Skip to Content
PlatformProduction DeploymentUser ManagementWorkspace Roles Overview

Workspace Roles Overview

CloudQuery Platform has four built-in workspace roles and three additional role types.

Built-in Roles

General:Read

The most restricted built-in role. A user with this role can:

  • View data in the Asset Inventory
  • Create and save search filters in Asset Inventory
  • Query data in the SQL Console
  • Create and save SQL queries in the SQL Console

General:Write

In addition to General:Read capabilities, a user with this role can:

  • Create, update, and delete integrations, destinations, and syncs
  • View the Data Pipelines section (Integrations, Destinations)
  • Create and delete Workspace API keys with General:Read or General:Write roles

Admin:Read

An administrative role with read-only access. In addition to General:Read capabilities, a user with this role can:

  • View the Data Pipelines section (Integrations, Destinations)
  • View Usage
  • See all workspace users in Organization settings

Admin:Write

The full administrative role. In addition to all the above, a user with this role can:

  • Create, update, and delete users
  • Configure SSO, notification destinations, and platform settings
  • Create and delete Workspace API keys with any role level

Additional Role Types

Beyond the four built-in roles, the platform supports these role types:

  • CI — Intended for API keys used in CI/CD pipelines. Provides programmatic access without a user session.
  • Schema Only — Read-only access limited to schema information.
  • Custom — Roles created through data access permissions. Custom roles combine data permissions to restrict which data a user can see while granting General:Read-level feature access.

For more on custom roles and data permissions, see Limiting Access to Data.

Programmatic access

Roles and permissions can be managed via the Platform API. See the Platform API Reference (rbac section) for endpoint details on listing, creating, and assigning roles programmatically.

Next Steps

Was this page helpful?

Last updated on

OverviewMulti-Factor Authentication