Understanding the different account types available in Pigment is the key to knowing what you and other Members can do within your Workspace. This article walks you through the 5 different type of user accounts and their permissions. We also explain how account types interlink with Pigment license types.
Account types and license types
Before we begin, it’s important to understand the differences between Pigment account types and Pigment license types.
Both account types and license types define what a Member is permitted to do in Pigment.
- Account types (Primary Owner, Security Admin, Workspace Admin, Builder, Standard Member).
These determine Workspace-level actions, such as creating Applications and managing Members. - License types (Editor, Contributor, Explorer).
These specify platform permissions, with Editor licenses having the most extensive rights, including creating formulas and defining model logic.
However, your Pigment account type affects your Pigment license type. By default, all account types except Standard Member have an Editor license - this is due to their Application creation permissions. Standard Member account types have Contributor or Editor licenses types - this is based on their specific Application-level permissions.
By default, Members invited to the Workspace with a Standard Member account type have an Explorer license type. As Application permissions in their role are adjusted and updated, their license type is upgraded accordingly.
For more information on license types in Pigment, see Current Pigment License Types.
Account types
Account types play a significant role in adding new Members and creating Applications, there are five types of user accounts.
The highest level of control and access is typically granted to the Primary Owner, followed by the Security Admin and Workspace Admin. Builders have specific Application-related permissions, and Standard Members have more limited access, primarily to participate in existing Applications.
Primary Owner
The Member who owns the Pigment Workspace and is responsible for the initial setup. This account type ensures that the appropriate internal administrators and modelers have the appropriate access rights and permissions to build in Pigment. Job titles that would be assigned a Primary Owner account include Finance Director, Chief Financial Officer (CFO), Director of FP&A, and Head of Business Intelligence.
The Primary Owner is a protected Member which cannot be modified by other Admins. There is only one per Workspace, and this account type can't be edited or disabled by any other account type. If you want to switch the Primary Owner of your workspace, please see Adding and Switching Accounts in Pigment.
This account is responsible for:
- Access and navigation of Pigment Workspace.
- Pigment Workspace setup
Security Admin
The Member who designs and oversees the security architecture. This includes access rights and permissions, and grants them to other Members in an organization. Depending on your organization, more than one Member may hold this account type - it can't be edited or disabled by any other account type. Job titles that would be assigned a Security Admin account include IT Security Manager, Chief Information Security Officer (CISO), or System Administrator.
This account is responsible for:
- Access and navigation of Pigment Workspace.
- Pigment Workspace setup
- Workspace maintenance
- Workspace security
- Application security
Workspace Admin
The Member who sets up the Pigment Workspace for modelers and Standard Members and manages the Workspace after the implementation is complete. Job titles that would be assigned a Workspace Admin account include IT Administrator, Operations Manager, Business Systems Analyst, or Enterprise Application Administrator.
This account is responsible for:
- Access and navigation of Pigment Workspace
- Pigment Workspace setup
- Workspace maintenance
- Workspace security maintenance
- Application security maintenance
Builder
The Member with the Builder account type has varied skill levels. From learning and applying foundational modeling skills, to autonomously overseeing the planning and execution of Pigment implementations. Job titles that would be assigned a Builder account include Financial Analyst, Data Analyst, or Application Developer.
This account is responsible for:
- Access and navigation of Pigment Workspace
- Board design
- Collaboration
- Board development
- Formula writing
- Data visualization and manipulation
Standard Member
A Pigment Member with a Standard Member account uses Pigment to handle data-related tasks, data analysis, and decision-making. They can input, manipulate, and view data without needing to write formulas. Job titles that would be assigned a Standard Member account include Business Unit Manager, Sales Manager, or Supply Chain Analyst.
A Standard Member assesses pre-existing datasets to support organizational goals, and works with, or adapts, pre-built data for personal use.
Any Member with this account type can be added to existing Applications.
This account is responsible for:
- Access and navigation of Pigment Workspace
- Board design
- Collaboration
- Data visualization and manipulation
Account type permissions
Account type permissions are at Workspace level, meaning that they do not impact a Member’s permissions within an Application.
When Members are added, a circle is displayed with their initials in it. This also known as the Member’s avatar. The avatar color is determined by Account type. In Members Management, you can click on the Account type heading to sort and view the color assigned to each account type.
Each account type has a specific set of permissions that determine what actions that Member can perform within Pigment.
Here's a breakdown of the permissions available for each account type:
Permission | Primary Owner | Security Admin | Workspace Admin | Builder | Standard Member |
---|---|---|---|---|---|
Manage Application Owners | Yes | Yes | No | No | No |
View all Applications and become Admin | Yes | Yes | No | No | No |
Can Manage Security Audit | Yes | Yes | No | No | No |
Can Manage Image Domain Allow List | Yes | Yes | No | No | No |
Manage Identity & Provisioning Settings Learn more here. | Yes | Yes | No | No | No |
Can Impersonate Users Learn more here. | Yes | Yes | No | No | No |
View the Plan & Usage page | Yes | Yes | Yes | No | No |
Manage Members (Add, remove, delete) | Yes | Yes | Yes | No | No |
Manage Connectors and API Keys Learn more here. | Yes | Yes | Yes | No | No |
Create / Rename / Delete Shared Scenarios Learn more here. | Yes | Yes | Yes | No | No |
Update Color Palette Learn more here. | Yes | Yes | Yes | No | No |
Manage Snapshots | Yes | Yes | Yes | Yes | No |
Create Applications | Yes | Yes | Yes | Yes | No |
Can Use Test and Deploy | Yes | Yes | Yes | Yes | No (Has no access to Test and Deploy environments) |
Delete Applications | Yes (if Application owner) | Yes (if Application owner) | Yes (if Application owner) | Yes (if Application owner) | No |
Duplicate Applications | Yes (if assigned Display Application permission on Application) | Yes (if assigned Display Application permission on Application) | Yes (if assigned Display Application permission on Application) | Yes (if assigned Display Application permission on Application) | No |