How Dashboard Permissions Are Determined
This applies to: Visual Data Discovery
The creator of a dashboard always has permission to read, write, and delete the dashboard. If the creating user is removed from the Symphony environment, the dashboards created by the user are retained.
If conflicting dashboard permissions are specified for the tenant, the group within the tenant, and the user within the tenant, the permissions granted to the users in both are determined using a most permissive model. The users are granted the highest level of permission specified for the tenant, group, and user.
For example, if the tenant is granted read and write permissions, but Group A is granted write and delete permissions, users in Group A will be able to read, write, and delete the dashboard. However, users in any other groups in the tenant will only be able to read and write the dashboard.
Here's another example. If the tenant is granted read, write, and delete permissions, but the groups are only granted read permissions, all users in the tenant will have read, write, and delete permissions.
How source permissions affect dashboard use
Users must have access to the data sources used on the dashboard to see the data from the data sources.
For example, assume your tenant is granted read, write, and delete permissions for a dashboard. If Sylvia (a user in the tenant) does not have access to the data source used by the dashboard or if Sylvia is not assigned to any group at all, Sylvia will be able to see the dashboard in the dashboard library and will be able to open the dashboard, but no data will be shown.
Now suppose the dashboard uses three data sources on different visuals in the dashboard, but Sylvia only has access to two of the data sources. Sylvia will be able to see only the visuals that use data from the two data sources to which she has access.
Permissions for imported objects
When you import dashboards, associated resources such as visuals, sources, and connections are imported as well. You can quickly grant default access levels to all imported and associated objects in your tenants by enabling Share Default Access With All Users at import time. Users are granted Data Access to Sources and Read access to Visuals and Dashboards.
Comments
0 comments
Please sign in to leave a comment.