Manage Workspace Permissions

Workspace permissions can be assigned using two types of permissions definition:

  • permissions are tied to a specific workspace and define what a user can do with that one specific workspace.

  • hierarchyPermissions are tied to a specific workspace and define what a user can do with that specific workspace and all of its child workspaces. For more information on workspace hierarchies, see Build a Workspace Hierarchy.

Supported Permissions

The following permissions are applicable to a workspace object:

  • VIEW

    User can view dashboards.

  • ANALYZE and EXPORT

    Either permission gives you the same level of access as the VIEW permission. Additionally:

    • With the ANALYZE permission, user can also create, edit or delete dashboards and visualizations. User can view the LDM and metrics.

    • With the EXPORT permission, user can view and export tabular data from visualisations to XLSX and CSV.

  • MANAGE

    Covers VIEW, ANALYZE and EXPORT permissions. Additionally, user can create, edit or delete LDM and metrics.

Set Permissions For a Workspace

Workspaces come with the API endpoint /api/v1/layout/workspaces/{workspaceId}/permissions that lets you to set permissions for a particular workspace without having to re-declare the entire workspace layout using a declarative API. Note that you need Organization.MANAGE permission or Workspace.MANAGE hierarchyPermission to use this API endpoint.

You can also set permissions using declarative API endpoints /api/v1/layout/workspaces or /api/v1/layout/organization. Note that you need Organization.MANAGE permission to use these API endpoints.

Steps:

  1. Prepare a <your_workspace_permissions>.json file your workspace permissions definition:

    {
        "hierarchyPermissions": [
            {
                "assignee": {
                    "id": "<user_id_or_user_group_id>",
                    "type": "<user_or_userGroup>"
                },
                "name": "<MANAGE_or_ANALYZE_or_VIEW>"
            }
        ],
        "permissions": [
            {
                "assignee": {
                    "id": "<user_id_or_user_group_id>",
                    "type": "<user_or_userGroup>"
                },
                "name": "<MANAGE_or_ANALYZE_or_VIEW>"
            }
        ]
    }
    

    Use the permissions definition for users that should be able to access only the specific workspace.

    Use the hierarchyPermissions definition for users that should be able to access not only the specific workspace, but also its child workspaces.

    You may, but you do not have to use both types of these permission definitions.

  2. Update the workspace permissions using the following API call:

    curl -H "Authorization: Bearer $API_TOKEN" \
        -H "Content-Type: application/json" \
        -X PUT \
        $HOST_URL/api/v1/layout/workspaces/{workspaceId}/permissions -d @<your_workspace_permissions>.json