# User Roles Permissions sets that give users the ability to take certain actions in Zenlytic There are eight (8) roles in Zenlytic that a user can have. Each role corresponds to a permission set. Available permissions and their actions are as follows: `save_content`: This is the ability to save a query result to a dashboard or modify an existing dashboard. `schedule_content`: This is the ability to schedule a dashboard for delivery in Slack or email. `view_content`: This is the ability to view dashboards. `explore_from_here`: This is the ability to "Explore from here" to the graphical UI to change a query found on a dashboard or in Zoë. `edit_settings`: This is the admin permission to edit the settings of the workspace itself. With this permission, a user can grant him/herself any permission. `change_branch`: This is the ability to change the branch the workspace is looking at. By default, the branch will always be the production branch `download_with_limit`: The ability to download data with a limit applied. `download_without_limit`: The ability to download data without a limit applied (The max is 1 million in this case). `see_sql`: The ability to see the SQL that was used to create the plot or table the user is looking at. `run_sql`: The ability to run arbitrary SQL on the warehouse. This effectively gives the user access to all data that is in the warehouse. `chat`: The ability to chat with Zoë. `data_model_edit`: The ability to edit the data model. `create_workflow`: The ability to create a Proactive Agent (previously branded as a 'workflow') `deploy_to_production`: The ability to deploy the data model from one branch to the production branch. `create_dynamic_field`: The ability to create a dynamic field (does not include the ability to promote it to the data model). `view_workspace_users`: The ability to view the names of other users in the workspace. `workspace_management`: Grants the ability to create, archive, and manage workspaces and credentials across an organization ## Organization Admin The organization admin has *all* of the above permissions. In addition to all standard Admin capabilities, Organization Admins can: * Manage workspaces across the organization: create new workspaces, archive existing ones, and configure SSO provisioning settings for each workspace. * Manage credentials across the organization: view all credentials and copy them between workspaces. When an Organization Admin creates a new workspace, they are automatically assigned the Organization Admin role in that workspace. *Note: The Organization Admin role only appears as an option in the role selector for users who already have the workspace\_management permission. If your workspace is not part of an organization, this role will not be available.* ## Admin The admin has all of the above permissions *except* `workspace_management`. ## Develop Develop has all of the admin permissions except the ability to edit the workspace settings (`edit_settings`). ## Develop without Deploy Develop without Deploy has all of the Develop permissions except the ability to deploy the data model to production (`deploy_to_production`). ## Explore The Explore role is the most common, and we recommend it as the default. It has `save_content`, `schedule_content`, `view_content`, `explore_from_here`, `download_with_limit`, `download_without_limit`, `see_sql`, `create_workflow`, `create_dynamic_field`, `view_workspace_users`, and `chat`. ## View View has the same permissions as Explore but without `download_without_limit`. ## Restricted Restricted has ONLY the `view_content` permission. This means the user can only see dashboards, and cannot follow up or ask Zoë questions. *Note:* This user can change filters on dashboards which means in terms of API access, they have the ability to run queries that are not just the queries present on the dashboard. You should use this role in conjunction with [data access controls](https://docs.zenlytic.com/data-modeling/access_grants), not instead of data access controls. ## Embed This permission set is not available in the UI but is the default for embedded users. It has `view_content`, `explore_from_here`, `download_with_limit`, and `chat` permissions. ## Embed with SQL This permission set is not available in the UI but is the default for embedded users. It has `view_content`, `explore_from_here`, `download_with_limit`, `see_sql`, and `chat` permissions. ## Embedded with Scheduling This permission set is not available in the UI but is the default for embedded users. It (predictably) has `schedule_content`, `view_content`, `see_sql`, `explore_from_here`, `download_with_limit`, and `chat` permissions. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.zenlytic.com/zenlytic-ui/user_roles.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.