diff --git a/website/docs/best-practices/how-we-build-our-metrics/semantic-layer-3-build-semantic-models.md b/website/docs/best-practices/how-we-build-our-metrics/semantic-layer-3-build-semantic-models.md
index 7990cf6752f..da882dba6c5 100644
--- a/website/docs/best-practices/how-we-build-our-metrics/semantic-layer-3-build-semantic-models.md
+++ b/website/docs/best-practices/how-we-build-our-metrics/semantic-layer-3-build-semantic-models.md
@@ -241,7 +241,9 @@ measures:
## Reviewing our work
-Our completed code will look like this, our first semantic model!
+Our completed code will look like this, our first semantic model! Here are two examples showing different organizational approaches:
+
+
@@ -288,6 +290,68 @@ semantic_models:
description: The total tax paid on each order.
agg: sum
```
+
+
+
+
+
+
+```yml
+semantic_models:
+ - name: orders
+ defaults:
+ agg_time_dimension: ordered_at
+ description: |
+ Order fact table. This table is at the order grain with one row per order.
+
+ model: ref('stg_orders')
+
+ entities:
+ - name: order_id
+ type: primary
+ - name: location
+ type: foreign
+ expr: location_id
+ - name: customer
+ type: foreign
+ expr: customer_id
+
+ dimensions:
+ - name: ordered_at
+ expr: date_trunc('day', ordered_at)
+ # use date_trunc(ordered_at, DAY) if using BigQuery
+ type: time
+ type_params:
+ time_granularity: day
+ - name: is_large_order
+ type: categorical
+ expr: case when order_total > 50 then true else false end
+
+ measures:
+ - name: order_total
+ description: The total revenue for each order.
+ agg: sum
+ - name: order_count
+ description: The count of individual orders.
+ expr: 1
+ agg: sum
+ - name: tax_paid
+ description: The total tax paid on each order.
+ agg: sum
+```
+
+
+As you can see, the content of the semantic model is identical in both approaches. The key differences are:
+
+1. **File location**
+ - Co-located approach: `models/marts/orders.yml`
+ - Parallel sub-folder approach: `models/semantic_models/sem_orders.yml`
+
+2. **File naming**
+ - Co-located approach: Uses the same name as the corresponding mart (`orders.yml`)
+ - Parallel sub-folder approach: Prefixes the file with `sem_` (`sem_orders.yml`)
+
+Choose the approach that best fits your project structure and team preferences. The co-located approach is often simpler for new projects, while the parallel sub-folder approach can be clearer for migrating large existing projects to the Semantic Layer.
## Next steps
diff --git a/website/docs/best-practices/how-we-mesh/mesh-5-faqs.md b/website/docs/best-practices/how-we-mesh/mesh-5-faqs.md
index 1ae49928ae5..9f12f7d2c20 100644
--- a/website/docs/best-practices/how-we-mesh/mesh-5-faqs.md
+++ b/website/docs/best-practices/how-we-mesh/mesh-5-faqs.md
@@ -215,7 +215,7 @@ There’s model-level access within dbt, role-based access for users and groups
First things first: access to underlying data is always defined and enforced by the underlying data platform (for example, BigQuery, Databricks, Redshift, Snowflake, Starburst, etc.) This access is managed by executing “DCL statements” (namely `grant`). dbt makes it easy to [configure `grants` on models](/reference/resource-configs/grants), which provision data access for other roles/users/groups in the data warehouse. However, dbt does _not_ automatically define or coordinate those grants unless they are configured explicitly. Refer to your organization's system for managing data warehouse permissions.
-[dbt Cloud Enterprise plans](https://www.getdbt.com/pricing) support [role-based access control (RBAC)](/docs/cloud/manage-access/enterprise-permissions#how-to-set-up-rbac-groups-in-dbt-cloud) that manages granular permissions for users and user groups. You can control which users can see or edit all aspects of a dbt Cloud project. A user’s access to dbt Cloud projects also determines whether they can “explore” that project in detail. Roles, users, and groups are defined within the dbt Cloud application via the UI or by integrating with an identity provider.
+[dbt Cloud Enterprise plans](https://www.getdbt.com/pricing) support [role-based access control (RBAC)](/docs/cloud/manage-access/about-user-access#role-based-access-control-) that manages granular permissions for users and user groups. You can control which users can see or edit all aspects of a dbt Cloud project. A user’s access to dbt Cloud projects also determines whether they can “explore” that project in detail. Roles, users, and groups are defined within the dbt Cloud application via the UI or by integrating with an identity provider.
[Model access](/docs/collaborate/govern/model-access) defines where models can be referenced. It also informs the discoverability of those projects within dbt Explorer. Model `access` is defined in code, just like any other model configuration (`materialized`, `tags`, etc).
diff --git a/website/docs/docs/build/cumulative-metrics.md b/website/docs/docs/build/cumulative-metrics.md
index 056ff79c6eb..b44918d2fbd 100644
--- a/website/docs/docs/build/cumulative-metrics.md
+++ b/website/docs/docs/build/cumulative-metrics.md
@@ -18,21 +18,21 @@ Note that we use the double colon (::) to indicate whether a parameter is nested
-| Parameter | Description
| Type |
-| --------- | ----------- | ---- |
-| `name` | The name of the metric. | Required |
-| `description` | The description of the metric. | Optional |
-| `type` | The type of the metric (cumulative, derived, ratio, or simple). | Required |
-| `label` | Required string that defines the display value in downstream tools. Accepts plain text, spaces, and quotes (such as `orders_total` or `"orders_total"`). | Required |
-| `type_params` | The type parameters of the metric. Supports nested parameters indicated by the double colon, such as `type_params::measure`. | Required |
-| `type_params::cumulative_type_params` | Allows you to add a `window`, `period_agg`, and `grain_to_date` configuration. Nested under `type_params`. | Optional |
-| `cumulative_type_params::window` | The accumulation window, such as 1 month, 7 days, 1 year. This can't be used with `grain_to_date`. | Optional |
-| `cumulative_type_params::grain_to_date` | Sets the accumulation grain, such as `month`, which will accumulate data for one month and then restart at the beginning of the next. This can't be used with `window`. | Optional |
-| `cumulative_type_params::period_agg` | Specifies how to aggregate the cumulative metric when summarizing data to a different granularity. Can be used with grain_to_date. Options are
- `first` (Takes the first value within the period)
- `last` (Takes the last value within the period
- `average` (Calculates the average value within the period).
Defaults to `first` if no `window` is specified. | Optional |
-| `type_params::measure` | A dictionary describing the measure you will use. | Required |
-| `measure::name` | The measure you are referencing. | Optional |
-| `measure::fill_nulls_with` | Set the value in your metric definition instead of null (such as zero). | Optional |
-| `measure::join_to_timespine` | Boolean that indicates if the aggregated measure should be joined to the time spine table to fill in missing dates. Default `false`. | Optional |
+| Parameter | Description
| Type |
+|-------------|---------------------------------------------------|-----------|
+| `name` | The name of the metric. | Required |
+| `description` | The description of the metric. | Optional |
+| `type` | The type of the metric (cumulative, derived, ratio, or simple). | Required |
+| `label` | Required string that defines the display value in downstream tools. Accepts plain text, spaces, and quotes (such as `orders_total` or `"orders_total"`). | Required |
+| `type_params` | The type parameters of the metric. Supports nested parameters indicated by the double colon, such as `type_params::measure`. | Required |
+| `type_params::measure` | The measure associated with the metric. Supports both shorthand (string) and object syntax. The shorthand is used if only the name is needed, while the object syntax allows specifying additional attributes. | Required |
+| `measure::name` | The name of the measure being referenced. Required if using object syntax for `type_params::measure`. | Optional |
+| `measure::fill_nulls_with` | Sets a value (for example, 0) to replace nulls in the metric definition. | Optional |
+| `measure::join_to_timespine` | Boolean indicating if the aggregated measure should be joined to the time spine table to fill in missing dates. Default is `false`. | Optional |
+| `type_params::cumulative_type_params` | Configures the attributes like `window`, `period_agg`, and `grain_to_date` for cumulative metrics. | Optional |
+| `cumulative_type_params::window` | Specifies the accumulation window, such as `1 month`, `7 days`, or `1 year`. Cannot be used with `grain_to_date`. | Optional |
+| `cumulative_type_params::grain_to_date` | Sets the accumulation grain, such as `month`, restarting accumulation at the beginning of each specified grain period. Cannot be used with `window`. | Optional |
+| `cumulative_type_params::period_agg` | Defines how to aggregate the cumulative metric when summarizing data to a different granularity: `first`, `last`, or `average`. Defaults to `first` if `window` is not specified. | Optional |
@@ -45,15 +45,34 @@ Note that we use the double colon (::) to indicate whether a parameter is nested
| `type` | The type of the metric (cumulative, derived, ratio, or simple). | Required |
| `label` | Required string that defines the display value in downstream tools. Accepts plain text, spaces, and quotes (such as `orders_total` or `"orders_total"`). | Required |
| `type_params` | The type parameters of the metric. Supports nested parameters indicated by the double colon, such as `type_params::measure`. | Required |
-| `window` | The accumulation window, such as 1 month, 7 days, 1 year. This can't be used with `grain_to_date`. | Optional |
+| `window` | The accumulation window, such as `1 month`, `7 days`, or `1 year`. This can't be used with `grain_to_date`. | Optional |
| `grain_to_date` | Sets the accumulation grain, such as `month`, which will accumulate data for one month and then restart at the beginning of the next. This can't be used with `window`. | Optional |
| `type_params::measure` | A list of measure inputs | Required |
-| `measure:name` | The measure you are referencing. | Optional |
+| `measure:name` | The name of the measure being referenced. Required if using object syntax for `type_params::measure`. | Optional |
| `measure:fill_nulls_with` | Set the value in your metric definition instead of null (such as zero).| Optional |
| `measure:join_to_timespine` | Boolean that indicates if the aggregated measure should be joined to the time spine table to fill in missing dates. Default `false`. | Optional |
+
+
+The`type_params::measure` configuration can be written in different ways:
+- Shorthand syntax — To only specify the name of the measure, use a simple string value. This is a shorthand approach when no other attributes are required.
+ ```yaml
+ type_params:
+ measure: revenue
+ ```
+- Object syntax — To add more details or attributes to the measure (such as adding a filter, handling `null` values, or specifying whether to join to a time spine), you need to use the object syntax. This allows for additional configuration beyond just the measure's name.
+
+ ```yaml
+ type_params:
+ measure:
+ name: order_total
+ fill_nulls_with: 0
+ join_to_timespine: true
+ ```
+
+
### Complete specification
The following displays the complete specification for cumulative metrics, along with an example:
diff --git a/website/docs/docs/build/metricflow-commands.md b/website/docs/docs/build/metricflow-commands.md
index 29a9e70acd4..d010cd8bb17 100644
--- a/website/docs/docs/build/metricflow-commands.md
+++ b/website/docs/docs/build/metricflow-commands.md
@@ -28,8 +28,6 @@ In dbt Cloud, run MetricFlow commands directly in the [dbt Cloud IDE](/docs/clou
For dbt Cloud CLI users, MetricFlow commands are embedded in the dbt Cloud CLI, which means you can immediately run them once you install the dbt Cloud CLI and don't need to install MetricFlow separately. You don't need to manage versioning because your dbt Cloud account will automatically manage the versioning for you.
-
-Note: The **Defer to staging/production** [toggle](/docs/cloud/about-cloud-develop-defer#defer-in-the-dbt-cloud-ide) button doesn't apply when running Semantic Layer commands in the dbt Cloud IDE. To use defer for Semantic layer commands in the IDE, toggle the button on and manually add the `--defer` flag to the command. This is a temporary workaround and will be available soon.
diff --git a/website/docs/docs/cloud/about-cloud-develop-defer.md b/website/docs/docs/cloud/about-cloud-develop-defer.md
index 3ee5ac71666..fc55edf8a38 100644
--- a/website/docs/docs/cloud/about-cloud-develop-defer.md
+++ b/website/docs/docs/cloud/about-cloud-develop-defer.md
@@ -40,9 +40,6 @@ To enable defer in the dbt Cloud IDE, toggle the **Defer to production** button
For example, if you were to start developing on a new branch with [nothing in your development schema](/reference/node-selection/defer#usage), edit a single model, and run `dbt build -s state:modified` — only the edited model would run. Any `{{ ref() }}` functions will point to the production location of the referenced models.
-
-Note: The **Defer to staging/production** toggle button doesn't apply when running [dbt Semantic Layer commands](/docs/build/metricflow-commands) in the dbt Cloud IDE. To use defer for Semantic layer commands in the IDE, toggle the button on and manually add the `--defer` flag to the command. This is a temporary workaround and will be available soon.
-
### Defer in dbt Cloud CLI
diff --git a/website/docs/docs/cloud/about-cloud/architecture.md b/website/docs/docs/cloud/about-cloud/architecture.md
index 52614f0cbcd..ecf67b83a96 100644
--- a/website/docs/docs/cloud/about-cloud/architecture.md
+++ b/website/docs/docs/cloud/about-cloud/architecture.md
@@ -48,7 +48,7 @@ The git repo information is stored on dbt Cloud servers to make it accessible du
### Authentication services
-The default settings of dbt Cloud enable local users with credentials stored in dbt Cloud. Still, integrations with various authentication services are offered as an alternative, including [single sign-on services](/docs/cloud/manage-access/sso-overview). Access to features can be granted/restricted by role using [RBAC](/docs/cloud/manage-access/enterprise-permissions).
+The default settings of dbt Cloud enable local users with credentials stored in dbt Cloud. Still, integrations with various authentication services are offered as an alternative, including [single sign-on services](/docs/cloud/manage-access/sso-overview). Access to features can be granted/restricted by role using [RBAC](/docs/cloud/manage-access/about-user-access#role-based-access-control-).
SSO features are essential because they reduce the number of credentials a user must maintain. Users sign in once and the authentication token is shared among integrated services (such as dbt Cloud). The token expires and must be refreshed at predetermined intervals, requiring the user to go through the authentication process again. If the user is disabled in the SSO provider service, their access to dbt Cloud is disabled, and they cannot override this with local auth credentials.
diff --git a/website/docs/docs/cloud/manage-access/about-access.md b/website/docs/docs/cloud/manage-access/about-access.md
index 6b02d9eb17b..b970b0d5763 100644
--- a/website/docs/docs/cloud/manage-access/about-access.md
+++ b/website/docs/docs/cloud/manage-access/about-access.md
@@ -89,7 +89,7 @@ There are three license types in dbt Cloud:
- **Developer** — User can be granted _any_ permissions.
- **Read-Only** — User has read-only permissions applied to all dbt Cloud resources regardless of the role-based permissions that the user is assigned.
-- **IT** — User has [Security Admin](/docs/cloud/manage-access/enterprise-permissions#security-admin) and [Billing Admin](/docs/cloud/manage-access/enterprise-permissions#billing-admin) permissions applied, regardless of the group permissions assigned.
+- **IT** — User has Security Admin and Billing Admin [permissions](/docs/cloud/manage-access/enterprise-permissions) applied, regardless of the group permissions assigned.
Developer licenses will make up a majority of the users in your environment and have the highest impact on billing, so it's important to monitor how many you have at any given time.
diff --git a/website/docs/docs/cloud/manage-access/cloud-seats-and-users.md b/website/docs/docs/cloud/manage-access/cloud-seats-and-users.md
index da19f30ab4c..66d821b90d0 100644
--- a/website/docs/docs/cloud/manage-access/cloud-seats-and-users.md
+++ b/website/docs/docs/cloud/manage-access/cloud-seats-and-users.md
@@ -55,7 +55,7 @@ If you're on an Enterprise plan and have the correct [permissions](/docs/cloud/m
- To add a user, go to **Account Settings** and select **Users**.
- Click the [**Invite Users**](/docs/cloud/manage-access/invite-users) button.
- - For fine-grained permission configuration, refer to [Role based access control](/docs/cloud/manage-access/enterprise-permissions).
+ - For fine-grained permission configuration, refer to [Role based access control](/docs/cloud/manage-access/about-user-access#role-based-access-control-).
diff --git a/website/docs/docs/cloud/manage-access/enterprise-permissions.md b/website/docs/docs/cloud/manage-access/enterprise-permissions.md
index a1f6d795c23..5a56900d529 100644
--- a/website/docs/docs/cloud/manage-access/enterprise-permissions.md
+++ b/website/docs/docs/cloud/manage-access/enterprise-permissions.md
@@ -22,22 +22,14 @@ The following roles and permission sets are available for assignment in dbt Clou
:::tip Licenses or Permission sets
-The user's [license](/docs/cloud/manage-access/seats-and-users) type always overrides their assigned permission set. This means that even if a user belongs to a dbt Cloud group with 'Account Admin' permissions, having a 'Read-Only' license would still prevent them from performing administrative actions on the account.
+The user's [license](/docs/cloud/manage-access/about-user-access) type always overrides their assigned permission set. This means that even if a user belongs to a dbt Cloud group with 'Account Admin' permissions, having a 'Read-Only' license would still prevent them from performing administrative actions on the account.
:::
-## How to set up RBAC Groups in dbt Cloud
+## Additional resources
-Role-Based Access Control (RBAC) is helpful for automatically assigning permissions to dbt admins based on their SSO provider group associations. RBAC does not apply to [model groups](/docs/collaborate/govern/model-access#groups).
+- [Grant users access](/docs/cloud/manage-access/about-user-access#grant-access)
+- [Role-based access control](/docs/cloud/manage-access/about-user-access#role-based-access-control-)
+- [Environment-level permissions](/docs/cloud/manage-access/environment-permissions)
-1. Click the gear icon to the top right and select **Account Settings**. Click **Groups & Licenses**
-
-
-
-2. Select an existing group or create a new group to add RBAC. Name the group (this can be any name you like, but it's recommended to keep it consistent with the SSO groups). If you have configured SSO with SAML 2.0, you may have to use the GroupID instead of the name of the group.
-3. Configure the SSO provider groups you want to add RBAC by clicking **Add** in the **SSO** section. These fields are case-sensitive and must match the source group formatting.
-4. Configure the permissions for users within those groups by clicking **Add** in the **Access** section of the window.
-
-
-5. When you've completed your configurations, click **Save**. Users will begin to populate the group automatically once they have signed in to dbt Cloud with their SSO credentials.
diff --git a/website/docs/docs/cloud/manage-access/environment-permissions.md b/website/docs/docs/cloud/manage-access/environment-permissions.md
index 44cf2dc9a64..b99da64609c 100644
--- a/website/docs/docs/cloud/manage-access/environment-permissions.md
+++ b/website/docs/docs/cloud/manage-access/environment-permissions.md
@@ -77,4 +77,4 @@ If the user has the same roles across projects, you can apply environment access
## Related docs
--[Environment-level permissions setup](/docs/cloud/manage-access/environment-permissions-setup)
+- [Environment-level permissions setup](/docs/cloud/manage-access/environment-permissions-setup)
diff --git a/website/docs/docs/cloud/manage-access/licenses-and-groups.md b/website/docs/docs/cloud/manage-access/licenses-and-groups.md
deleted file mode 100644
index b91af80f9b3..00000000000
--- a/website/docs/docs/cloud/manage-access/licenses-and-groups.md
+++ /dev/null
@@ -1,145 +0,0 @@
----
-title: "Licenses and groups"
-id: "licenses-and-groups"
----
-
-## Overview
-
-dbt Cloud administrators can use dbt Cloud's permissioning model to control
-user-level access in a dbt Cloud account. This access control comes in two flavors:
-License-based and Role-based.
-
-- **License-based Access Controls:** User are configured with account-wide
- license types. These licenses control the specific parts of the dbt Cloud application
- that a given user can access.
-- **Role-based Access Control (RBAC):** Users are assigned to _groups_ that have
- specific permissions on specific projects or the entire account. A user may be
- a member of multiple groups, and those groups may have permissions on multiple
- projects.
-
-## License-based access control
-
-Each user on an account is assigned a license type when the user is first
-invited to a given account. This license type may change over time, but a
-user can only have one type of license at any given time.
-
-A user's license type controls the features in dbt Cloud that the user is able
-to access. dbt Cloud's three license types are:
- - **Read-Only**
- - **Developer**
- - **IT**
-
-For more information on these license types, see [Seats & Users](/docs/cloud/manage-access/seats-and-users).
-At a high-level, Developers may be granted _any_ permissions, whereas Read-Only
-users will have read-only permissions applied to all dbt Cloud resources
-regardless of the role-based permissions that the user is assigned. IT users will have Security Admin and Billing Admin permissions applied regardless of the role-based permissions that the user is assigned.
-
-## Role-based access control
-
-:::info dbt Cloud Enterprise
-
-Role-based access control is a feature of the dbt Cloud Enterprise plan
-
-:::
-
-Role-based access control allows for fine-grained permissioning in the dbt Cloud
-application. With role-based access control, users can be assigned varying
-permissions to different projects within a dbt Cloud account. For teams on the
-Enterprise tier, role-based permissions can be generated dynamically from
-configurations in an [Identity Provider](sso-overview).
-
-Role-based permissions are applied to _groups_ and pertain to _projects_. The
-assignable permissions themselves are granted via _permission sets_.
-
-
-### Groups
-
-A group is a collection of users. Users may belong to multiple groups. Members
-of a group inherit any permissions applied to the group itself.
-
-Users can be added to a dbt Cloud group based on their group memberships in the
-configured [Identity Provider](sso-overview) for the account. In this way, dbt
-Cloud administrators can manage access to dbt Cloud resources via identity
-management software like Microsoft Entra ID (formerly Azure AD), Okta, or GSuite. See _SSO Mappings_ below for
-more information.
-
-You can view the groups in your account or create new groups from the **Team > Groups**
-page in your Account Settings.
-
-
-
-
-### SSO Mappings
-
-SSO Mappings connect Identity Provider (IdP) group membership to dbt Cloud group
-membership. When a user logs into dbt Cloud via a supported identity provider,
-their IdP group memberships are synced with dbt Cloud. Upon logging in
-successfully, the user's group memberships (and therefore, permissions) are
-adjusted accordingly within dbt Cloud automatically.
-
-:::tip Creating SSO Mappings
-
-While dbt Cloud supports mapping multiple IdP groups to a single dbt Cloud
-group, we recommend using a 1:1 mapping to make administration as simple as
-possible. Consider using the same name for your dbt Cloud groups and your IdP
-groups.
-
-:::
-
-
-### Permission Sets
-
-Permission sets are predefined collections of granular permissions. Permission
-sets combine low-level permission grants into high-level roles that can be
-assigned to groups. Some examples of existing permission sets are:
- - Account Admin
- - Git Admin
- - Job Admin
- - Job Viewer
- - ...and more
-
-For a full list of enterprise permission sets, see [Enterprise Permissions](/docs/cloud/manage-access/enterprise-permissions).
-These permission sets are available for assignment to groups and control the ability
-for users in these groups to take specific actions in the dbt Cloud application.
-
-In the following example, the _dbt Cloud Owners_ group is configured with the
-**Account Admin** permission set on _All Projects_ and the **Job Admin** permission
-set on the _Internal Analytics_ project.
-
-
-
-
-### Manual assignment
-
-dbt Cloud administrators can manually assign users to groups independently of
-IdP attributes. If a dbt Cloud group is configured _without_ any
-SSO Mappings, then the group will be _unmanaged_ and dbt Cloud will not adjust
-group membership automatically when users log into dbt Cloud via an identity
-provider. This behavior may be desirable for teams that have connected an identity
-provider, but have not yet configured SSO Mappings between dbt Cloud and the
-IdP.
-
-If an SSO Mapping is added to an _unmanaged_ group, then it will become
-_managed_, and dbt Cloud may add or remove users to the group automatically at
-sign-in time based on the user's IdP-provided group membership information.
-
-
-## FAQs
-- **When are IdP group memberships updated for SSO Mapped groups?** Group memberships
- are updated every time a user logs into dbt Cloud via a supported SSO provider. If
- you've changed group memberships in your identity provider or dbt Cloud, ask your
- users to log back into dbt Cloud for these group memberships to be synchronized.
-
-- **Can I set up SSO without RBAC?** Yes, see the documentation on
- [Manual Assignment](#manual-assignment) above for more information on using
- SSO without RBAC.
-
-- **Can I configure a user's License Type based on IdP Attributes?** Yes, see
- the docs on [managing license types](/docs/cloud/manage-access/seats-and-users#managing-license-types)
- for more information.
diff --git a/website/docs/docs/cloud/manage-access/set-up-sso-google-workspace.md b/website/docs/docs/cloud/manage-access/set-up-sso-google-workspace.md
index e4ff998015c..2b2575efc57 100644
--- a/website/docs/docs/cloud/manage-access/set-up-sso-google-workspace.md
+++ b/website/docs/docs/cloud/manage-access/set-up-sso-google-workspace.md
@@ -117,7 +117,7 @@ If the verification information looks appropriate, then you have completed the c
## Setting up RBAC
Now you have completed setting up SSO with GSuite, the next steps will be to set up
-[RBAC groups](/docs/cloud/manage-access/enterprise-permissions) to complete your access control configuration.
+[RBAC groups](/docs/cloud/manage-access/about-user-access#role-based-access-control-) to complete your access control configuration.
## Troubleshooting
diff --git a/website/docs/docs/cloud/manage-access/set-up-sso-okta.md b/website/docs/docs/cloud/manage-access/set-up-sso-okta.md
index 53986513ce2..fda32f118ef 100644
--- a/website/docs/docs/cloud/manage-access/set-up-sso-okta.md
+++ b/website/docs/docs/cloud/manage-access/set-up-sso-okta.md
@@ -190,4 +190,4 @@ configured in the steps above.
## Setting up RBAC
Now you have completed setting up SSO with Okta, the next steps will be to set up
-[RBAC groups](/docs/cloud/manage-access/enterprise-permissions) to complete your access control configuration.
+[RBAC groups](/docs/cloud/manage-access/about-user-access#role-based-access-control-) to complete your access control configuration.
diff --git a/website/docs/docs/collaborate/govern/project-dependencies.md b/website/docs/docs/collaborate/govern/project-dependencies.md
index 2e73eee028b..c054d1b27b7 100644
--- a/website/docs/docs/collaborate/govern/project-dependencies.md
+++ b/website/docs/docs/collaborate/govern/project-dependencies.md
@@ -21,6 +21,7 @@ This year, dbt Labs is introducing an expanded notion of `dependencies` across m
- Use a supported version of dbt (v1.6, v1.7, or go versionless with "[Versionless](/docs/dbt-versions/upgrade-dbt-version-in-cloud#versionless)") for both the upstream ("producer") project and the downstream ("consumer") project.
- Define models in an upstream ("producer") project that are configured with [`access: public`](/reference/resource-configs/access). You need at least one successful job run after defining their `access`.
- Define a deployment environment in the upstream ("producer") project [that is set to be your Production environment](/docs/deploy/deploy-environments#set-as-production-environment), and ensure it has at least one successful job run in that environment.
+- If the upstream project has a Staging environment, run a job in that Staging environment to ensure the downstream cross-project ref resolves.
- Each project `name` must be unique in your dbt Cloud account. For example, if you have a dbt project (codebase) for the `jaffle_marketing` team, you should not create separate projects for `Jaffle Marketing - Dev` and `Jaffle Marketing - Prod`. That isolation should instead be handled at the environment level.
- We are adding support for environment-level permissions and data warehouse connections; please contact your dbt Labs account team for beta access.
- The `dbt_project.yml` file is case-sensitive, which means the project name must exactly match the name in your `dependencies.yml`. For example, if your project name is `jaffle_marketing`, you should use `jaffle_marketing` (not `JAFFLE_MARKETING`) in all related files.
@@ -110,7 +111,10 @@ Read [Why use a staging environment](/docs/deploy/deploy-environments#why-use-a-
#### Staging with downstream dependencies
-dbt Cloud begins using the Staging environment to resolve cross-project references from downstream projects as soon as it exists in a project without "fail-over" to Production. To avoid causing downtime for downstream developers, you should define and trigger a job before marking the environment as Staging:
+dbt Cloud begins using the Staging environment to resolve cross-project references from downstream projects as soon as it exists in a project without "fail-over" to Production. This means that dbt Cloud will consistently use metadata from the Staging environment to resolve references in downstream projects, even if there haven't been any successful runs in the configured Staging environment.
+
+To avoid causing downtime for downstream developers, you should define and trigger a job before marking the environment as Staging:
+
1. Create a new environment, but do NOT mark it as **Staging**.
2. Define a job in that environment.
3. Trigger the job to run, and ensure it completes successfully.
diff --git a/website/docs/docs/collaborate/model-query-history.md b/website/docs/docs/collaborate/model-query-history.md
index 0f43c9b163f..0180757f980 100644
--- a/website/docs/docs/collaborate/model-query-history.md
+++ b/website/docs/docs/collaborate/model-query-history.md
@@ -25,7 +25,7 @@ So for example, if `model_super_santi` was queried 10 times in the past week, it
To access the features, you should meet the following:
-1. You have a dbt Cloud account on the [Enterprise plan](https://www.getdbt.com/pricing/).
+1. You have a dbt Cloud account on the [Enterprise plan](https://www.getdbt.com/pricing/). Single-tenant accounts should contact their account representative for setup.
2. You have set up a [production](https://docs.getdbt.com/docs/deploy/deploy-environments#set-as-production-environment) deployment environment for each project you want to explore, with at least one successful job run.
3. You have [admin permissions](/docs/cloud/manage-access/enterprise-permissions) in dbt Cloud to edit project settings or production environment settings.
4. Use Snowflake or BigQuery as your data warehouse and can enable query history permissions or work with an admin to do so. Support for additional data platforms coming soon.
diff --git a/website/docs/docs/dbt-cloud-apis/service-tokens.md b/website/docs/docs/dbt-cloud-apis/service-tokens.md
index fe8ace5fa34..93a89922456 100644
--- a/website/docs/docs/dbt-cloud-apis/service-tokens.md
+++ b/website/docs/docs/dbt-cloud-apis/service-tokens.md
@@ -36,80 +36,36 @@ You can assign service account tokens to any permission set available in dbt Clo
### Team plans using service account tokens
-The following permissions can be assigned to a service account token on a Team plan.
+The following permissions can be assigned to a service account token on a Team plan. Refer to [Enterprise permissions](/docs/cloud/manage-access/enterprise-permissions) for more information about these roles.
-**Account Admin**
-Account Admin service tokens have full `read + write` access to an account, so please use them with caution. A Team plan refers to this permission set as an "Owner role." For more on these permissions, see [Account Admin](/docs/cloud/manage-access/enterprise-permissions#account-admin).
-
-**Metadata Only**
-Metadata-only service tokens authorize requests to the Discovery API.
-
-**Semantic Layer Only**
-Semantic Layer-only service tokens authorize requests to the Semantic Layer APIs.
-
-**Job Admin**
-Job admin service tokens can authorize requests for viewing, editing, and creating environments, triggering runs, and viewing historical runs.
-
-**Job Runner**
-Job runner service tokens can authorize requests for triggering runs and viewing historical runs.
-
-**Member**
-Member service tokens can authorize requests for viewing and editing resources, triggering runs, and inviting members to the account. Tokens assigned the Member permission set will have the same permissions as a Member user. For more information about Member users, see "[Self-service Team plan permissions](/docs/cloud/manage-access/self-service-permissions)".
-
-**Read-only**
-Read-only service tokens can authorize requests for viewing a read-only dashboard, viewing generated documentation, and viewing source freshness reports. This token can access and retrieve account-level information endpoints on the [Admin API](/docs/dbt-cloud-apis/admin-cloud-api) and authorize requests to the [Discovery API](/docs/dbt-cloud-apis/discovery-api).
+- Account Admin — Account Admin service tokens have full `read + write` access to an account, so please use them with caution. A Team plan refers to this permission set as an "Owner role."
+- Job Admin
+- Job Runner
+- Metadata Only
+- Member
+- Read-only
+- Semantic Layer Only
### Enterprise plans using service account tokens
-The following permissions can be assigned to a service account token on an Enterprise plan. For more details about these permissions, see "[Enterprise permissions](/docs/cloud/manage-access/enterprise-permissions)."
-
-**Account Admin**
-Account Admin service tokens have full `read + write` access to an account, so please use them with caution. For more on these permissions, see [Account Admin](/docs/cloud/manage-access/enterprise-permissions#account-admin).
-
-**Security Admin**
-Security Admin service tokens have certain account-level permissions. For more on these permissions, see [Security Admin](/docs/cloud/manage-access/enterprise-permissions#security-admin).
-
-**Billing Admin**
-Billing Admin service tokens have certain account-level permissions. For more on these permissions, see [Billing Admin](/docs/cloud/manage-access/enterprise-permissions#billing-admin).
-
-**Manage marketplace apps**
-Used only for service tokens assigned to marketplace apps (for example, the [Snowflake Native app](/docs/cloud-integrations/snowflake-native-app)).
-
-**Metadata Only**
-Metadata-only service tokens authorize requests to the Discovery API.
-
-**Semantic Layer Only**
-Semantic Layer-only service tokens authorize requests to the Semantic Layer APIs.
-
-**Job Admin**
-Job Admin service tokens can authorize requests for viewing, editing, and creating environments, triggering runs, and viewing historical runs. For more on these permissions, see [Job Admin](/docs/cloud/manage-access/enterprise-permissions#job-admin).
-
-**Account Viewer**
-Account Viewer service tokens have read-only access to dbt Cloud accounts. For more on these permissions, see [Account Viewer](/docs/cloud/manage-access/enterprise-permissions#account-viewer) on the Enterprise Permissions page.
-
-**Admin**
-Admin service tokens have unrestricted access to projects in dbt Cloud accounts. You have the option to grant that permission all projects in the account or grant the permission only on specific projects. For more on these permissions, see [Admin Service](/docs/cloud/manage-access/enterprise-permissions#admin-service) on the Enterprise Permissions page.
-
-**Git Admin**
-Git admin service tokens have all the permissions listed in [Git admin](/docs/cloud/manage-access/enterprise-permissions#git-admin) on the Enterprise Permissions page.
-
-**Database Admin**
-Database admin service tokens have all the permissions listed in [Database admin](/docs/cloud/manage-access/enterprise-permissions#database-admin) on the Enterprise Permissions page.
-
-**Team Admin**
-Team admin service tokens have all the permissions listed in [Team admin](/docs/cloud/manage-access/enterprise-permissions#team-admin) on the Enterprise Permissions page.
-
-**Job Viewer**
-Job viewer admin service tokens have all the permissions listed in [Job viewer](/docs/cloud/manage-access/enterprise-permissions#job-viewer) on the Enterprise Permissions page.
-
-**Developer**
-Developer service tokens have all the permissions listed in [Developer](/docs/cloud/manage-access/enterprise-permissions#developer) on the Enterprise Permissions page.
-
-**Analyst**
-Analyst admin service tokens have all the permissions listed in [Analyst](/docs/cloud/manage-access/enterprise-permissions#analyst) on the Enterprise Permissions page.
-
-**Stakeholder**
-Stakeholder service tokens have all the permissions listed in [Stakeholder](/docs/cloud/manage-access/enterprise-permissions#stakeholder) on the Enterprise Permissions page.
+Refer to [Enterprise permissions](/docs/cloud/manage-access/enterprise-permissions) for more information about these roles.
+
+- Account Admin — Account Admin service tokens have full `read + write` access to an account, so please use them with caution.
+- Account Viewer
+- Admin
+- Analyst
+- Billing Admin
+- Database Admin
+- Developer
+- Git Admin
+- Job Admin
+- Job Viewer
+- Manage marketplace apps
+- Metadata Only
+- Semantic Layer Only
+- Security Admin
+- Stakeholder
+- Team Admin
## Service token update
diff --git a/website/docs/docs/deploy/deployment-overview.md b/website/docs/docs/deploy/deployment-overview.md
index 11575e6b0b7..9382634812f 100644
--- a/website/docs/docs/deploy/deployment-overview.md
+++ b/website/docs/docs/deploy/deployment-overview.md
@@ -79,6 +79,12 @@ Learn how to use dbt Cloud's features to help your team ship timely and quality
link="/docs/deploy/job-notifications"
icon="dbt-bit"/>
+
+
+
+Set up dbt to notify the appropriate model owners through email about issues as soon as they occur, while the job is still running. Model owners can specify which statuses to receive notifications about:
+
+- `Success` and `Fails` for models
+- `Warning`, `Success`, and `Fails` for tests
+
+With model-level notifications, model owners can be the first ones to know about issues before anyone else (like the stakeholders).
+
+:::info Beta feature
+
+This feature is currently available in [beta](/docs/dbt-versions/product-lifecycles#dbt-cloud) to a limited group of users and is gradually being rolled out. If you're in the beta, please contact the Support team at support@getdbt.com for assistance or questions.
+
+:::
+
+To be timely and keep the number of notifications to a reasonable amount when multiple models or tests trigger them, dbt observes the following guidelines when notifying the owners:
+
+- Send a notification to each unique owner/email during a job run about any models (with status of failure/success) or tests (with status of warning/failure/success). Each owner receives only one notification, the initial one.
+- Don't send any notifications about subsequent models or tests while a dbt job is still running.
+- At the end of a job run, each owner receives a notification, for each of the statuses they specified to be notified about, with a list of models and tests that have that status.
+
+Create configuration YAML files in your project for dbt to send notifications about the status of your models and tests.
+
+## Prerequisites
+- Your dbt Cloud administrator has [enabled the appropriate account setting](#enable-access-to-model-notifications) for you.
+- Your environment(s) must be on ["Versionless"](/docs/dbt-versions/versionless-cloud).
+
+
+## Configure groups
+
+Add your group configuration in either the `dbt_project.yml` or `groups.yml` file. For example:
+
+```yml
+version: 2
+
+groups:
+ - name: finance
+ description: "Models related to the finance department"
+ owner:
+ # 'name' or 'email' is required
+ name: "Finance Team"
+ email: finance@dbtlabs.com
+ slack: finance-data
+
+ - name: marketing
+ description: "Models related to the marketing department"
+ owner:
+ name: "Marketing Team"
+ email: marketing@dbtlabs.com
+ slack: marketing-data
+```
+
+## Set up models
+
+Set up your model configuration in either the `dbt_project.yml` or `groups.yml` file; doing this automatically sets up notifications for tests, too. For example:
+
+```yml
+version: 2
+
+models:
+ - name: sales
+ description: "Sales data model"
+ config:
+ group: finance
+
+ - name: campaigns
+ description: "Campaigns data model"
+ config:
+ group: marketing
+
+```
+
+## Enable access to model notifications
+
+Provide dbt Cloud account members the ability to configure and receive alerts about issues with models or tests that are encountered during job runs.
+
+To use model-level notifications, your dbt Cloud account must have access to the feature. Ask your dbt Cloud administrator to enable this feature for account members by following these steps:
+
+1. Navigate to **Notification settings** from your profile name in the sidebar (lower left-hand side).
+1. From **Email notications**, enable the setting **Enable group/owner notifications on models** under the **Model notifications** section. Then, specify which statuses to receive notifications about (Success, Warning, and/or Fails).
+
+
diff --git a/website/docs/docs/deploy/monitor-jobs.md b/website/docs/docs/deploy/monitor-jobs.md
index 8382743dd03..1cbba23161e 100644
--- a/website/docs/docs/deploy/monitor-jobs.md
+++ b/website/docs/docs/deploy/monitor-jobs.md
@@ -13,6 +13,7 @@ This portion of our documentation will go over dbt Cloud's various capabilities
- [Run visibility](/docs/deploy/run-visibility) — View your run history to help identify where improvements can be made to scheduled jobs.
- [Retry jobs](/docs/deploy/retry-jobs) — Rerun your errored jobs from start or the failure point.
- [Job notifications](/docs/deploy/job-notifications) — Receive email or Slack notifications when a job run succeeds, encounters warnings, fails, or is canceled.
+- [Model notifications](/docs/deploy/model-notifications) — Receive email notifications about any issues encountered by your models and tests as soon as they occur while running a job.
- [Webhooks](/docs/deploy/webhooks) — Use webhooks to send events about your dbt jobs' statuses to other systems.
- [Leverage artifacts](/docs/deploy/artifacts) — dbt Cloud generates and saves artifacts for your project, which it uses to power features like creating docs for your project and reporting freshness of your sources.
- [Source freshness](/docs/deploy/source-freshness) — Monitor data governance by enabling snapshots to capture the freshness of your data sources.
diff --git a/website/docs/docs/deploy/webhooks.md b/website/docs/docs/deploy/webhooks.md
index dfb8b7c7406..ffea38b5b84 100644
--- a/website/docs/docs/deploy/webhooks.md
+++ b/website/docs/docs/deploy/webhooks.md
@@ -29,7 +29,7 @@ You can also check out the free [dbt Fundamentals course](https://learn.getdbt.c
## Prerequisites
- You have a dbt Cloud account that is on the [Team or Enterprise plan](https://www.getdbt.com/pricing/).
- For `write` access to webhooks:
- - **Enterprise plan accounts** — Permission sets are the same for both API service tokens and the dbt Cloud UI. You, or the API service token, must have the [Account Admin](/docs/cloud/manage-access/enterprise-permissions#account-admin), [Admin](/docs/cloud/manage-access/enterprise-permissions#admin), or [Developer](/docs/cloud/manage-access/enterprise-permissions#developer) permission set.
+ - **Enterprise plan accounts** — Permission sets are the same for both API service tokens and the dbt Cloud UI. You, or the API service token, must have the Account Admin, Admin, or Developer [permission set](/docs/cloud/manage-access/enterprise-permissions).
- **Team plan accounts** — For the dbt Cloud UI, you need to have a [Developer license](/docs/cloud/manage-access/self-service-permissions). For API service tokens, you must assign the service token to have the [Account Admin or Member](/docs/dbt-cloud-apis/service-tokens#team-plans-using-service-account-tokens) permission set.
- You have a multi-tenant or an AWS single-tenant deployment model in dbt Cloud. For more information, refer to [Tenancy](/docs/cloud/about-cloud/tenancy).
- Your destination system supports [Authorization headers](#troubleshooting).
diff --git a/website/docs/guides/mesh-qs.md b/website/docs/guides/mesh-qs.md
index 0d13d043059..47ece7b29ec 100644
--- a/website/docs/guides/mesh-qs.md
+++ b/website/docs/guides/mesh-qs.md
@@ -300,6 +300,8 @@ To run your first deployment dbt Cloud job, you will need to create a new dbt Cl
5. After the run is complete, click **Explore** from the upper menu bar. You should now see your lineage, tests, and documentation coming through successfully.
+For details on how dbt Cloud uses metadata from the Staging environment to resolve references in downstream projects, check out the section on [Staging with downstream dependencies](/docs/collaborate/govern/project-dependencies#staging-with-downstream-dependencies).
+
## Reference a public model in your downstream project
In this section, you will set up the downstream project, "Jaffle | Finance", and [cross-project reference](/docs/collaborate/govern/project-dependencies) the `fct_orders` model from the foundational project. Navigate to the **Develop** page to set up our project:
diff --git a/website/docs/reference/resource-configs/databricks-configs.md b/website/docs/reference/resource-configs/databricks-configs.md
index eea03f2b196..9e1b3282801 100644
--- a/website/docs/reference/resource-configs/databricks-configs.md
+++ b/website/docs/reference/resource-configs/databricks-configs.md
@@ -35,6 +35,7 @@ When materializing a model as `table`, you may include several optional configs
| clustered_by | Each partition in the created table will be split into a fixed number of buckets by the specified columns. | Optional | SQL, Python | `country_code` |
| buckets | The number of buckets to create while clustering | Required if `clustered_by` is specified | SQL, Python | `8` |
| tblproperties | [Tblproperties](https://docs.databricks.com/en/sql/language-manual/sql-ref-syntax-ddl-tblproperties.html) to be set on the created table | Optional | SQL, Python* | `{'this.is.my.key': 12}` |
+| compression | Set the compression algorithm. | Optional | SQL, Python | `zstd` |
\* Beginning in 1.7.12, we have added tblproperties to Python models via an alter statement that runs after table creation.
We do not yet have a PySpark API to set tblproperties at table creation, so this feature is primarily to allow users to anotate their python-derived tables with tblproperties.
@@ -54,7 +55,8 @@ We do not yet have a PySpark API to set tblproperties at table creation, so this
| clustered_by | Each partition in the created table will be split into a fixed number of buckets by the specified columns. | Optional | SQL, Python | `country_code` |
| buckets | The number of buckets to create while clustering | Required if `clustered_by` is specified | SQL, Python | `8` |
| tblproperties | [Tblproperties](https://docs.databricks.com/en/sql/language-manual/sql-ref-syntax-ddl-tblproperties.html) to be set on the created table | Optional | SQL, Python* | `{'this.is.my.key': 12}` |
-| databricks_tags | [Tags](https://docs.databricks.com/en/data-governance/unity-catalog/tags.html) to be set on the created table | Optional | SQL+, Python+ | `{'my_tag': 'my_value'}` |
+| databricks_tags | [Tags](https://docs.databricks.com/en/data-governance/unity-catalog/tags.html) to be set on the created table | Optional | SQL+, Python+ | `{'my_tag': 'my_value'}` |
+| compression | Set the compression algorithm. | Optional | SQL, Python | `zstd` |
\* Beginning in 1.7.12, we have added tblproperties to Python models via an alter statement that runs after table creation.
We do not yet have a PySpark API to set tblproperties at table creation, so this feature is primarily to allow users to anotate their python-derived tables with tblproperties.
diff --git a/website/sidebars.js b/website/sidebars.js
index d31f6d03f57..2178e4cd35a 100644
--- a/website/sidebars.js
+++ b/website/sidebars.js
@@ -499,6 +499,7 @@ const sidebarSettings = {
"docs/deploy/run-visibility",
"docs/deploy/retry-jobs",
"docs/deploy/job-notifications",
+ "docs/deploy/model-notifications",
"docs/deploy/webhooks",
"docs/deploy/artifacts",
"docs/deploy/source-freshness",
diff --git a/website/snippets/_v2-sl-prerequisites.md b/website/snippets/_v2-sl-prerequisites.md
index f8108849f4f..68f6e7d10b7 100644
--- a/website/snippets/_v2-sl-prerequisites.md
+++ b/website/snippets/_v2-sl-prerequisites.md
@@ -1,4 +1,4 @@
-- Have a dbt Cloud Team or Enterprise account. Single-tenant accounts should contact their account representative setup.
+- Have a dbt Cloud Team or Enterprise account. Single-tenant accounts should contact their account representative for setup.
- Ensure your production and development environments use [dbt version 1.6 or higher](/docs/dbt-versions/upgrade-dbt-version-in-cloud).
- Use Snowflake, BigQuery, Databricks, or Redshift.
- Create a successful run in the environment where you configure the Semantic Layer.
diff --git a/website/static/img/docs/dbt-cloud/example-enable-model-notifications.png b/website/static/img/docs/dbt-cloud/example-enable-model-notifications.png
new file mode 100644
index 00000000000..16cf5457db5
Binary files /dev/null and b/website/static/img/docs/dbt-cloud/example-enable-model-notifications.png differ