Home
GuidesRecipesAPI ReferenceChangelog
HomeSee demo
Guides
See demo

Example: only allow Query Runner operations

Suggest Edits

Let's consider this scenario:

  1. You are a Polytomic Admin.
  2. You would like to define a role with no ability to perform any operations in Polytomic except for running queries in Query Runner against your data warehouse:

This tutorial will define a custom role and policy to cover this use case. Throughout the steps below, ensure that your role is Admin:

  1. Go to Roles and create a role with your chosen name (for example: Query-only role):
  1. Now that we created a role, we will create a custom security policy. Go to Access control and click Create policy:

  1. Give your policy a name (for example: Query Runner policy).

  2. Map its operations to these corresponding roles:

apply_policy: Admin

create: Can leave blank.

delete: Can leave blank.

edit: Can leave blank.

export: Query-only role

modify_policy: Admin

query: Query-only role

sync_to: Can leave blank.

trigger: Can leave blank.

  1. Attach this policy to your data warehouse connection (for example, Databricks):

Per the steps above, any user with only the Query-only role will be excluded from performing any operations in Polytomic except for running queries in Query Runner and seeing their results.

Updated 7 months ago