About Dashboard Permissions

This applies to: Visual Data Discovery

Symphony Data Discovery dashboard permissions allow you to permit your entire account, groups within your account, or users within your account to read, write, or delete a dashboard. This allows you to share a dashboard with other users.

If a user belongs to a group that has the Administer Dashboards privilege enabled, the user can read, add, modify, or remove any dashboard in the Symphony account. However, if the user does not belong to a group with this privilege enabled, the user can still be granted permission to read, write, or delete specific dashboards in the account using dashboard permissions. Dashboard permissions allow users in an account or group to read, write, or delete a dashboard, regardless of any group privilege settings that ordinarily limit their ability to do so.

To manage permissions of a dashboard, your Symphony user definition must meet one of the following criteria:

• It must be an administrator, belonging to the Administrators group.

• It must belong to a group with the Administer Dashboards (ROLE_ADMINISTER_DASHBOARDS) privilege enabled.

• It must belong to a group with the Manage Dashboard Permissions (ROLE_PERMISSION_DASHBOARDS) privilege enabled. If your user definition has only this privilege (and not the Administer Dashboards privilege), you will only be able to manage permissions for the dashboards for which you have READ permission.

  In addition, you may be restricted in which permissions you can assign. You can only assign permissions equivalent to your own. For example, if your user account has read permission for a dashboard, you can grant and revoke the read option available on the Dashboard Permissions panel. If you have write permission for a dashboard, you can grant and revoke the write option on the Dashboard Permissions panel.

  If your user account does not have read permission for a dashboard, you cannot see the dashboard on the Library page.

Dashboard permissions are determined using a most permissive model. For more information, see How Data Discovery Dashboard Permissions Are Determined.

Dashboard permissions can also be managed using the API endpoints GET /api/dashboards/{dashboardId}/acls, PUT and PATCH /api/dashboards/{dashboardId}/acls/bulk, GET /api/inventory/DASHBOARD/{id}, and GET /api/user/permissions/dashboards/{dashboardId}.

API documentation is provided with your Symphony installation at this link: <symphony-URL>/discovery/swagger-ui.html.

Dashboard Export and Import

• Users who have the group privilege Export Dashboards (ROLE_EXPORT_DASHBOARDS) and READ for dashboards can export dashboards.
• Users who have group privileges of Manage Connections (ROLE_MANAGE_CONNECTIONS), and Administer Sources (ROLE_ADMINISTER_SOURCES), and Administer Visuals (ROLE_ADMINISTER_VISUALS), and Administer Dashboards (ROLE_ADMINISTER_DASHBOARDS) can import dashboards.

For more information, see the following topics:

• Grant Permissions for a Data Discovery Dashboard
• Modify Permissions for a Data Discovery Dashboard
• Revoke Permissions for a Data Discovery Dashboard
• How Data Discovery Dashboard Permissions Are Determined