Security¶
Provided Roles¶
Beta: Beta users have access to their own data sources and can also alter the objects that they own.
Gamma: Gamma users have limited access. They can only make use of data coming from data sources for which they have been given access through another complementary role. Gamma users only have access to view the slices and dashboards derived from data sources to which they have access. Currently, Gamma users are not able to alter or add new data sources. It is assumed that these users are mostly content consumers, although they can create slices and dashboards. Also note that when Gamma users can only see the dashboards and slices lists for which they have access.
sql_lab: The sql_lab
role grants access to SQL Lab. Note that while Admin
users have access to all databases by default, both Alpha
and Gamma
users need to be given access for each database.
Permissions¶
Roles are composed of a set of permissions, of which there are several categories as follows:
Model & Action: models are entities like
Dashboard
,Slice
, orUser
. Each model has a fixed set of permissions, likecan_edit
,can_show
,can_delete
,can_list
,can_add
, and so on. For example, a user will be able to delete dashboards by addingcan_delete on Dashboard
to a role, and granting that role to a user.Views: views are individual web pages, like the
explore
view or theSQL Lab
view. When granted to a user, they will see that view in the menu items, and be able to load the page.Data source: For each data source, a permission is created. If the user does not have the
all_datasource_access
permission granted, the user will only be able to see slices and explore data sources that are granted to them.Database: Granting access to a database allows the user to access all data sources within that database. It will also enable the user to query that database in SQL Lab, provided that the SQL Lab-specific permissions have been granted to the user.