Skip to main content

About Data Warehouse Security

You can configure which users and groups have access to each of your data warehouses. These permissions apply across AtScale. If a user has access to a data warehouse, they can do the following:

  • View and edit the data warehouse on the Data Warehouses page.
  • View it in the Data Sources panel.
  • Access the catalogs and models based on its data within Design Center.
  • View queries and aggregates on those models on the Queries and Aggregates pages.
note

Permissions configured at the data warehouse do not apply to deployed models. This means that even if a user cannot access a data warehouse, they can still access deployed models based on its data via BI tools. To control access to deployed models, you need to set the runtime permissions on the model itself. For more information, see Configuring Permissions on Deployed Models.

To grant a user or group access to a data warehouse, you add them in the Access Controls field in the Add/Edit Data Warehouse panels on the Data Warehouses page. Once added, they are automatically granted the access_data_warehouse scope in the Identity Broker.

You can also configure the default permissions on new data warehouses using the datawarehouse.default.restriction.enabled global setting. This setting supports the following values:

  • false: Default. Grants all users access to new data warehouses.
  • true: Restricts access to only the user that created the data warehouse.

For more information on configuring global settings, see Configuring Global Settings.