User Roles
Seemore uses four built-in roles to control what users can see and change. This page describes each role and how roles are assigned to users.
Overview
Every Seemore user is assigned one of four roles. Roles are hierarchical — each higher role automatically includes every permission of the roles below it:
Owner → Admin → Editor → Viewer
That means an Admin can do everything an Editor and a Viewer can, an Editor can do everything a Viewer can, and so on.
Roles at a Glance
Owner
Account owner
Everything an Admin can do, plus ownership-level actions such as managing Asset Groups.
Admin
Workspace administrator
Manage integrations, SSO, users & teams, communication channels, scheduled reports, domains, anomaly detection rules, and account settings.
Editor
Data engineer / platform operator
Turn automations on or off (Auto Shutdown, Auto Scaler, Smart Pulse, Burst Protector, Live Tuning), manage budgets, contract view, query tags, Cortex Code limits, and usage exclusions.
Viewer
Analyst / stakeholder
Read-only access to dashboards, the Query Analyzer, Observability views, the Auto-Clustering Agent, insights, and all reports.
If a feature page requires a specific role to configure, it will call that out at the top of the page. Users with lower roles can still view the feature — they just can't change its configuration.
What Each Role Can Do
Owner
The Owner role is reserved for the account owner and anyone who needs the highest level of control.
Owners can do everything an Admin can do, plus:
Create, update, and delete Asset Groups (used to control which assets other users can access).
Admin
Admins manage the workspace and its integrations. Use this role for IT and data-platform leads.
Admins can:
Create, edit, test, sync, and delete integrations (Snowflake, dbt, Airflow, Fivetran, Rivery, Tableau, Power BI, Looker).
Configure SSO and SCIM (Okta, Microsoft Entra ID) and manage SCIM tokens.
Invite, remove, and change roles for users; create and manage user teams.
Create and manage communication channels (Slack, Microsoft Teams, Email groups).
Configure scheduled reports (daily / weekly summaries).
Create and manage domains.
Create and manage anomaly detection rules and update anomaly assignees.
Upload the account image and manage account-wide branding.
Editor
Editors run day-to-day optimization. Use this role for data engineers and platform operators.
Editors can:
Enable or disable automations per warehouse or globally:
Edit warehouse inner-day schedules and restore default schedules.
Create and manage Budget Groups and budget segments.
Create and manage Contract View entries.
Manage custom query tags and object tag rules.
Set Cortex Code cost limits.
Add or remove usage exclusions for waste-reduction insights.
Viewer
Viewers have read-only access. Use this role for analysts, stakeholders, and anyone who needs visibility but not configuration access.
Viewers can:
Browse all dashboards, cost overviews, and savings reports.
Use the Query Analyzer.
Explore Observability views and the Auto-Clustering Agent.
View insights and recommendations across Waste Reduction, Monitoring, and Budgeting.
Use the built-in AI assistant and RCA agent to ask questions about their data.
How Roles Are Assigned
You can assign roles in two ways:
Directly in Seemore — Go to Settings → Access Control → Users, then invite a new user or edit an existing user's role. Only Admins (or higher) can change roles.
Automatically via SSO — If you use Okta or Microsoft Entra ID SSO with SCIM, roles are synced from your identity provider on each login. See:
When using SCIM, role changes take effect on the user's next login. Ask the user to sign out and sign back in to pick up a new role.
Best Practices
Keep Owner accounts to a minimum. Reserve Owner for 1–2 trusted users who manage the account itself.
Give Admin only to platform leads. Admins can change integrations and SSO, which affects everyone.
Use Editor for day-to-day operators. Editors can safely tune warehouses and budgets without changing integrations or access control.
Default new users to Viewer. It's the safest starting point; promote later as needed.
Last updated