Permission level overview

Toucan AI provides a flexible, fine-grained permission system to help you control who can access, view, or modify your analytics assets. Permissions are enforced at multiple levels—organization, dataset, dashboard, and even down to individual rows—so you can confidently share insights while protecting sensitive data.

Key Concepts

• Roles: Assign users to roles (e.g., admin, editor, viewer) to define their default access level across your organization.

• Permissions: Each role comes with a set of permissions that determine what actions a user can perform (such as view, edit, or manage).

• Row-Level Security (RLS): Go beyond broad access control by filtering data at the row level, ensuring users only see the data they’re allowed to see.

• Scopes: Permissions can be scoped to specific organizations, datasets, or dashboards, supporting multi-tenant and complex team structures.

How Permissions Work

When a user interacts with Toucan AI, their permissions are checked at every step:

• Organization-level: Controls access to the organization and its resources.

• Dataset-level: Restricts which datasets a user can query or visualize.

• Dashboard-level: Limits which dashboards a user can view or edit.

• Row-level: Applies dynamic filters based on user attributes (like department, region, or team).

Example: Combining Roles and RLS

Suppose you have a “Sales” dashboard. With Toucan AI:

• A “Sales Manager” role might see all regions.

• A “Sales Rep” role, combined with RLS, only sees their assigned region’s data.

Why It Matters

This layered approach ensures you can:

• Safely share analytics with different teams or customers.

• Meet compliance and privacy requirements.

• Empower users with the right level of access—no more, no less.