# Permissions & Groups

The permissions model is based on groups and their associated data sources. Group membership defines the actions a user is allowed to take (although currently there’s no UI to edit group action permissions), and which data sources they have access to (for this we have UI).

#### How does it work? <a href="#how-does-it-work" id="how-does-it-work"></a>

Each user belongs to one or more groups. By default, each user joins the Default group. The common data sources should be associated with the Default group.

Each data source will be associated with one or more groups. Each connection to a group will define, whether this group has **Full access** to this data source (view existing queries and run new ones) or **View Only access** , which allows only viewing existing queries and results.

Any dashboard can contain visualizations from any data source (as long as the creating user has access to them). When a user who doesn’t have access to a visualization (because he doesn’t have access to the data source) opens a dashboard, he’ll see where a visualization would be but won’t be able to see any details. The screenshot shown below shows a Dashboard Widget with a visualization the user doesn’t have access to.

<figure><img src="/files/MNdnOCoYjeKxfqVgfTUf" alt=""><figcaption></figcaption></figure>

If a user has access to at least one widget on a dashboard, they’ll be able to see the dashboard in the list of all dashboards.

#### What if I want to limit the user to only some tables? <a href="#what-if-i-want-to-limit-the-user-to-only-some-tables" id="what-if-i-want-to-limit-the-user-to-only-some-tables"></a>

The idea is to leverage your database’s security model and hence create a user with access to the tables/columns you want to give access to. Create a data source that’s using this user and then associate it with a group of users who need this level of access.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.inverse.watch/admin-and-dev-guide/users/permissions-and-groups.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.