Pricing
Log in Get started
Docs Learn
Home
Analytics
Embedding
Administration
Other resources
These are the docs for the Metabase master branch. Some features documented here may not yet be available in the latest release. Check out the docs for the latest version, Metabase v0.54.

Permissions introduction

There are always going to be sensitive bits of information in your data, and thankfully Metabase provides a rich set of tools to ensure that people on your team only see the data they’re supposed to.

If instead you’re wondering about what data Metabase the company can see, check out our page on data privacy and security.

Key points regarding permissions

  • Permissions are granted to groups, not people.
  • People can be in more than one group.
  • If a person is in multiple groups, they will have the most permissive access granted to them across all of their groups. For example, if a person is in three groups, and any one of those groups has Curate access to a collection, then that person will have curate access to that collection.

What you can set permissions on

Tools for managing multi-tenant setups

At a high-level, Metabase provides several approaches to managing permissions for different multi-tenant setups, depending on how you’ve segregated your data.

Your customers share a single database

Data sandboxes let you apply row and column-level security, so each customer only sees their data in the tables.

Each customer has their own database

With Database routing, you can build a question once, and have Metabase send a query to a different database depending on the customer.

You’d prefer to manage permissions via the database itself

With Connection impersonation, you can manage permissions with roles you define in your database.

Read docs for other versions of Metabase.