Data security
Data security refers to which users can see which data in the ThoughtSpot application.
Sharing and security privileges govern what data a user can access and what they can do with the data. Admins can use privileges to regulate access to information and provide a personalized user experience.
Users, groups, and privileges
Data security applies to users and groups. Users can be managed manually or through LDAP. Each user can have membership in one or more groups. Admins can make security settings that determine what users are allowed to do in ThoughtSpot. These settings are applied at the group level.
The following table shows the intersection of user privilege and ability:
|
Create/Edit WS
|
Create View
|
Create Embrace Connection
|
Modify Col. Props.1
|
Upload Data
|
Download Data
|
Share within Group
|
Share with all users
|
Manage RLS rules
|
CrUD Relationships
|
Read Relationships
|
See Hidden Cols
|
Join with Upload Data
|
Schema Viewer
|
Use Scheduler
|
Use Auto-Analyze
|
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Can administer ThoughtSpot | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y2 | Y | Y | Y | Y | Y | Y |
Can upload user data
|
N | N | N | N | Y | N | Y | N | N |
Y3
|
Y4
|
N | N | N | N | N |
Can download data
|
N | N | N | N | N | Y | Y | N | N | N |
Y4
|
N | N | N | N | N |
Can manage data
|
Y | Y | Y | Y | Y | N | Y | N | N |
Y4
|
Y4
|
Y5
|
Y | N | N | N |
Can share with all users
|
N | N | N | N | N | N | Y | Y | N | N |
Y4
|
N | N | N | N | N |
Has SpotIQ privilege
|
N | N | N | N | N | N | N | N | N | N |
Y4
|
N | N | N | N | Y |
Can Administer and Bypass RLS
|
N | N | N | N | N | N | N | N | N | Y | N | N | N | N | N | N |
None | N | N | N | N | N | N | Y | N | N | N |
Y4
|
N | N | N | N | N |
Table notes:
|
Security model for sharing objects
You can share with groups and with individual users. Sharing of tables can be defined at the table, column, or row level. This provides flexibility in modeling your data security policy. Security and sharing settings apply to several different types of objects, each of which has its own security default settings and rules.