Skip to main content

Authorization Overview

Authorization in Promethium

Authorization specifies what accesses an authenticated user has within a system. Once the identity of a user or service has been established, Promethium determines what accesses the authenticated request has.

This is done by checking what operation a given user/service wants to perform within Promethium & whether it is allowed to do so.

There are two core pillars of authorization:

  1. UI Authorization – Controls which users can access what capabilities within Promethium UIs
  2. Data Authorization – Controls which data users can see and query what data across connected platforms

Understanding both is essential for properly securing your environment and scaling access across teams.

1. UI Authorization

UI authorization in Promethium is based on role-based access control (RBAC). Roles determine which features and actions are available to a user in the UI.

For example:

CapabilityWho Can Access (Example Roles)
Manage connected data sourcesadmin only
Modify a column descriptiondata_steward, lead_analyst

Administrators can define and assign roles during onboarding or within the admin console.

2. Data Authorization

While UI roles control which users can do, data authorization controls what data they can see and query.

This is enforced through:

  • Data access policies on individual objects or groups of objects (Domains)
  • Row- and column-level access polices for fine grained access

This ensures that if a user accesses data via a Promethium UI or a 3rd party product, they’ll only receive results from datasets they’re allowed to see.

Why Authorization Matters

Authorization protects:

  • Sensitive information (e.g., HR, finance, customer PII)
  • Compliance requirements (e.g., GDPR, HIPAA, SOC 2)
  • Team boundaries (e.g., marketing can't query engineering data)

It also improves user experience by showing people only what’s relevant to them — reducing clutter and minimizing errors.

Authorization Components

1. Users

Users are individuals or systems who access the Promethium platform.

2. Permission Sets

Permission Sets are a logical grouping of privileges. They control access to:

  • Application screens and features
  • Functional capabilities (e.g., create tables, view dashboards)
  • System operations (e.g., manage data sources, configure connections)

3. Roles

Roles are collections of Permission Sets assigned to users.

4. Domains

Domains are logical groupings of data objects (tables, views, datamaps).