A simple guide to how Omni handles who can see/work with content (dashboards, workbooks, folders) and who can query data (connections).
Two Permission Systems Working Together
Omni uses two layers of permissions:
-
Content permissions — control access to Omni content
(dashboards, workbooks, folders) -
Connection permissions — control access to the underlying data sources
(warehouse connections + their schemas/tables)
A user must pass both layers to fully interact with content.
Content Permissions: “Can I open this dashboard?”
Content permissions decide:
- Who can view content
- Who can edit or publish
- Who can share with others
Docs:
- Content permissions: https://docs.omni.co/docs/content-sharing
Generally, if a user lacks content access → they won’t even see the item in Omni.
Connection Permissions: “Can I query the data behind it?”
Connection permissions decide:
- Whether a user can run queries
- The scope in which a user can run queries
- Example: Users with connection roles Viewer or Restricted Querier can only run topic-based queries
Docs for reference:
- Connections & permissions: https://docs.omni.co/docs/admin/connection-permissions
If a user lacks required data access → the content appears, but queries may fail or data may be partially hidden.
How They Interact
To fully use a piece of content, a user needs:
- Permission to the content, and
- Permission to the connection(s) it uses
Practical Guide
- When someone can’t see data, check connection permissions
- When someone can’t see or open the object, check content permissions
- When numbers look different between users, check row-level security
- When queries error even though content is visible, check connection-level table access
Simple Summary
- Content permissions = access to Omni objects
- Connection permissions = access to data
- Users need both to explore, query, and view dashboards successfully.