With several layers in between to choose from. Decide what people can see per database, table, schema, or data sandbox.
Manage permissions by group
People can be in more than one group; when they’re in multiple groups the most permissive access applies. Map permissions with SSO (Available on Pro and Enterprise.)
Row and column level permissions
Use data sandboxes to restrict access for certain groups down to the row or column level.
Database-managed row-level permissions
Associate user attributes with database-defined roles and their privileges for impersonated access.
Define which groups can view or edit items in a collection, like questions, dashboards, models, timelines, and events.
Grant groups access to some, but not all, administrative features (Available on Pro and Enterprise.)
Determine whether users in a certain group can download results from a data source and how many rows (Available on Pro and Enterprise.)