Role-based Access Controls
Role-Based Access Controls (RBAC) let you manage the set of permissions an individual user has.
Last updated
Was this helpful?
Role-Based Access Controls (RBAC) let you manage the set of permissions an individual user has.
Last updated
Was this helpful?
RBAC provides peace of mind, ensuring only those with appropriate permissions can access sensitive user information or take potentially destructive actions with Census Syncs or Census configuration.
Members of a Census organization may be promoted to Administrators, which will give them Owner permissions in all and the ability to manage billing, and Organization level settings.
Users who are not an admin are simply Members of the organization. Members must be added to each workspace individually.
Each member of a workspace has a role within each (and their roles can vary across workspaces).
Owner – This gives access to everything within the workspace, including managing warehouse & destination connections, API keys, and adding/removing users. Organization Admins have all the same permissions as Owners within a workspace.
Editor – This role allows users to create datasets, segments, and syncs, but does not give the ability to create or manage connections
Operator – The Operator Role is a special role within Census. It fits between the Editor and Viewer permissions, allowing members with this role to primarily work with Segments. Operators are able to create and edit segments, as well as manage syncing datasets and segments. They won't be able create new datasets, or modify any existing connections details.
Viewer - The read-only viewer on Census. They can view syncs and segments, and approved models, but cannot modify or take any action within Census.
View Warehouse Connections
Test Warehouse Connections
Create & Manage Warehouse Connections
Create & Manage dbt / Looker Connections
Create & Manage Org-level Fivetran & dbt Cloud Integrations
View Destination Connections
Create Destination Connections
Manage Destination Connections
Create custom objects, audiences, and tables in destination
Preview Sample for Datasets
Query Models
Create & Edit Datasets
Create & Edit Segments
Create & Modify Exclusion Lists
View Syncs
Create, Edit & Run Syncs on Segments & Datasets*
Create, Edit & Run Syncs on Datasets, Tables & Views
Invite New Users
Manage Member Roles
Remove Members from Workspaces
Create, Manage, Delete Workspaces
Create & Manage API Keys
You can also create custom roles by combining the required set of fine-grained permissions into a role that is then assignable to users in any workspace. Custom roles give you the ability to create narrow roles for specific use cases such as connection administration or data definition.
To create a new custom role,
Click on the Roles tab.
Click + New Role
Give your New Role a name.
You may also optionally pick an existing role to use as a starting point. Note that once your new role is created, there's no lasting association with this role, this is purely to save yourself some clicks setting up your new role.
Select the combination of permissions your new role needs and then click Save.
You can also manage the permissions of existing roles here. Modifying the permissions of an existing will take effect immediately on any user assigned to that role (though they may need to refresh their browser session to see it in the Census UI, it will be enforced immediately if they try to take a now blocked action).
Custom roles are a collection of permissions granted to the user within that workspace. They are organized as follows:
Subject - The type of resource (or group of related resources) that the set of permissions apply to, such as a connection, sync or dataset.
Permission - The specific allowed type of action that can be taken on the subject.
Read, Manage
Most Census API endpoints today are accessed via a shared API token defined for each Workspace.
Update, Read Members, Remove User
Manage the configuration associated with the workspace, including listing and removing members.
Workspace Member
Manage [Role]
Specifically grants the ability to invite, assign, or revoke a particular role for members in the workspace. The Custom Role version applies to all custom roles so should only be used for admin roles.
Connections
Test, Create, Update, or Destroy
Read, Create, Update, Destroy
Permissions related to listing, creating, updating, and destroying Segments.
Read, Create, Update, Destroy
Permissions scoped specifically to the Segment Priority List functionality used to manage overlapping segments.
Read, Create, Update, Destroy
Similarly scoped permissions for managing exclusion lists set up within Audience Hub.
Read, Create, Update, Destroy
Similarly scoped permissions for managing experiments created on top of Audience Hub segments
Read, Create, Update, Destroy
Permissions controlling access to smart columns, including computed columns, formula columns, and AI columns
Read, Create, Update, Destroy
Scoped permissions for setting up performance metrics used to measure segment performance in Audience Hub.
Read, Create, Update, Destroy
Standard operations for creating and managing syncs
Read, Create, Update, Destroy from dataset or segment
Scoped versions of the above operations limiting sync creation to only existing datasets or segments. Used by the built-in Operator role.
Run, Full Sync
Grants the ability to manually trigger a sync or full sync
Access Sync Tracking
Manage Subscriptions
Read, Create, Update, Destroy
Standard operations for managing Dataset project/repositories.
Read, Create, Update, Destroy
Standard operations for creating and editing datasets, such as SQL queries.
Read, Create, Update, Destroy
Standard operations for enabling and managing Git Link [Available in Private Beta]
Read, Create, Update, Destroy
Standard operations for enabling and managing Dataset API
Read, Create, Update, Destroy
Standard operations for enabling and managing the datadog integration for each workspace
Navigation
Visit Syncs, Segments, Datasets, Connections, Settings
Controls access to the various navigation sections of Census. These permission primarily controls navigation itself, not access to underlying resources, which are managed by other permissions.
Census provides sample data when working with models, segments, and syncs to help users understand their data sets, as well as what's being synced. Some organizations may prefer to restrict the ability to preview data to specific tools.
Click on the Workspaces selector at the top of the left navigation and click .
Permissions that apply to the creation and management of both and connections. Note: All members of the workspace will be able to see the existence of any connections regardless of permissions.
Download and search detailed
Control which users will be encounters an issue.
In this case, you can choose to disable the ability to preview data in Census on a per workspace basis. To disable data previews in Census, reach out to your success manager or send an email to .
