Sharing and security privileges govern what data a user can access and what they can do with the data. Admins can use privileges to regulate access to information and provide a personalized user experience.
Users, groups, and privileges
Data security applies to users and groups. Users can be managed manually or through LDAP. Each user can have membership in one or more groups. Admins can make security settings that determine what users are allowed to do in ThoughtSpot. These settings are applied at the group level.
The following table shows the intersection of user privilege and ability:
|
|
Create/Edit WS
|
Create Agg WS
|
Modify Col. Props.1
|
Upload Data
|
Download Data
|
Share within Group
|
Share with All
|
RLS rules
|
CrUD Relationships
|
Read Relationships
|
See Hidden Cols
|
Join with Upload Data
|
Schema Viewer
|
Use Data Connect
|
Use Scheduler
|
Use Auto-Analyze
|
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Admin | Y | Y | Y | Y | Y | Y | Y | Y | Y2 | Y | Y | Y | Y | Y | Y | Y |
|
Can Upload Data
|
N | N | N | Y | N | Y | N | N |
Y3
|
Y4
|
N | N | N | N | N | N |
|
Can Download Data
|
N | N | N | N | Y | Y | N | N | N |
Y4
|
N | N | N | N | N | N |
|
Data Management
|
Y | Y | Y | Y | N | Y | N | N |
Y4
|
Y4
|
Y5
|
Y | N | Y | N | N |
|
Can Auto-Analyze
|
N | N | N | N | N | N | N | N | N |
Y4
|
N | N | N | N | N | Y |
| Can Schedule | N | N | N | N | N | N | N | N | N |
Y4
|
N | N | N | N | Y | N |
|
Can Share with All
|
N | N | N | N | N | Y | Y | N | N |
Y4
|
N | N | N | N | N | N |
| None | N | N | N | N | N | Y | N | N | N |
Y4
|
N | N | N | N | N | N |
|
Table notes:
|
||||||||||||||||
Security model for sharing objects
You can share with groups and with individual users. Sharing of tables can be defined at the table, column, or row level. This provides flexibility in modeling your data security policy. Security and sharing settings apply to several different types of objects, each of which has its own security default settings and rules.
| Object type | Description | Default security model |
|---|---|---|
| Tables | The source data tables that have been loaded using ThoughtSpot Loader. | Administrator users have access to source tables. They can share a table with other users or groups. See Share tables and columns |
| Columns | The columns in the source data tables that have been loaded using ThoughtSpot Loader. | Administrator users have access to columns in the source tables. They can share selected columns with other users or groups. See Share tables and columns |
| Rows | The rows in the source data tables that have been loaded using ThoughtSpot Loader. | All rows in the source tables are shared with all users by default. |
| Imported data | Data that was imported using a Web browser. | Only the user who imported the data (and any user with administrator privileges) has access to it by default. They can share a table (or selected columns) with other users or groups. See Share tables and columns |
| Worksheets | A worksheet created using a Web browser. | Only the creator of the worksheet (and any user with administrator privileges) has access to it by default. They can share a worksheet with other users or groups. See Share worksheets |
| Pinboards | A pinboard of saved search results. | Anyone who can view a pinboard can share it. See Share a pinboard |
Row level security
ThoughtSpot includes robust row level security, which allows you to filter all objects users see based on conditions you set at the level of row values in base data tables.