User Roles and Permissions
BEEM uses role-based access control (RBAC) with three workspace-level roles. A single user can hold different roles across multiple workspaces.
The Three Roles
Organization Admin
- Full access to everything in the workspace
- Manage members: invite, change roles, remove
- Manage connections and integrations
- Manage organization settings
- Create, edit, and delete all objects (datasets, dashboards, flows)
Editor
- Create and edit datasets, dashboards, and flows
- Cannot manage members, connections, or organization settings
Viewer
- Read-only access to dashboards and datasets
- Can use AI Insights to ask questions
- Cannot create, edit, or delete anything
Quick Permission Reference
| Capability | Organization Admin | Editor | Viewer |
|---|---|---|---|
| View dashboards and data | Yes | Yes | Yes |
| Use AI Insights | Yes | Yes | Yes |
| Create/edit datasets | Yes | Yes | No |
| Create/edit dashboards | Yes | Yes | No |
| Create/edit flows | Yes | Yes | No |
| Manage members | Yes | No | No |
| Manage connections | Yes | No | No |
| Organization settings | Yes | No | No |
Best Practices
- Give Viewer access to stakeholders who only need to see dashboards
- Use Editor for analysts who build datasets and reports
- Limit Organization Admin to the people who manage the workspace and connections
- Remember that connections are organization-level, shared across all workspaces