Klairr uses role-based access control with four roles. Every user in your organization is assigned exactly one role.
Role overview
| Capability | Admin | Power User | Analyst | Member |
|---|---|---|---|---|
| Ask questions | Yes | Yes | Yes | Yes |
| View shared reports | Yes | Yes | Yes | Yes |
| Save reports | Yes | Yes | Yes | — |
| Share reports | Yes | Yes | Yes | — |
| SQL Live Edit | Yes | Yes | Yes | — |
| Export data (CSV/JSON) | Yes | Yes | Yes | — |
| Configure AI Memory | Yes | Yes | — | — |
| View usage & audit logs | Yes | Yes | — | — |
| Manage connectors | Yes | — | — | — |
| Manage users & roles | Yes | — | — | — |
| Access GRC audit | Yes | — | — | — |
| Manage billing | Yes | — | — | — |
| View release notes | Yes | Yes | Yes | Yes |
Role details
Admin
Full access to everything. Admins can manage users, connectors, AI Memory, billing, and the GRC audit dashboard. The first user who creates the organization automatically becomes an Admin.
Best for: Team leads, data team managers, IT administrators.
Power User
Can do everything an Analyst can, plus configure AI Memory and view usage/audit logs. Cannot manage connectors or users.
Best for: Senior analysts, data engineers who configure the platform but don’t manage infrastructure.
Analyst
Can ask questions, save and share reports, use SQL Live Edit, and export data. Cannot configure AI Memory or view audit logs.
Best for: Data analysts, business analysts, anyone who works with data regularly.
Member
Can ask questions and view reports shared with them. The simplest role — designed for business users who just need answers.
Best for: Executives, sales reps, marketers, operations staff — anyone who needs data but doesn’t work with it daily.
Connector-level access
Beyond roles, Admins can control which connectors each role can access. This lets you:
- Restrict production database access to Admins and Power Users
- Give Analysts access to the analytics warehouse but not the production database
- Limit Members to a curated subset of data sources
Configure connector access in Settings > Connectors.
Spend limits by role
Admins can set per-query and daily byte scan limits for each role:
- Admins — full org access within plan caps
- Power Users — higher limits
- Analysts — moderate limits
- Members — lower limits to prevent costly queries
This prevents accidental expensive queries from users who may not understand the cost implications.
Changing roles
Admins can change any user’s role from the Users admin page. Role changes take effect immediately.
What’s next
- User Management — invite users and manage your team
- Security & Data Handling — understand how Klairr protects your data