Users & Roles¶
Manage users with admin, editor, and viewer roles.
Overview¶
Dango uses role-based access control (RBAC) with three built-in roles. Every user is assigned exactly one role that determines what they can see and do.
| Role | Description |
|---|---|
| Admin | Full control — all permissions, user management, platform configuration |
| Editor | Data operations — sync sources, run transformations, create dashboards, manage notebooks |
| Viewer | Read-only — view sources, dashboards, models, and health status |
Role Descriptions¶
Admin¶
Admins have a wildcard permission (*) that grants access to everything. This includes:
- All data operations (sync, transform, query)
- User management (create, edit, deactivate, delete users)
- Auth settings (enable/disable 2FA policy, manage API keys for any user)
- Platform configuration (start/stop services, manage settings)
- Audit log access
- Credential and secret management
Editor¶
Editors can perform day-to-day data operations but cannot manage users, auth settings, or platform configuration:
- Sync data sources and manage source configuration
- Upload and delete CSV files
- Run dbt transformations and manage models
- View dashboards and create new ones
- Execute ad-hoc queries
- View and execute notebooks
- View schedules and governance reports
- View health status, logs, and project configuration
Viewer¶
Viewers have read-only access to data and status:
- View data sources (but not sync or manage)
- View dbt models and documentation
- View dashboards (but not create or query)
- View health status and logs
- View notebooks (but not execute)
- View schedules and governance reports
Permission Matrix¶
Dango has 29 named permissions organized across 9 domains.
Source Permissions¶
| Permission | Admin | Editor | Viewer |
|---|---|---|---|
source.view — list sources, view status | |||
source.view_credentials — view OAuth tokens / secrets | |||
source.sync — trigger a sync | |||
source.manage — add / remove / configure sources |
CSV Permissions¶
| Permission | Admin | Editor | Viewer |
|---|---|---|---|
csv.upload — upload CSV files | |||
csv.delete — delete uploaded CSVs |
dbt Permissions¶
| Permission | Admin | Editor | Viewer |
|---|---|---|---|
dbt.view — view models, docs | |||
dbt.run — trigger dbt runs | |||
dbt.manage — add / remove models |
Dashboard Permissions¶
| Permission | Admin | Editor | Viewer |
|---|---|---|---|
dashboard.view — view dashboards | |||
dashboard.create — create / edit dashboards | |||
query.execute — run ad-hoc queries | |||
dashboard.manage — manage Metabase settings |
Platform Permissions¶
| Permission | Admin | Editor | Viewer |
|---|---|---|---|
health.view — view health / status | |||
logs.view — view logs | |||
platform.manage — start / stop / configure platform | |||
config.view — view project configuration | |||
config.manage — modify project configuration |
Auth Permissions¶
| Permission | Admin | Editor | Viewer |
|---|---|---|---|
users.view — list users | |||
users.manage — create / edit / deactivate users | |||
auth.manage — manage auth settings | |||
audit.view — view audit logs |
Notebook Permissions¶
| Permission | Admin | Editor | Viewer |
|---|---|---|---|
notebooks.view — view notebooks | |||
notebooks.execute — run notebook cells | |||
notebooks.manage — create / delete notebooks |
Governance Permissions¶
| Permission | Admin | Editor | Viewer |
|---|---|---|---|
governance.view — view PII reports | |||
governance.manage — configure governance rules |
Scheduler Permissions¶
| Permission | Admin | Editor | Viewer |
|---|---|---|---|
scheduler.view — view scheduled jobs | |||
scheduler.manage — create / edit schedules |
Complete Permission Table (All 29 Permissions)
| # | Permission | Admin | Editor | Viewer |
|---|---|---|---|---|
| 1 | source.view | |||
| 2 | source.view_credentials | |||
| 3 | source.sync | |||
| 4 | source.manage | |||
| 5 | csv.upload | |||
| 6 | csv.delete | |||
| 7 | dbt.view | |||
| 8 | dbt.run | |||
| 9 | dbt.manage | |||
| 10 | dashboard.view | |||
| 11 | dashboard.create | |||
| 12 | query.execute | |||
| 13 | dashboard.manage | |||
| 14 | health.view | |||
| 15 | logs.view | |||
| 16 | platform.manage | |||
| 17 | config.view | |||
| 18 | config.manage | |||
| 19 | users.view | |||
| 20 | users.manage | |||
| 21 | auth.manage | |||
| 22 | audit.view | |||
| 23 | notebooks.view | |||
| 24 | notebooks.execute | |||
| 25 | notebooks.manage | |||
| 26 | governance.view | |||
| 27 | governance.manage | |||
| 28 | scheduler.view | |||
| 29 | scheduler.manage |
User Management¶
Adding Users¶
Admins can create new users via CLI or web UI. New users receive an invite link to set their password.
# Create a user with a specific role
dango auth add-user [email protected] --role editor
Output:
- Go to Admin → Users (
/settings/users) - Click Add User
- Enter email and select a role
- Copy the invite link and share it with the user
Accepting Invites¶
When a user receives an invite link:
- Open the link in a browser →
/invite/{token} - Set a password on the invite acceptance page
- Automatically logged in after setting password
Invite Expiry
Invite links expire after 72 hours. If expired, an admin can resend the invite from the web UI or create a new user.
Changing Roles¶
# Promote a user to admin
dango auth change-role [email protected] admin
# Demote to viewer
dango auth change-role [email protected] viewer
Role changes take effect on the user's next request (existing sessions are updated). The Metabase role is also synced automatically.
Deactivating Users¶
Deactivating a user immediately invalidates all their sessions:
dango auth deactivate-user [email protected]
Deactivated users:
- Cannot log in
- All active sessions are invalidated immediately
- Account data is preserved (can be reactivated)
To reactivate:
dango auth reactivate-user [email protected]
Deleting Users¶
Permanently removes a user account:
dango auth delete-user [email protected]
Permanent Action
Deletion is permanent and requires confirmation. The user's data, sessions, and API keys are removed.
Listing Users¶
Shows all users with their role, status (active, inactive, locked, invited, invite expired), and last login.
Last-Admin Protection¶
Dango prevents you from accidentally losing all admin access:
- Cannot demote the only active admin to editor or viewer
- Cannot deactivate the only active admin
- Cannot delete the only active admin
If you need to change the admin, first promote another user to admin, then modify the original.
Metabase Role Sync¶
When a user is created or their role changes, Dango automatically syncs the change to Metabase:
| Dango Role | Metabase Role |
|---|---|
| Admin | Superuser |
| Editor | Member of "Dango Editors" group |
| Viewer | "All Users" group only (default read access) |
The "Dango Editors" group is created automatically in Metabase. Editors get the ability to create questions and dashboards. Viewers can only view existing dashboards shared with "All Users."
Next Steps¶
- Authentication — login flows and session management
- Two-Factor Auth — enable 2FA for user accounts
- Audit Logging — track user management events
- Best Practices — security recommendations