How Access Is Granted
Adding a member to the organization does not automatically grant access to any environments or packages. To grant access:- Share directly: Navigate to the resource, click Share (or Permissions), and add the user
- Add to a group: Add the user to a group that already has access
Sharing Environments & Packages
Grant users or groups access to specific environments or packages.- Navigate to the environment or package under Packages & Connections in the sidebar
- Click Permissions
- Add the user or group and select their role
Environment Roles
Environment viewers automatically get viewer access to all packages in that environment.
Package Roles
Package access can also be granted to a workspace — that’s what adding a package to a workspace does: every workspace member can query the package through that workspace, without needing individual package permissions.
Sharing Workspaces & Documents
Environment and package permissions govern the data; workspace and document permissions govern the analysis work built on top of it.Workspace Roles
Users can also request access to a workspace they can’t see into; a workspace manager approves the request from the workspace’s permissions list.
Document Sharing
Individual documents in a workspace — chats, reports, and data apps — can be shared with users or groups at two levels:
Document permissions are inherited from the workspace, so workspace members can already see shared work; per-document sharing is for granting access beyond the workspace’s membership, and supports the same request-access flow.
Access Control
The Access Control page in the Credible App manages the lookup table behind secure givens — the values Credible resolves server-side when a published model filters or gates on a#(secure) given. Each row grants a user (by email), a group, or everyone (a default) a list of values for an attribute. An attribute appears here automatically once a published model references it, so assigning values here is the second half of setting up fine-grained access control.
Next Steps
Access Control
Row and field-level security using Malloy annotations
Best Practices
Draw environment boundaries that make permissions easy to manage