# Predefined Roles for Workspace Groups in an Organization

## Workspace Group Roles

| Role                 | Description                                                                                                                                                                                                                                                                                                                                                                                                                                                                                       | Permissions                                                                                                                                                                                                                                                                                                          |
| -------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| **`Owner`**          | <ul> <li>Owners are granted full access to the workspace group, including the ability to create and terminate workspaces or terminate the workspace group.</li> <li>Users granted the Owner role in the organization inherit the Owner role on all workspace groups in the organization.</li> </ul>                                                                                                                                                                                               | <ul> <li>ACTIVATE SMARTDR</li> <li>CONFIGURE ALERTS</li> <li>CONFIGURE SMARTDR</li> <li>CONTROL ACCESS</li> <li>CREATE DATABASE</li> <li>CREATE WORKSPACE</li> <li>DROP DATABASE</li> <li>LOAD DATA</li> <li>MONITOR</li> <li>OPERATE</li> <li>TERMINATE</li> <li>USE</li> <li>VIEW</li> <li>VIEW SMARTDR</li> </ul> |
| **`Operator`**       | <ul> <li>Operators are granted access to administrative actions for the workspace group including scale, suspend, resume, backup, recover, and configure network policies, passwords, update windows or certificates.</li> <li>Operators have some ability to access and modify data in workspace groups including creating or dropping databases.</li> <li>Users granted the Operator role in the organization inherit the Operator role on all workspace groups in the organization.</li> </ul> | <ul> <li>ACTIVATE SMARTDR</li> <li>CONFIGURE ALERTS</li> <li>CONFIGURE SMARTDR</li> <li>MONITOR</li> <li>OPERATE</li> <li>USE</li> <li>VIEW</li> <li>VIEW SMARTDR</li> </ul>                                                                                                                                         |
| **`Observer`**       | <ul> <li>Observers are granted the ability to view the monitoring details of the workspace group and inspect its configuration without granting access to the data.</li> <li>Users granted the Observer role in the organization inherit the Observer role on all workspace groups in the organization.</li> </ul>                                                                                                                                                                                | <ul> <li>MONITOR</li> <li>VIEW</li> <li>VIEW SMARTDR</li> </ul>                                                                                                                                                                                                                                                      |
| **`Writer`**         | <ul> <li>Writers are granted full access to data in the workspace group, including the ability to create and drop databases.  </li> <li>Users granted the Writer role in the organization inherit the Writer role on all workspace groups in the organization.</li> </ul>                                                                                                                                                                                                                         | <ul> <li>CONFIGURE SMARTDR</li> <li>CREATE DATABASE</li> <li>DROP DATABASE</li> <li>LOAD DATA</li> <li>MONITOR</li> <li>USE</li> <li>VIEW</li> <li>VIEW SMARTDR</li> </ul>                                                                                                                                           |
| **`Reader`**         | <ul> <li>Readers are granted read access to all databases in the workspace group. </li> <li>Users granted the Reader role in the organization inherit the Reader role on all workspace groups in the organization.</li> </ul>                                                                                                                                                                                                                                                                     | <ul> <li>MONITOR</li> <li>USE</li> <li>VIEW</li> <li>VIEW SMARTDR</li> </ul>                                                                                                                                                                                                                                         |
| **`Limited Access`** | <ul> <li>The Limited Access role grants no specific access beyond the ability to see the workspace group and its member workspaces.</li> <li>Users with the Limited Access role are synchronized to the workspace group where they may be granted access to specific databases or tables using database RBAC commands</li> </ul>                                                                                                                                                                  | <ul> <li>VIEW</li> </ul>                                                                                                                                                                                                                                                                                             |
| `All Roles`          | <ul> <li>Any user granted any role on a workspace group will be synchronized to that workspace group and added to a group granted a role with appropriate permissions. See the User Synchronization section below for more details.</li> </ul>                                                                                                                                                                                                                                                    |                                                                                                                                                                                                                                                                                                                      |

## Synchronization Between Cloud Roles and Database Engine Roles

When a user is added to a workspace group, that user is automatically assigned to the corresponding engine user group and role as per the following table. Refer to [Cloud User and Role Synchronization with the Database Engine](https://docs.singlestore.com/cloud/security/administration/role-based-access-control-rbac-for-singlestore-helios/#section-idm4582876268353633918035543521.md) for a detailed explanation..

| Cloud Role                    | Engine User Group            | Engine Role                 | Engine Permissions                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                           |
| ----------------------------- | ---------------------------- | --------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
| `Owner`                       | `CloudOwners`                | `CloudOwner`                | <ul> <li>ALTER</li> <li>ALTER EVENT TRACE</li> <li>ALTER EXTENSION</li> <li>ALTER PIPELINE</li> <li>ALTER ROUTINE</li> <li>ALTER USER</li> <li>ALTER VIEW</li> <li>BACKUP</li> <li>CLUSTER</li> <li>CONNECTION_ADMIN</li> <li>CREATE</li> <li>CREATE DATABASE</li> <li>CREATE EXTENSION</li> <li>CREATE EXTERNAL CATALOG</li> <li>CREATE LINK</li> <li>CREATE PIPELINE</li> <li>CREATE POOL</li> <li>CREATE ROUTINE</li> <li>CREATE TEMPORARY TABLES</li> <li>CREATE USER</li> <li>CREATE VIEW</li> <li>DELETE</li> <li>DROP</li> <li>DROP DATABASE</li> <li>DROP EXTENSION</li> <li>DROP EXTERNAL CATALOG</li> <li>DROP LINK</li> <li>DROP PIPELINE</li> <li>DROP POOL</li> <li>DROP VIEW</li> <li>EXECUTE</li> <li>GRANT OPTION</li> <li>INDEX</li> <li>INSERT</li> <li>LOCK TABLES</li> <li>OUTBOUND</li> <li>PROCESS</li> <li>RELOAD</li> <li>SELECT</li> <li>SHOW EXTENSION</li> <li>SHOW EXTERNAL CATALOG</li> <li>SHOW LINK</li> <li>SHOW METADATA</li> <li>SHOW PIPELINE</li> <li>SHOW ROUTINE</li> <li>SHOW VIEW</li> <li>START PIPELINE</li> <li>SYSTEM_VARIABLES_ADMIN</li> <li>UPDATE</li> </ul> |
| `Operator`                    | `CloudOperators`             | `CloudOperator`             | <ul> <li>ALTER EXTENSION</li> <li>ALTER ROUTINE</li> <li>BACKUP</li> <li>CONNECTION_ADMIN</li> <li>CREATE</li> <li>CREATE DATABASE</li> <li>CREATE EXTENSION</li> <li>CREATE EXTERNAL CATALOG</li> <li>CREATE POOL</li> <li>CREATE ROUTINE</li> <li>CREATE TEMPORARY TABLES</li> <li>DROP</li> <li>DROP DATABASE</li> <li>DROP EXTENSION</li> <li>DROP EXTERNAL CATALOG</li> <li>DROP POOL</li> <li>INDEX</li> <li>OUTBOUND</li> <li>PROCESS</li> <li>RELOAD</li> <li>SELECT</li> <li>SHOW EXTENSION</li> <li>SHOW EXTERNAL CATALOG</li> <li>SHOW METADATA</li> <li>SHOW PIPELINE</li> <li>SHOW ROUTINE</li> <li>START PIPELINE</li> <li>SYSTEM_VARIABLES_ADMIN</li> </ul>                                                                                                                                                                                                                                                                                                                                                                                                                                   |
| `Writer`                      | `CloudWriters`               | `CloudWriter`               | <ul> <li>ALTER</li> <li>ALTER PIPELINE</li> <li>ALTER ROUTINE</li> <li>ALTER VIEW</li> <li>CREATE</li> <li>CREATE DATABASE</li> <li>CREATE EXTENSION</li> <li>CREATE EXTERNAL CATALOG</li> <li>CREATE LINK</li> <li>CREATE PIPELINE</li> <li>CREATE ROUTINE</li> <li>CREATE TEMPORARY TABLES</li> <li>CREATE VIEW</li> <li>DELETE</li> <li>DROP</li> <li>DROP DATABASE</li> <li>DROP EXTENSION</li> <li>DROP EXTERNAL CATALOG</li> <li>DROP LINK</li> <li>DROP PIPELINE</li> <li>DROP VIEW</li> <li>INDEX</li> <li>INSERT</li> <li>LOCK TABLES</li> <li>EXECUTE</li> <li>SELECT</li> <li>SHOW EXTENSION</li> <li>SHOW EXTERNAL CATALOG</li> <li>SHOW LINK</li> <li>SHOW METADATA</li> <li>SHOW PIPELINE</li> <li>SHOW ROUTINE</li> <li>SHOW VIEW</li> <li>START PIPELINE</li> <li>UPDATE</li> </ul>                                                                                                                                                                                                                                                                                                          |
| `Reader`                      | `CloudReaders`               | `CloudReader`               | <ul> <li>SELECT</li> <li>SHOW LINK</li> <li>SHOW EXTENSION</li> <li>SHOW EXTERNAL CATALOG</li> <li>SHOW METADATA</li> <li>SHOW ROUTINE</li> <li>SHOW VIEW</li> </ul>                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                         |
| `Database User Administrator` | `DatabaseUserAdministrators` | `DatabaseUserAdministrator` | <ul> <li>ALTER USER</li> <li>CREATE USER</li> </ul>                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          |
| `Observer`                    | `CloudObservers`             | `None`                      | None                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                         |
| `Limited Access`              | `CloudLimitedAccessUsers`    | `None`                      | None                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                         |
| `All Roles`                   | `CloudUsers`                 | `None`                      | None                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                         |

***

Modified at: May 13, 2026

Source: [/cloud/security/administration/role-based-access-control-rbac-for-singlestore-helios/predefined-roles-for-workspace-groups-in-an-organization/](https://docs.singlestore.com/cloud/security/administration/role-based-access-control-rbac-for-singlestore-helios/predefined-roles-for-workspace-groups-in-an-organization/)

(An index of the documentation is available at /llms.txt)