# User Roles ## Overview Every Seemore user is assigned one of four roles. Roles are **hierarchical** — each higher role automatically includes every permission of the roles below it: **Owner → Admin → Editor → Viewer** That means an **Admin** can do everything an **Editor** and a **Viewer** can, an **Editor** can do everything a **Viewer** can, and so on. *** ## Roles at a Glance | Role | Typical user | Can do | | ---------- | --------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | **Owner** | Account owner | Everything an Admin can do, plus ownership-level actions such as managing **Asset Groups**. | | **Admin** | Workspace administrator | Manage **integrations**, **SSO**, **users & teams**, **communication channels**, **scheduled reports**, **domains**, **anomaly detection rules**, and account settings. | | **Editor** | Data engineer / platform operator | Turn **automations** on or off (Auto Shutdown, Auto Scaler, Smart Pulse, Burst Protector, Live Tuning), manage **budgets**, **contract view**, **query tags**, **Cortex Code limits**, and **usage exclusions**. | | **Viewer** | Analyst / stakeholder | Read-only access to dashboards, the **Query Analyzer**, **Observability views**, the **Auto-Clustering Agent**, **insights**, and all reports. | {% hint style="info" %} If a feature page requires a specific role to configure, it will call that out at the top of the page. Users with lower roles can still view the feature — they just can't change its configuration. {% endhint %} *** ## What Each Role Can Do ### Owner The **Owner** role is reserved for the account owner and anyone who needs the highest level of control. Owners can do everything an Admin can do, plus: * Create, update, and delete **Asset Groups** (used to control which assets other users can access). ### Admin Admins manage the workspace and its integrations. Use this role for IT and data-platform leads. Admins can: * Create, edit, test, sync, and delete **integrations** (Snowflake, dbt, Airflow, Fivetran, Rivery, Tableau, Power BI, Looker). * Configure **SSO and SCIM** (Okta, Microsoft Entra ID) and manage SCIM tokens. * Invite, remove, and change roles for **users**; create and manage **user teams**. * Create and manage **communication channels** (Slack, Microsoft Teams, Email groups). * Configure **scheduled reports** (daily / weekly summaries). * Create and manage **domains**. * Create and manage **anomaly detection rules** and update anomaly assignees. * Upload the account image and manage account-wide branding. ### Editor Editors run day-to-day optimization. Use this role for data engineers and platform operators. Editors can: * Enable or disable **automations** per warehouse or globally: * [Auto Shutdown](/external-docs/fundamentals/our-features/automations/auto-shutdown.md) * [Auto Scaler](/external-docs/fundamentals/our-features/automations/auto-scaler.md) * [Smart Pulse](/external-docs/fundamentals/our-features/automations/smart-pulse.md) * [Burst Protector](/external-docs/fundamentals/our-features/automations/smart-pulse/burst-protector.md) * [Live Tuning](/external-docs/fundamentals/our-features/automations/live-tuning.md) * Edit warehouse **inner-day schedules** and restore default schedules. * Create and manage **Budget Groups** and budget segments. * Create and manage **Contract View** entries. * Manage **custom query tags** and **object tag rules**. * Set **Cortex Code** cost limits. * Add or remove **usage exclusions** for waste-reduction insights. ### Viewer Viewers have read-only access. Use this role for analysts, stakeholders, and anyone who needs visibility but not configuration access. Viewers can: * Browse all dashboards, cost overviews, and savings reports. * Use the [Query Analyzer](/external-docs/fundamentals/our-features/query-analyzer.md). * Explore [Observability views](/external-docs/fundamentals/our-features/observability/views.md) and the [Auto-Clustering Agent](/external-docs/fundamentals/our-features/auto-clustering-agent.md). * View insights and recommendations across Waste Reduction, Monitoring, and Budgeting. * Use the built-in AI assistant and RCA agent to ask questions about their data. *** ## How Roles Are Assigned You can assign roles in two ways: 1. **Directly in Seemore** — Go to **Settings → Access Control → Users**, then invite a new user or edit an existing user's role. Only **Admins** (or higher) can change roles. 2. **Automatically via SSO** — If you use Okta or Microsoft Entra ID SSO with SCIM, roles are synced from your identity provider on each login. See: * [Setup Okta SSO](/external-docs/fundamentals/getting-set-up/authentication/setup-okta-sso.md) * [Setup Microsoft Entra ID SSO](/external-docs/fundamentals/getting-set-up/authentication/setup-entra-id-sso.md) {% hint style="warning" %} When using SCIM, role changes take effect on the user's **next login**. Ask the user to sign out and sign back in to pick up a new role. {% endhint %} *** ## Best Practices * **Keep Owner accounts to a minimum.** Reserve Owner for 1–2 trusted users who manage the account itself. * **Give Admin only to platform leads.** Admins can change integrations and SSO, which affects everyone. * **Use Editor for day-to-day operators.** Editors can safely tune warehouses and budgets without changing integrations or access control. * **Default new users to Viewer.** It's the safest starting point; promote later as needed. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.seemoredata.io/external-docs/fundamentals/settings/user-roles.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.