Restricting Dashboards to Scope

  • 26 October 2023
  • 0 replies
  • 129 views

Userlevel 2

Reading time 2 mins


Introduction

 

Adding an OID filter to your dashboard will ensure that, when sharing it, users will only see the data based on the scope at which the dashboard was shared. 

 


Restricting Dashboards to Role Scope

  • When you share a dashboard with a user, you are, in effect, sharing access to the cube (or dataset). Sharing access to a single dashboard at Org level would then grant that user access to all the data contained within that cube. If you then share a dashboard with the same cube as its source to a role with a lower scope (for example, a regional role), then the system will allow that user to see the data from the higher scope, because the user already has access to the entire cube. 

 

  • This is illustrated by the diagram below. In this example, dashboards based on the same cube have been shared to one user at different scopes, so this user will see Org level data in both dashboards. 

 

  • To address this, you can apply an OID filter - this filters the permissions based on the dashboard itself, rather than the cube. 

 

  • Every dashboard has a UNIQUE ID which is contained in the URL in the builder. 
  • To ensure permissions apply at a dashboard level, this needs to be added as a filter to the dashboard. 
  • When the filter is added, you need to restrict it to this dashboard by copying and pasting the GUID from the URL - note that this won’t affect any data/presentation in the dashboard. 
  • Apply this filter and, once done, set it as a background filter and then lock it so users cannot amend. 
  • This change will mean the role scope is applied at the dashboard level, not the cube level and as such users will only see data based on the scope at which the dashboard was shared via permissions. 

 


This topic has been closed for comments