics access control mechanisms.

    • Help reduce the risk of unauthorized access and potential security vulnerabilities.

    • Are useful if users access Enterprise Analytics through client applications (Power BI, Tableau) that cannot modify access privileges nor set roles.

    Available System Defined Roles

    The following system defined roles are available in Enterprise Analytics:

    sys_view_reader

    sys_view_reader Role allows access to all the views (View and Tabular Analytics View (TAV)) globally. This role is useful for BI Tools like Tableau and Power BI, where the connection is at database level. Users with the sys_view_reader role have access to all the TAVs and need not GRANT access for TAVs explicitly.

    Privileges

    The sys_view_reader role includes the following privilege:

    • SELECT

    sys_data_reader

    sys_data_reader is the role that allows read access to data globally.

    Capability Description

    Global Read Access

    Can read any accessible object globally (not specific to any object type).

    Role Inheritance

    Inherits privileges of the sys_view_reader role via system role hierarchy.

    Object Accessibility

    Access applies only to relevant objects. For example, SELECT on collections, not databases.

    Privileges

    The sys_data_reader role includes the following privilege:

    • SELECT (inherited from sys_view_reader Role)

    sys_data_admin

    sys_data_admin is the role that allows access to data globally. This is not for any specific object type but a user with a sys_data_admin role can access any accessible object globally.

    Privileges

    The sys_data_admin role includes the following privileges:

    • SELECT (inherited from sys_data_reader Role)

    • INSERT

    • UPSERT

    • DELETE

    • ANALYZE

    • EXECUTE

    • CONNECT

    • DISCONNECT

    • COPY TO

    • COPY FROM

    sys_security_admin

    sys_security_admin is the role that manages any object grant/revoke globally, as well as create/drop roles.

    Capability Description

    Grant/Revoke Management

    Can GRANT/REVOKE any privilege on any object to/from any user and role.

    Role Management

    Can create/drop roles and GRANT/REVOKE privileges to/from custom roles.

    Default Object Privileges

    Doesn’t have any privileges on objects by default. For example, user with sys_security_admin role can grant select on object to another user, but cannot query the object itself, but can be granted privileges.

    Role Assignment Authority

    Can grant sys_data_admin, sys_data_reader and sys_view_reader roles.

    Privileges

    The sys_security_admin role includes the following privileges:

    • CREATE

    • DROP

    • GRANT_OPTION

    sys_root

    The sys_root role is the highest privilege role in Enterprise Analytics. It provides full access to all resources and operations within the system and should be granted only to a limited number of users.

    The sys_root role maps to the following database-specific administrative roles:

    Privileges

    The sys_root role includes the following privileges:

    Privilege Description

    CREATE

    Inherited from sys_security_admin Role, data_reader_writer

    DROP

    Inherited from sys_security_admin Role

    SELECT

    Inherited from sys_data_admin Role

    INSERT

    Inherited from sys_data_admin Role

    UPSERT

    Inherited from sys_data_admin Role

    DELETE

    Inherited from sys_data_admin Role

    ANALYZE

    Inherited from sys_data_admin Role

    EXECUTE

    Inherited from sys_data_admin Role

    CONNECT

    Inherited from sys_data_admin Role

    DISCONNECT

    Inherited from sys_data_admin Role

    COPY TO

    Inherited from sys_data_admin Role

    COPY FROM

    Inherited from sys_data_admin Role