Security

Provided Roles

Beta: Beta users have access to their own data sources and can also alter the objects that they own.

Gamma: Gamma users have limited access. They can only make use of data coming from data sources for which they have been given access through another complementary role. Gamma users only have access to view the slices and dashboards derived from data sources to which they have access. Currently, Gamma users are not able to alter or add new data sources. It is assumed that these users are mostly content consumers, although they can create slices and dashboards. Also note that when Gamma users can only see the dashboards and slices lists for which they have access.

sql_lab: The sql_lab role grants access to SQL Lab. Note that while Admin users have access to all databases by default, both Alpha and Gamma users need to be given access for each database.

Permissions

Roles are composed of a set of permissions, of which there are several categories as follows:

  • Model & Action: models are entities like Dashboard, Slice, or User. Each model has a fixed set of permissions, like can_edit, can_show, can_delete, can_list, can_add, and so on. For example, a user will be able to delete dashboards by adding can_delete on Dashboard to a role, and granting that role to a user.

  • Views: views are individual web pages, like the explore view or the SQL Lab view. When granted to a user, they will see that view in the menu items, and be able to load the page.

  • Data source: For each data source, a permission is created. If the user does not have the all_datasource_access permission granted, the user will only be able to see slices and explore data sources that are granted to them.

  • Database: Granting access to a database allows the user to access all data sources within that database. It will also enable the user to query that database in SQL Lab, provided that the SQL Lab-specific permissions have been granted to the user.