Question

Project Admin

  • 6 February 2020
  • 4 replies
  • 545 views

Once I set a user as admin will he have admin privileges for every single project I create or is it possible to restrict it to a specific project?

I found a similar post here but since it’s from '17 I’m not sure if something changed already.


4 replies

Userlevel 7
Badge

Admins have access to every project, setting, and folder within Looker. You can’t create project-specific admins, though you can grant some project-specific permissions.


What kind of permissions are you trying to grant to a user on a project by project basis? It might still be possible! Check out the full permissions list https://docs.looker.com/admin-options/settings/roles#permissions_list, it shows what is model-specific and what is instance-wide.

Hey @Izzy, thank you very much for your response.


We have one project with multiple models that pulls data from multiple data sources that basically every developer (they are all set as admins) can work on.

Now we are going to start to work with some sensitive information from another data source that only few people in the organization can see and I’m trying to find the best way to do that.

Eveybody should still be able to fully work, manage their models and grant acess to other people so they can see their analyses and work with it.

I did check the permission but I’m not really sure if I can do what I want because I think some of the permissions to manage the models are instance-wide.

I’m actually about to just play with permissions to see if I can make if work somehow.

Following up on this as our organization is taking a similar journey. Were you able to secure the environment in such a fashion that developers were not hindered, but did not have access to the restricted data?

Hey @MattK I did manage to find a way to do that.

My biggest problem was that the manage_spaces permission in the developer role allowed them to manage connections from models so I wouldn’t be able to restrict the data. My option was to create a new role without this permission and voilà.

I just had to absorb all admin functions like managing users, creating/editing user_attributes and creating/editing models

Reply