The User Management section of the Cube Workspace lets you manage permissions for every person in your Cube instance. With the introduction of granular access controls, you have full flexibility to define who can access specific features and data.
We are currently rolling out an updated version of our user management feature. If you don't see User Management in your Cube navigation, please follow these directions to use the prior Team Member experience.
Every Cube user is assigned a standard or custom group that defines their level of access:
- A user type (which controls feature access)
- A data access group (which controls dimension-level data access)
If a user has multiple user types or data access groups assigned, they will have the highest level of permissions allowed by any of the designated groups.
Depending on your account permissions, you’ll be able to:
- Invite new users and assign them the right level of access
- Create and manage user types to define what users can do in Cube
- Create and manage data access groups to define what users can see in Cube
- View and edit Cube Staff access to support troubleshooting and consultation
- Enable or disable users as needed
User Management capabilities
Users
View and manage all users who have been invited to your Cube instance, whether they’re active, pending, or disabled.
From this tab, you can:
- View users filtered by type, status, or access level
- Invite new users and assign user types and data access
- Change a user’s user type or data access group
- Create a new custom user type or data access group
- Disable or re-enable a user
User Types
Customize feature access using user types. Cube includes three default user types–Admin, Finance, and Business—but you can create as many additional custom roles as needed to match your team’s structure.
Each user type determines what features users can access and at what level. Depending on the feature, you can restrict access entirely, provide view-only access, or give full access to manage that feature. This allows you to create a role for someone to build dashboards and reports, while someone else is only allowed to view them.
From this tab, you can:
- Create a custom user type
- Edit feature permissions
- Assign a user type to users
- Deactivate a custom user type
Data Access
Control data visibility using data access groups. These groups define what parts of your Cube model users can view or edit, down to the dimension member level, providing granular control over your data.
Cube includes two default groups–Full Access to view and edit all data in Cube and Read All for view-only access to all data–but you can create as many additional custom data access groups to provide the exact level of detail needed for your team. This allows you to create roles where users can see or edit very specific datasets, such as just the data for their team or budgets for a certain year.
From this tab, you can:
- Create a custom data access group with fine-grained rules
- Set view or edit access for each dimension or dimension member
- Add or remove users from a data access group
- Deactivate a custom data access group
Cube Staff
Cube’s support team may need temporary access to help troubleshoot, provide consultation, or configure new source systems. The Cube Staff tab allows you to manage the Cube Staff who currently or previously have had access to your environment or manage an access window.
To service your account effectively, Cube Staff will always have an Admin user type and Full Access to data by default, providing the highest level of access to your Cube, but this can be customized if necessary.
From this tab, you can:
- View who has had access to your Cube and their current status
- See when each staff member was last active in your account
- Revoke or close an access window
-
Extend or open an access window