Omni Admin

Manage your Omni instance — connections, users, groups, user attributes, permissions, schedules, and schema refreshes.

Tip: Most admin endpoints require an Organization API Key (not a Personal Access Token).

Prerequisites

# Verify the Omni CLI is installed — if not, ask the user to install it
# See: https://github.com/exploreomni/cli#readme
command -v omni >/dev/null || echo "ERROR: Omni CLI is not installed."

# Show available profiles and select the appropriate one
omni config show
# If multiple profiles exist, ask the user which to use, then switch:
omni config use <profile-name>

Discovering Commands

omni scim --help             # User and group management
omni schedules --help        # Schedule operations
omni connections --help      # Connection management
omni documents --help        # Document permissions
omni folders --help          # Folder permissions

Tip: Use -o json to force structured output for programmatic parsing, or -o human for readable tables. The default is auto (human in a TTY, JSON when piped).

Connections

# List connections
omni connections list

# Schema refresh schedules
omni connections schedules-list <connectionId>

# Connection environments
omni connections connection-environments-list

User Management (SCIM 2.0)

# List users
omni scim users-list

# Find by email
omni scim users-list --filter 'userName eq "user@company.com"'

# Create user
omni scim users-create --body '{
  "schemas": ["urn:ietf:params:scim:schemas:core:2.0:User"],
  "userName": "newuser@company.com",
  "displayName": "New User",
  "active": true,
  "emails": [{ "primary": true, "value": "newuser@company.com" }]
}'

# Deactivate user
omni scim users-update <userId> --body '{
  "schemas": ["urn:ietf:params:scim:schemas:core:2.0:User"],
  "Operations": [{ "op": "replace", "path": "active", "value": false }]
}'

# Delete user
omni scim users-delete <userId>

Group Management (SCIM 2.0)

# List groups
omni scim groups-list

# Create group
omni scim groups-create --body '{
  "schemas": ["urn:ietf:params:scim:schemas:core:2.0:Group"],
  "displayName": "Analytics Team",
  "members": [{ "value": "user-uuid-1" }]
}'

# Add members
omni scim groups-update <groupId> --body '{
  "schemas": ["urn:ietf:params:scim:schemas:core:2.0:Group"],
  "Operations": [{ "op": "add", "path": "members", "value": [{ "value": "new-user-uuid" }] }]
}'

User Attributes

# List attributes
omni user-attributes list

# Set attribute on user (via SCIM)
omni scim users-update <userId> --body '{
  "schemas": ["urn:ietf:params:scim:schemas:core:2.0:User"],
  "Operations": [{
    "op": "replace",
    "path": "urn:omni:params:1.0:UserAttribute:region",
    "value": "West Coast"
  }]
}'

User attributes work with access_filters in topics for row-level security.

Model Roles

# Get/set model roles for a user
omni users get-model-roles <userId>

omni users assign-model-role <userId> --body '{ "modelId": "{modelId}", "role": "VIEWER" }'

# Get/set model roles for a group
omni users user-groups-get-model-roles <groupId>

omni users user-groups-assign-model-role <groupId> --body '{ "modelId": "{modelId}", "role": "VIEWER" }'

Document Permissions

# Get permissions for a user (userId required)
omni documents get-permissions <documentId> --userid <userId>

# Set permissions
omni documents update-permission-settings <documentId> --body '{
  "permissions": [
    { "type": "group", "id": "group-uuid", "access": "view" },
    { "type": "user", "id": "user-uuid", "access": "edit" }
  ]
}'

Folder Permissions

# Get
omni folders get-permissions <folderId>

# Set
omni folders add-permissions <folderId> --body '{
  "permissions": [{ "type": "group", "id": "group-uuid", "access": "view" }]
}'

Schedules

# List schedules
omni schedules list

# Create schedule
omni schedules create --body '{
  "documentId": "dashboard-identifier",
  "frequency": "weekly",
  "dayOfWeek": "monday",
  "hour": 9,
  "timezone": "America/Los_Angeles",
  "format": "pdf"
}'

# Manage recipients
omni schedules recipients-get <scheduleId>

omni schedules add-recipients <scheduleId> --body '{ "recipients": [{ "type": "email", "value": "team@company.com" }] }'

Verification After Changes

Admin operations can silently fail or partially apply. Always read back the state after any write to confirm the change took effect.

After User Operations

# After creating or updating a user, verify they exist with correct state
omni scim users-list --filter 'userName eq "newuser@company.com"'

Check that: active matches what you set, displayName is correct, and the user ID was returned (not an error).

After Group Operations

# After creating a group or modifying members, verify membership
omni scim groups-list

Check that: the group exists with the expected displayName, and members array contains the expected user UUIDs.

After Permission Changes

# After setting document permissions, verify for the target user
omni documents get-permissions <documentId> --userid <userId>

# After setting folder permissions, verify
omni folders get-permissions <folderId>

Check that: the permission access level matches what you set (view, edit), and the target user/group ID is listed.

After User Attribute Changes

# Verify the attribute value was set
omni user-attributes list

If the attribute is used for row-level security (access_filters), test it by running a query as the target user:

omni query run --body '{ "query": { ... }, "userId": "<target-user-uuid>" }'

Verify the results are correctly filtered — the user should only see rows matching their attribute value.

After Schedule Operations

# Verify schedule was created with correct settings
omni schedules list

# Verify recipients were added
omni schedules recipients-get <scheduleId>

Check that: frequency, dayOfWeek, hour, timezone, and format match what you set, and all intended recipients are listed.

Verification Checklist

Operation	Verify With	What to Check
Create/update user	`omni scim users-list --filter ...`	User exists, `active` status correct
Create/update group	`omni scim groups-list`	Group exists, members list correct
Set document permissions	`omni documents get-permissions`	Access level and target correct
Set folder permissions	`omni folders get-permissions`	Access level and target correct
Set user attribute	`omni user-attributes list`	Attribute value set
User attribute + access filter	`omni query run` with `userId`	Row-level filtering works
Create schedule	`omni schedules list`	Schedule settings correct
Add recipients	`omni schedules recipients-get`	All recipients listed

Cache and Validation

# Reset cache policy
omni models cache-reset <modelId> <policyName> --body '{ "resetAt": "2025-01-30T22:30:52.872Z" }'

# Content validator (find broken field references across all dashboards and tiles)
# Useful for blast-radius analysis: remove a field on a branch, then run the
# validator against that branch to see what content would break.
# See the Field Impact Analysis section in omni-model-explorer for the full workflow.
omni models content-validator-get <modelId>

# Run against a specific branch (e.g., after removing a field)
omni models content-validator-get <modelId> --branch-id <branchId>

# Git configuration
omni models git-get <modelId>

Docs Reference

Connections · Users (SCIM) · Groups (SCIM) · User Attributes · Document Permissions · Folder Permissions · Schedules · Schedule Recipients · Content Validator · API Authentication

Related Skills

omni-model-builder — edit the model that access controls apply to
omni-content-explorer — find documents before setting permissions
omni-content-builder — create dashboards before scheduling delivery
omni-embed — manage embed users and user attributes for embedded dashboards

omni-admin