ConfigRole-Based Access (RBAC)

Role-Based Access (RBAC)

Restrict administrative access dynamically based on organizational roles. Allow Data Analysts to query metrics using the AI Copilot while explicitly restricting them from modifying underlying PySpark deployment code structures.

Principle of Least Privilege

A dynamically functioning enterprise data platform invites multiple differing skill sets. Deep security teams fundamentally do not want Marketing Analysts possessing the active permissions necessary to delete entire Snowflake schema environments or inadvertently export PII endpoints to external tracking vendors.

The RBAC (Role-Based Access Control) configuration model controls these boundaries seamlessly and mathematically at the edge tier before execution states can be reached.

Standard Hierarchy Roles

Administrator

Grants absolute, complete organizational control. Possesses complete billing transparency access, environment variable mutation rights, and global destructive database deletion controls.

Data Engineer

Permitted to visually build, mathematically modify, and aggressively scale processing pipelines via the Canvas interface, as well as author unconstrained dbt models natively. Entirely restricted from managing billing infrastructure.

Data Analyst

Can freely access the AI natural-language Copilot and strictly view the static Observatory topological graphs. Hard-restricted from modifying underlying connector infrastructure or viewing raw unmasked PII datasets mapping natively from external APIs.