User Management

Complete guide to managing users, roles, and access across your space.

Understanding User Roles

Platform Roles

At the highest level, Users have basic platform access, while Superadmins have platform-wide control, including the ability to create spaces and manage global settings.

Space Roles

Within a specific space, roles define what a user can do. Viewers have read-only access to all content. Editors can create and modify content. Admins have full control over the space, including managing members and settings.

Governance Roles

Governance roles apply to specific data products. The Owner provides strategic oversight and makes major decisions. The Steward handles day-to-day curation and approves access requests. The Custodian is responsible for technical maintenance. The Data Architect designs data models and defines architectural standards.

Adding Users to a Space

Prerequisites

To invite users, you must be a Space Admin. The active user must either already have a platform account or will be prompted to create one upon accepting the invitation.

Invitation Process

To invite a single user, go to Settings → Members and click Invite Member. Enter their email address, select their initial role (Viewer, Editor, or Admin), and click Send Invitation.

Bulk Invitations

For onboarding multiple users at once, prepare a list of email addresses. Use the bulk invite option to add them all, typically assigning a common initial role which can be customized individually later.

Managing Existing Users

Viewing User Details

Clicking on any user in the member list reveals details such as their join date, current space role, any products they steward, and their recent activity within the space.

Changing Roles

To change a user's role, find them in the Members list and click the role badge. Select the new role from the dropdown and confirm the change.

important

Role changes take effect immediately, though users may need to refresh their browser to see the updated permissions.

Deactivating Users

For temporary access removal, use the Deactivate option. This prevents the user from accessing the space but preserves their history and assignments for easier reactivation later.

Removing Users

For permanent removal, select Remove and confirm the deletion.

caution

Before removing a user, ensure you reassign any governance roles they hold (like Product Owner) to avoid leaving products without oversight.

Governance Role Assignment

Assigning Product Roles

To assign governance roles, open a data product and go to the Governance tab. Click Assign Role, then select the user and the specific role type (Owner, Steward, Custodian, Data Architect) before saving.

Role Requirements

Every data product should ideally have a complete governance team: at least one Steward to handle access requests, an Owner for accountability, a Custodian for technical issues, and optionally a Data Architect for data modeling standards.

Finding Unassigned Products

You can find products missing governance roles by going to the Data Catalog and filtering for "No Steward" or similar criteria. Review these products and assign appropriate roles to ensure coverage.

Access Request Workflow

How Requests Flow

User Requests Access
        ↓
Request Sent to Steward/Owner
        ↓
Approver Reviews Request
        ↓
Approve ─────┐
   or        │
Reject ──────┼──→ User Notified
             │
Access Granted (if approved)

Configuring Approvers

By default, product Stewards and Owners can approve access. To customize:

Go to Settings → Permissions
Configure "Approve Access" rules
Specify which roles can approve

Auto-Approval Rules

For low-sensitivity products:

Configure auto-approval rules
Set conditions (role, team membership)
Requests matching rules auto-approve

Audit and Compliance

User Activity Logs

Track user actions:

Go to Settings → Audit Log
Filter by user, action type, or date
Export for compliance reporting

Access Reviews

Periodic access certification:

Generate access report
Review with product owners
Remove unnecessary access
Document review completion

Reporting

Standard reports:

User Access Matrix — Who has access to what
Activity Report — Actions over time
Role Distribution — Breakdown of role assignments

Common Scenarios

New Team Member Onboarding

Invite with Editor role
Assign to relevant products as Steward
Guide through documentation
Monitor initial activity

Team Member Departure

Identify their governance roles
Reassign all roles to others
Review pending approvals they own
Remove from space

Role Escalation

When someone needs more access:

Review their current contributions
Verify business justification
Escalate role
Document the change

Temporary Project Access

Add with Viewer role
Set calendar reminder for review
Remove when project completes

Best Practices

Principle of Least Privilege

Start with minimum necessary access
Escalate only when justified
Review periodically

Clear Role Boundaries

Document what each role can do
Train users on their permissions
Handle edge cases consistently

Regular Audits

Monthly: Review new additions
Quarterly: Full access review
Annually: Role and permission audit

Access Requests — User-facing access workflow
Settings — User profile management

Understanding User Roles​

Platform Roles​

Space Roles​

Governance Roles​

Adding Users to a Space​

Prerequisites​

Invitation Process​

Bulk Invitations​

Managing Existing Users​

Viewing User Details​

Changing Roles​

Deactivating Users​

Removing Users​

Governance Role Assignment​

Assigning Product Roles​

Role Requirements​

Finding Unassigned Products​

Access Request Workflow​

How Requests Flow​

Configuring Approvers​

Auto-Approval Rules​

Audit and Compliance​

User Activity Logs​

Access Reviews​

Reporting​

Common Scenarios​

New Team Member Onboarding​

Team Member Departure​

Role Escalation​

Temporary Project Access​

Best Practices​

Principle of Least Privilege​

Clear Role Boundaries​

Regular Audits​

Related Documentation​