Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

WSO2 DAS uses a combination of the global-level permission model and the role-based access control (RBAC) model to provide better access level configurations. Thereby, WSO2 DAS users are allowed to restrict access to their dashboards and manage their dashboards based on their personal preferences. Furthermore, users who have the admin role can access all the functions in the Analytics Dashboard.

A user with global level permission can sign into the WSO2 DAS Analytics Dashboard and create a dashboard if he/she is provided with the required permissions via the WSO2 DAS Management Console. Role-based access control (RBAC) that is assigned via the Analytics Dashboard provides the flexibility to assign different roles for each of the separate role-based permissions in WSO2 DAS, which are namely viewer, editor, and owner.

When a user ( a dashboard designer) creates a dashboard in the Analytics Dashboard it is initially only visible to him/her. The Dashboard Designer can provide access to certain users, who belong to the same tenant, to work with that respective dashboard. Furthermore, the Dashboard Designer is able to modify the list of user roles that can work with the dashboard. A dashboard can have multiple roles that have full permission.

Global-level permissions

You can use the global-level permission model to set permissions for the following use cases of WSO2 DAS:

  • Login - Users should have the login permission to access the Analytics Dashboard.
  • Create - Users should have the create permission to create new dashboards in the Analytics Dashboard.

The permission structure is as follows:

Image Added

RBAC for dashboards

When you (Dashboard Designer) create a dashboard, the following internal roles are automatically generated for the different role-based permission levels (i.e., viewer, editor, and owner) in the Analytics Dashboard and are assigned to you.

  • Internal/<DASHBOARD_ID>-viewer - Users who have this role can view the relevant dashboard. 
  • Internal/<DASHBOARD_ID>-editor - Users who have this role can edit and view the relevant dashboard.
  • Internal/<DASHBOARD_ID>-owner  - Users who have this role can edit, view and delete the relevant dashboard, and update the dashboard settings.

e.g., When a Dashboard Designer creates a dashboard with the ID my-dashboard, the following roles are automatically generated and assigned.

  • Internal/my-dashboard-viewer
  • Internal/my-dashboard-editor
  • Internal/my-dashboard-owner

Image Added

Initially, only you have the ability to view, edit, delete, or modify the settings of their own dashboard at startup. If another user needs to view, edit, delete, or modify the settings your dashboard, and if they do not have global level permissions, they need to be assigned the respective roles. A dashboard can have multiple owners. In addition, users with the Internal/<DASHBOARD_ID>-owner role can add different roles into different role-based permissions, using the dashboard settings page, and give access to users with different roles.

Info
iconfalse

The following are the ways in which you can assign specific access levels to users.

  • The users can be assigned to roles that are specifically created for the respective dashboard via the WSO2 DS Management Console.
  • The roles that correspond to different users can be assigned to each dashboard via the Analytics Dashboard settings page.