Skip to main content

Roles and Permission Matrix

Transform has a both primary and secondary roles in the product. Primary roles map to assignments that are given when a user is created in the interface, and secondary roles are roles that are assumed based on certain actions or assignments that come after a primary role designation.

Primary Roles

Organization Administrator

Organization Administrators have elevated privileges and can take most actions across the Transform App. Currently, there are only administrative actions available in the Metrics Catalog.

Administrators can change metadata about a metric (without ownership), edit and remove team members, as well as view and update settings around DW credentials.


Users can view and interact with most components of the interface but will not be able to take administrative actions, such as editing and managing users. Additionally, they will not be able to change anything about a metric in the UI unless they are explicitly an owner. A user is the default setting for an account that is not an administrator.

Team Administrator Team administrators can be either users or organization administrators. A person with an account in Transform can become a Team Admin by creating a team. Team Admins can take high-level actions around their team settings and on team pages.

Metric Owners Metric owners can be Teams (a set of users) or individual Users. These assignments must be designated through the Framework or User interface. Metric Owners can take high-level actions around the metric description, approval, and ownership of a given metric.

Content Owners Content owners are the creators of a piece of content, which can be a Saved Query, Board, Annotation, or Question.

Note: We have left metric owners, team administrators, and content owners out of the matrix and denoted which actions matter for these roles by indicating how a user's permissions change based on them.

Permissions Matrix

ComponentActionOrg. AdminUser
SettingsEdit/Invite Users in Transform✔️-
Create Teams✔️✔️
Edit/Add Users to Teams✔️If user is Team Admin
Edit DW Credentials✔️-
Edit MQL Server Settings✔️-
Create API Key for oneself✔️✔️
View MQL Query Logs✔️✔️
Set up Integrations*✔️-
Modify Org. Security Settings✔️-
Interact w/API Explorer & Model Page✔️✔️
MetricsView and Query Metric✔️✔️
See All Private Metrics w/o ownership or access✔️-
Edit Metric Description✔️If user or user's team owns metric
Update Metric Metadata (includes setting alerts)✔️If user or user's team owns metric
Create Annotation✔️✔️
Edit/Delete Annotation✔️If user authored
Create Question✔️✔️
Edit QuestionIf admin authoredIf user authored
Delete Question✔️If user authored
Approve Metrics✔️If user is owner
Add Metric Owners✔️If user is owner
Subscribe to Metrics✔️✔️
Add Subscribers to Metrics✔️If user or user's team owns metric
Query & BoardCreate & Save Query✔️✔️
Share and Export Query✔️✔️
Add to Board✔️✔️
Delete Query*✔️If user created query
Update QueryIf admin created queryIf user created query
Create Board✔️✔️
Update BoardIf admin owner of boardIf user or user's team owner of board
Delete Board✔️If user or user's team owner of board
MetricFlow and APIsRun MQL queries (in any supported interface)✔️✔️
Committing Models✔️✔️
Query through Transform Integrations✔️✔️


  • This matrix does not take into account private metrics. If a metric is private, only authorized users will have access to it
  • Certain integrations do not require an organization administrator to set up such as Google Sheets and Tableau.
  • Deleting queries is only possible if the query isn't being consumed on a Board.
  • Metrics cannot be deleted from the Transform application unless removed from the YAML file and committed to the repository.