Omni Admin

Manage your Omni instance — connections, users, groups, user attributes, permissions, schedules, and schema refreshes.

Tip: Most admin endpoints require an Organization API Key (not a Personal Access Token).

Prerequisites

bash

# Verify the Omni CLI is installed — if not, ask the user to install it
# See: https://github.com/exploreomni/cli#readme
command -v omni >/dev/null || echo "ERROR: Omni CLI is not installed."

bash

# Show available profiles and select the appropriate one
omni config show
# If multiple profiles exist, ask the user which to use, then switch:
omni config use <profile-name>

Discovering Commands

bash

omni scim --help             # User and group management
omni schedules --help        # Schedule operations
omni connections --help      # Connection management
omni documents --help        # Document permissions
omni folders --help          # Folder permissions

Tip: Use
-o json
to force structured output for programmatic parsing, or
-o human
for readable tables. The default is
auto
(human in a TTY, JSON when piped).

Connections

bash

# List connections
omni connections list

# Schema refresh schedules
omni connections schedules-list <connectionId>

# Connection environments
omni connections connection-environments-list

User Management (SCIM 2.0)

bash

# List users
omni scim users-list

# Find by email
omni scim users-list --filter 'userName eq "user@company.com"'

# Create user
omni scim users-create --body '{
  "schemas": ["urn:ietf:params:scim:schemas:core:2.0:User"],
  "userName": "newuser@company.com",
  "displayName": "New User",
  "active": true,
  "emails": [{ "primary": true, "value": "newuser@company.com" }]
}'

# Deactivate user
omni scim users-update <userId> --body '{
  "schemas": ["urn:ietf:params:scim:schemas:core:2.0:User"],
  "Operations": [{ "op": "replace", "path": "active", "value": false }]
}'

# Delete user
omni scim users-delete <userId>

Group Management (SCIM 2.0)

bash

# List groups
omni scim groups-list

# Create group
omni scim groups-create --body '{
  "schemas": ["urn:ietf:params:scim:schemas:core:2.0:Group"],
  "displayName": "Analytics Team",
  "members": [{ "value": "user-uuid-1" }]
}'

# Add members
omni scim groups-update <groupId> --body '{
  "schemas": ["urn:ietf:params:scim:schemas:core:2.0:Group"],
  "Operations": [{ "op": "add", "path": "members", "value": [{ "value": "new-user-uuid" }] }]
}'

User Attributes

bash

# List attributes
omni user-attributes list

# Set attribute on user (via SCIM)
omni scim users-update <userId> --body '{
  "schemas": ["urn:ietf:params:scim:schemas:core:2.0:User"],
  "Operations": [{
    "op": "replace",
    "path": "urn:omni:params:1.0:UserAttribute:region",
    "value": "West Coast"
  }]
}'

User attributes work with

access_filters

in topics for row-level security.

Model Roles

bash

# Get/set model roles for a user
omni users get-model-roles <userId>

omni users assign-model-role <userId> --body '{ "modelId": "{modelId}", "role": "VIEWER" }'

# Get/set model roles for a group
omni users user-groups-get-model-roles <groupId>

omni users user-groups-assign-model-role <groupId> --body '{ "modelId": "{modelId}", "role": "VIEWER" }'

Document Permissions

bash

# Get permissions for a user (userId required)
omni documents get-permissions <documentId> --userid <userId>

# Set permissions
omni documents update-permission-settings <documentId> --body '{
  "permissions": [
    { "type": "group", "id": "group-uuid", "access": "view" },
    { "type": "user", "id": "user-uuid", "access": "edit" }
  ]
}'

Folder Permissions

bash

# Get
omni folders get-permissions <folderId>

# Set
omni folders add-permissions <folderId> --body '{
  "permissions": [{ "type": "group", "id": "group-uuid", "access": "view" }]
}'

Schedules

bash

# List schedules
omni schedules list

# Create schedule
omni schedules create --body '{
  "documentId": "dashboard-identifier",
  "frequency": "weekly",
  "dayOfWeek": "monday",
  "hour": 9,
  "timezone": "America/Los_Angeles",
  "format": "pdf"
}'

# Manage recipients
omni schedules recipients-get <scheduleId>

omni schedules add-recipients <scheduleId> --body '{ "recipients": [{ "type": "email", "value": "team@company.com" }] }'

Verification After Changes

Admin operations can silently fail or partially apply. Always read back the state after any write to confirm the change took effect.

After User Operations

bash

# After creating or updating a user, verify they exist with correct state
omni scim users-list --filter 'userName eq "newuser@company.com"'

Check that:

active

matches what you set,

displayName

is correct, and the user ID was returned (not an error).

After Group Operations

bash

# After creating a group or modifying members, verify membership
omni scim groups-list

Check that: the group exists with the expected

displayName

, and

members

array contains the expected user UUIDs.

After Permission Changes

bash

# After setting document permissions, verify for the target user
omni documents get-permissions <documentId> --userid <userId>

# After setting folder permissions, verify
omni folders get-permissions <folderId>

Check that: the permission

access

level matches what you set (

view

edit

), and the target user/group ID is listed.

After User Attribute Changes

bash

# Verify the attribute value was set
omni user-attributes list

If the attribute is used for row-level security (

access_filters

), test it by running a query as the target user:

bash

omni query run --body '{ "query": { ... }, "userId": "<target-user-uuid>" }'

Verify the results are correctly filtered — the user should only see rows matching their attribute value.

After Schedule Operations

bash

# Verify schedule was created with correct settings
omni schedules list

# Verify recipients were added
omni schedules recipients-get <scheduleId>

Check that:

frequency

dayOfWeek

hour

timezone

, and

format

match what you set, and all intended recipients are listed.

Verification Checklist

Operation	Verify With	What to Check
Create/update user	`omni scim users-list --filter ...`	User exists, `active` status correct
Create/update group	`omni scim groups-list`	Group exists, members list correct
Set document permissions	`omni documents get-permissions`	Access level and target correct
Set folder permissions	`omni folders get-permissions`	Access level and target correct
Set user attribute	`omni user-attributes list`	Attribute value set
User attribute + access filter	`omni query run` with `userId`	Row-level filtering works
Create schedule	`omni schedules list`	Schedule settings correct
Add recipients	`omni schedules recipients-get`	All recipients listed

Cache and Validation

bash

# Reset cache policy
omni models cache-reset <modelId> <policyName> --body '{ "resetAt": "2025-01-30T22:30:52.872Z" }'

# Content validator (find broken field references across all dashboards and tiles)
# Useful for blast-radius analysis: remove a field on a branch, then run the
# validator against that branch to see what content would break.
# See the Field Impact Analysis section in omni-model-explorer for the full workflow.
omni models content-validator-get <modelId>

# Run against a specific branch (e.g., after removing a field)
omni models content-validator-get <modelId> --branch-id <branchId>

# Git configuration
omni models git-get <modelId>

Docs Reference

Connections · Users (SCIM) · Groups (SCIM) · User Attributes · Document Permissions · Folder Permissions · Schedules · Schedule Recipients · Content Validator · API Authentication

Related Skills

omni-model-builder — edit the model that access controls apply to
omni-content-explorer — find documents before setting permissions
omni-content-builder — create dashboards before scheduling delivery
omni-embed — manage embed users and user attributes for embedded dashboards

omni-admin

NPX Install

Tags

SKILL.md Content

Omni Admin

Prerequisites

Discovering Commands

Connections

User Management (SCIM 2.0)

Group Management (SCIM 2.0)

User Attributes

Model Roles

Document Permissions

Folder Permissions

Schedules

Verification After Changes

After User Operations

After Group Operations

After Permission Changes

After User Attribute Changes

After Schedule Operations

Verification Checklist

Cache and Validation

Docs Reference

Related Skills