Skip to main content

Understanding the different account types available in Pigment is the key to knowing what you and other Members can do within your Workspace. This article walks you through the 5 different type of user accounts and their permissions. We also explain how account types interlink with Pigment license types.

 

Account types and license types

Before we begin, it’s important to understand the differences between Pigment account types and Pigment license types.

Both account types and license types define what a Member is permitted to do in Pigment.

  • Account types (Primary Owner, Security Admin, Workspace Admin, Builder, Standard Member).
    These determine Workspace-level actions, such as creating Applications and managing Members.
  • License types (Editor, Contributor, Explorer).
    These specify platform permissions, with Editor licenses having the most extensive rights, including creating formulas and defining model logic.

However, your Pigment account type affects your Pigment license type. By default, all account types except Standard Member have an Editor license - this is due to their Application creation permissions. Standard Member account types have Contributor or Editor licenses types - this is based on their specific Application-level permissions.

By default, Members invited to the Workspace with a Standard Member account type have an Explorer license type. As Application permissions in their role are adjusted and updated, their license type is upgraded accordingly.

For more information on license types in Pigment, see Current Pigment License Types
 

Pigment account types and license types

Account types

Account types play a significant role in adding new Members and creating Applications, there are five types of user accounts.

The highest level of control and access is typically granted to the Primary Owner, followed by the Security Admin and Workspace Admin. Builders have specific Application-related permissions, and Standard Members have more limited access, primarily to participate in existing Applications.

Pigment account types

 

 

Primary Owner

The Member who owns the Pigment Workspace and is responsible for the initial setup. This account type ensures that the appropriate internal administrators and modelers have the appropriate access rights and permissions to build in Pigment. Job titles that would be assigned a Primary Owner account include Finance Director, Chief Financial Officer (CFO), Director of FP&A, and Head of Business Intelligence. 

The Primary Owner is a protected Member which cannot be modified by other Admins. There is only one per Workspace, and this account type can't be edited or disabled by any other account type. If you want to switch the Primary Owner of your workspace, please see Adding and Switching Accounts in Pigment.

This account is responsible for:

  • Access and navigation of Pigment Workspace.
  • Pigment Workspace setup
     

Security Admin

The Member who designs and oversees the security architecture. This includes access rights and permissions, and grants them to other Members in an organization. Depending on your organization, more than one Member may hold this account type - it can't be edited or disabled by any other account type. Job titles that would be assigned a Security Admin account include IT Security Manager, Chief Information Security Officer (CISO), or System Administrator. 

This account is responsible for:

  • Access and navigation of Pigment Workspace.
  • Pigment Workspace setup
  • Workspace maintenance
  • Workspace security
  • Application security
     

Workspace Admin

The Member who sets up the Pigment Workspace for modelers and Standard Members and manages the Workspace after the implementation is complete. Job titles that would be assigned a Workspace Admin account include IT Administrator, Operations Manager, Business Systems Analyst, or Enterprise Application Administrator. 

This account is responsible for:

  • Access and navigation of Pigment Workspace
  • Pigment Workspace setup
  • Workspace maintenance
  • Workspace security maintenance
  • Application security maintenance
     

Builder

The Member with the Builder account type has varied skill levels. From learning and applying foundational modeling skills, to autonomously overseeing the planning and execution of Pigment implementations. Job titles that would be assigned a Builder account include Financial Analyst, Data Analyst, or Application Developer. 

This account is responsible for:

  • Access and navigation of Pigment Workspace
  • Board design
  • Collaboration
  • Board development
  • Formula writing
  • Data visualization and manipulation
     

Standard Member

A Pigment Member with a Standard Member account uses Pigment to handle data-related tasks, data analysis, and decision-making. They can input, manipulate, and view data without needing to write formulas. Job titles that would be assigned a Standard Member account include Business Unit Manager, Sales Manager, or Supply Chain Analyst. 

A Standard Member assesses pre-existing datasets to support organizational goals, and works with, or adapts, pre-built data for personal use.

Any Member with this account type can be added to existing Applications.

This account is responsible for:

  • Access and navigation of Pigment Workspace
  • Board design
  • Collaboration
  • Data visualization and manipulation

 

Account type permissions

Account type permissions are at Workspace level, meaning that they do not impact a Member’s permissions within an Application.

When Members are added, a circle is displayed with their initials in it. This also known as the Member’s avatar. The avatar color is determined by Account type. In Members Management, you can click on the Account type heading to sort and view the color assigned to each account type.

Each account type has a specific set of permissions that determine what actions that Member can perform within Pigment. 

Here's a breakdown of the permissions available for each account type:

Permission Primary Owner Security Admin Workspace Admin  Builder Standard Member
Manage Application Owners Yes Yes No No No
View all Applications and become Admin Yes Yes No No No
Can Manage Security Audit  Yes Yes No No No
Can Manage Image Domain Allow List Yes Yes No No No
Manage Identity & Provisioning Settings

Learn more
here.
Yes Yes No No No
Can Impersonate Users

Learn more
here.
Yes Yes No No No
View the Plan & Usage page Yes Yes Yes No No
Manage Members (Add, remove, delete) Yes Yes Yes No No
Manage Connectors and API Keys

Learn more
here.
Yes Yes Yes No No
Create / Rename / Delete Shared Scenarios

Learn more
here.
Yes Yes Yes No No
Update Color Palette

Learn more
here.
Yes Yes Yes No No
Manage Snapshots Yes Yes Yes Yes No
Create Applications Yes Yes Yes Yes No
Can Use Test and Deploy  Yes Yes Yes Yes No 
(Has no access to Test and Deploy environments) 
Delete Applications Yes
(if Application owner)
Yes
(if Application owner)
Yes
(if Application owner)
Yes
(if Application owner)
No
Duplicate Applications Yes
(if assigned
Display Application permission on Application)
Yes
(if assigned
Display Application permission on Application)
Yes
(if assigned
Display Application permission on Application)
Yes
(if assigned
Display Application permission on Application)
No