Data Warehouse User Roles

The following roles can be assigned to Data Warehouse users.

Data Admin

Role identifier: dataAdmin

This role should be assigned to any Data Warehouse user who needs to use the instance for loading and processing data.

  • Read all tables or views.

  • Import data into Data Warehouse tables.

  • Create, drop, or purge Data Warehouse tables.

  • Create other objects such as functions and views in the database.

Admin

Role identifier: admin

This role should be reserved for the user or users who need to have control over the other users in the Data Warehouse instance.

  • Read all tables or views.

  • Import data into Data Warehouse tables.

  • Create, drop, or purge Data Warehouse tables.

  • Create other objects such as functions and views in the database.

  • Add user.

  • Remove user. The user cannot be the Owner of the instance.

  • Change a user’s role. The user cannot be the Owner of the instance and cannot be changed to the Owner role.

  • Edit the name or description of an Data Warehouse instance.

Read-only user

Role identifier: readOnly

This role should be reserved for the user or users who need to only review or test data in the Data Warehouse instance without permissions to make any changes.

  • Access the Data Warehouse instance in read-only mode.
  • Read all tables or views.
  • Call the functions that do not modify the data.

Data Warehouse instance owner

The user who created the Data Warehouse instance is automatically assigned ownership of the instance. Ownership is not a formal role in the instance.

The Owner is also automatically assigned the Admin role. The Owner has all of the permissions of the Admin role, and the permission to delete the Data Warehouse instance.