# User Attributes

This section covers how to set user attributes. User attributes are how users are assigned permissions that control their access to data (using [access grants](/data-modeling/access_grants.md)).

To set a user attribute on a user, go to Workspace Settings, then go to Team Members then go to Attributes to define the attribute

<figure><img src="/files/L5HJwoBXU4CIRSvS4cKm" alt=""><figcaption></figcaption></figure>

Then make the user attribute you want in the pop up menu and pick its type

<figure><img src="/files/ygUPeHEUFLk9wVwmG7mM" alt=""><figcaption></figcaption></figure>

You can set a user attribute on either a group or an individual user. To set it on an individual user, click on Users, and set the attribute on the user. This example sets the user attribute `Department` to `blah` on this user.

<figure><img src="/files/IJZi1fWLqBdoIZoKxtuW" alt=""><figcaption></figcaption></figure>

Now that this user's `Department` attribute is set, their permissions will be determined by that (and any other attributes) set on that user.

> Important: If an access grant references a user attribute, users should have a value for that attribute. Leaving the attribute blank does not behave like a denied value. If a user does not have the referenced attribute at all, that grant is not triggered and does not block access. To make access default to denied, set a non-granting value on the All Users group, then set the allowed value only on the users or groups that should have access.

For example, since the user's attribute for `Department` has been set to `blah`, not one of the allowed options (`Executive`, `Finance`, `Marketing`) this user will not have access to anything restricted by this access grant.

![access-grants](/files/i66vW1CtLpkzd3BTFA1L)

For example, this user will *not* have access to this `email` field because the field has the `pii_access` access grant as one of the `required_access_grant` selections.

![access-grant-on-field](/files/SzomdeLUTjnXxZQu0kdV)

For more information on how to apply access grants and filters, look at the documentation on [access grants](/data-modeling/access_grants.md).

## User attributes populated automatically

There are certain user attributes that are populated automatically.

The following user attributes are populated automatically and cannot be overridden:

* `email`: the logged in user's email

## Reserved User Attributes

There are certain user attributes that have special behavior.

### zenlytic\_connection\_name

The `zenlytic_connection_name` user attribute has the special property that it will override the connection that is used to run queries on the data warehouse. You will set this property to the name of the credential, and that credential will be used in the query.

In the product, the user attribute is applied as the connection to use in all querying situations instead of:

* Testing the connection itself
* Listing databases when adding a new view
* Listing tables when adding a new view

### zenlytic\_connection\_database

The `zenlytic_connection_database` user attribute has the special property that it will override the "database" in the connection to the data warehouse. Not all warehouses handle the "database" idea in the same way, so this is exactly how that breaks down in each situation and for each database type.

In the product, the user attribute is applied as the database to use in all querying situations instead of:

* Testing the connection itself
* Listing databases when adding a new view
* Listing tables when adding a new view

The attribute only applies as the database chosen in the connection itself for:

* Postgres
* MySQL
* Redshift
* Azure Synapse
* SQL Server
* Trino

The attribute applies in the `USE DATABASE` clause for:

* DuckDB
* Snowflake

The attribute `does not apply` in databases where it is not applicable, which are:

* BigQuery
* Druid
* Databricks


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.zenlytic.com/administration/user_attributes.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.