Skip to main content
Credible provides a robust, relationship-based permission model that enables both governed data modeling and flexible collaboration. Access to all resources is controlled through a hierarchical permission system where users and groups are granted specific roles on different resources.

Resource Hierarchy

Credible organizes resources into two main hierarchies:

Governance Hierarchy (Projects & Packages)

Where trusted, version-controlled data models are built and maintained: 
Organization
├── Projects
│   ├── Connections (database access)
│   └── Packages
│       └── Versions

Collaboration Hierarchy (Workspaces & Documents)

Where analysis and data exploration happen: 
Organization
├── Workspaces
│   ├── Attached Packages
│   └── Documents

Groups

Groups organize users and simplify permission management across both hierarchies: 
Organization
└── Groups
    └── Members (users or nested groups)

Roles by Resource

Each resource type has specific roles that determine what users can do:

Organization Roles

RoleCapabilities
AdminFull control over organization, can create projects/workspaces/groups, manage all settings and members
ModelerCan create and modify data models, manage packages
MemberBasic organization membership

Project Roles

RoleCapabilitiesInheritance
AdminFull control over project, manage connections, settings, and all packagesInherits from Organization Admin
ModelerCreate and update packages, manage versions, use project connections to build modelsProject Admin is also a Modeler
ViewerRun queries against models, view model source code (measures, dimensions), cannot edit or publishProject Modeler is also a Viewer

Package Roles

RoleCapabilitiesInheritance
AdminFull control over package and versionsInherited from Project Admin
ModelerCreate, update, and publish package versionsInherited from Project Modeler
ViewerRun queries against models, view model source codeInherited from Project Viewer

Workspace Roles

RoleCapabilitiesInheritance
ManagerAdministrative control over workspace, manage members, settings, and all documentsInherits from Organization Admin
ViewerView workspace and documents, run queries, duplicate documentsWorkspace Manager is also a Viewer

Document Roles

RoleCapabilitiesInheritance
EditorModify document content, run code, share with othersInherited from Workspace Manager
ViewerView document and source code, run queries, duplicate document to create editable copyDocument Editor is also a Viewer

Group Roles

RoleCapabilities
AdminManage group members, settings, and permissions
MemberGroup membership for permission assignment

How Permissions Work

Hierarchical Inheritance

Permissions flow down from parent resources to child resources:
  • Organization Admins automatically become Project and Workspace Admins
  • Project Admins automatically become Package Admins
  • Workspace Managers automatically become Document Editors
  • Groups inherit permissions through the hierarchy

Additive Permissions

When a user has multiple permission sources (e.g., direct access and group membership), their effective permission is the most permissive of all grants.

Groups Simplify Management

Instead of granting permissions to individual users, you can:
  1. Create a group (e.g., “Marketing Team”)
  2. Add users to the group
  3. Grant the group permissions on resources
  4. Group members automatically inherit those permissions
Groups can also contain other groups, enabling flexible organizational structures.

Connection Access

Database connections are defined at the project level:
  • Project Admins can create, update, and delete connections
  • Project Modelers can list and use connections in their models
  • Queries are governed: Users execute queries through semantic models, not directly against databases
  • This provides a safe, consistent layer for data access with centralized security

Requesting Access

Users can request access to resources they don’t currently have permission to view:
  • When you discover a resource you need access to, you can request permission
  • The request is sent to resource administrators for approval
  • Once approved, you’ll receive the specified role on that resource

Workspace-Package Linking

Workspaces can be attached to specific packages:
  • This grants workspace members the ability to query those packages
  • Provides document-scoped access without granting project-level permissions
  • Enables collaboration on specific models while maintaining governance

Three Layers of Security

Credible implements security at multiple layers:
  1. Application Layer: Role-based access control (admin, modeler, viewer, etc.) determines which resources you can access
  2. Semantic Layer: Connections and semantic models provide governed access to data
  3. Data Layer: Fine-grained access controls in Malloy models control row and field-level access (coming soon)
These layers work together: Application permissions determine if you can open a resource, then data layer controls filter what specific rows and columns you can see when queries run.

Next Steps

Groups & Permissions

Detailed guide on configuring groups and managing permissions

Fine-Grained Access Control

Row and field-level security using Malloy annotations
I