User management
Access in Streya is organized in two levels:
- An organization is your company’s top-level account. It contains your people and one or more workspaces.
- A workspace is a self-contained analytics environment: its own data connection, semantic model, conversations, and dashboards. Most teams keep one workspace per business unit or use case.
People are invited to the organization, then granted access to specific workspaces. Each level has its own roles, so someone can be an organization member but a workspace admin, or any other combination.
Organization roles
Section titled “Organization roles”| Role | Can do |
|---|---|
| Admin | Everything a member can, plus manage the organization: invite and remove people, and access every workspace in the organization. |
| Member | Only the workspaces they’ve explicitly been added to. |
Organization admins have full reach by design — they can open any workspace without being added to it. Grant the admin role deliberately.
Inviting people to your organization
Section titled “Inviting people to your organization”From your organization settings, invite a person by email and choose their organization role (admin or member). They receive an email invitation; their access begins once they accept.
Until then the invitation sits in a pending state, where you can revoke it.
Adding members to a workspace
Section titled “Adding members to a workspace”An organization member sees a workspace only after you add them to it. From the workspace’s member access, add an existing organization member and choose their workspace role:
| Workspace role | Can do |
|---|---|
| Admin | Manage the workspace, connect and model data, and use conversations and dashboards. |
| Member | Use conversations and dashboards. Cannot change the data connection or the semantic model. |
The split is deliberate: admins shape what the data means; members consume it. Most analysts and decision-makers are members; the people maintaining the connection and semantic model are admins.
Inviting an external user
Section titled “Inviting an external user”You can also add someone who isn’t in your organization to a single workspace — invite them by email directly from the workspace’s member access. They get access to that one workspace, with the workspace role you choose, and nothing else in the organization.
Use this for a contractor, an agency, or a partner who only needs one workspace.
Advanced: groups and user attributes
Section titled “Advanced: groups and user attributes”For workspaces that restrict what rows each person can see, two extra controls feed into access policies:
- Groups — tag a member with a group such as
salesorfinance. Policies can grant or restrict data per group. - User attributes — attach key-value pairs to a member, for example
salesperson_id: 123. A policy can reference the attribute to filter data down to that person’s own rows.
Groups and attributes do nothing on their own — they’re the inputs an access policy reads. See managing access for how to put them to work.
Removing access and invitations
Section titled “Removing access and invitations”Removing a member
Section titled “Removing a member”Remove a person from a workspace to revoke their access to it while leaving the rest of their organization access intact. Remove them from the organization to revoke everything at once.
Revoking an invitation
Section titled “Revoking an invitation”A pending invitation — to the organization or to a workspace — can be revoked before it’s accepted. The link stops working immediately and the person never gains access.