User access & management
Permissions, user setup, and Looker setup
- 77 Topics
- 69 Replies
Hello!I am trying to set a value for a “User Attribute” that is View only (non-editable), but certain groups will have the permission to edit. Is this possible?It’s a database - so I would like the group “Developers” to be able edit this attribute to switch around between databases. I can do this by making the attribute “Edit” instead of “View”, but this will give all Looker users the ability to change the attribute which is undesirable. The alternative would be for only admins to be able to adhocly set this permission for users - this is also undesirable, as developers would want to switch this attribute quickly and easily. https://docs.looker.com/admin-options/settings/user-attributes
I have a public folder on our Looker instance that is used by a particular team to share content. I have given the Developers on the project ‘Manage Access’, so that they can control access themselves, without needing to involve an Admin.However, I have found that, while they can add individual users without any problem, when they try to add a group, they can only see the groups that they themselves are members of. The same issue is replicated on another public folder.Is there a restriction whereby users can only see and grant access to groups that they are members of? As an admin, I can add these groups, but when I sudo as one of the developers I can see that they cannot see the full list of groups.
Any Ping users here?I've been tasked with implementing SSO and MFA with PingFederate and PingOne via SAML. I initially recommended the Ping’s Provisioning Connector for Looker, but it was ruled out by upper brass due to the fact it’s, not certified or maintained by Ping, and introduces another third party. This effectively left SAML as the only option. I have a few questions:Should I configure SAML in PingOne, PingFederate, or both? Ultimately AD is where the users are stored and therefore the source of truth, but I'd like to leverage Ping as much as possible since it's more secure than a simple LDAP passthrough For the smoothest user experience, should I specify SP-initiated login in the SAML settings?
We want to monitor the performance of some specific dashboards, created in one project. But the project name doesn’t seem to be a field used in i__looker.Is there another way to do it? To tag or label the dashboards, and use the tag/label as a filter in System Activity explores?
schedule and send report(excel, csv, pdf) to email, but users are able to view part/full report according to roles.
Suppose, I have to schedule a dashboard report (export to excel/csv/pdf and email) to county, region and area manager. How to send the report to all manager, but the manager will only be able to view report according to their responsibility. Like area manager should be able to view only area data, region manager should be able to view area and region data and so on.
Hi All I am looking for some advice on how to structure access and permission at my company in Looker.We are currently using one group for all users and they have access to everything.I have implemented different roles - that is sorted. I am referring to folder access and how you cascade that.I have created groups for each department (but haven't implemented this yet, as I am unsure how this will work). From here, my understanding is that if you give a group permission to a folder, all the child folders are accessible to that group. So do I start at the deepest folder level and grant access and go up? How do I ensure some groups have access to certain folders while not having access to other?I’d love to get some feedback of how people are implementing this?
Hi AllWe frequently use federated (external) tables within BigQuery, that look over a google sheet. Looker is capable of querying from these tables when we set up the connection via a service account - we simply have to share the sheet with the service account.However, we have recently come across a requirement where we must use an OAuth connection. Any queries that involve a federated table result in the following error: Query execution failed: - Access Denied: BigQuery BigQuery: Permission denied while getting Drive credentials.Typically this is because the correct scopes were not added to the OAuth consent. But even when we add them to the consent page config, Looker does not appear to request these. Note how on the left, the consent screen is set up to require many drive scopes (even a Fitness API scope), but on the right Looker actually requests BigQuery scopes instead.We have followed the oauth_for_bigquery_connections documentation.Any advice appreciated! Thank you
Hello all,I’ve ben looking into setting up Looker alerts (guideline) which to be sent into Slack channels. Initially I have enabled from Looker Action Hub the Slack action which worked as expected. The only downsight is that the bot token is tied to user’s identity.For this reason I started looking into Slack Attachment (API Token) action and I have implemented it using this guideline. Just that when I set a new alert, it errors out with the message: Notification delivery failed with existing configuration.I don’t understand what I am missing as if I try to set a schedule for Slack Attachment (API Token) action it works.Was wondering if anyone had a similar issue and if managed to find a solution. Thank you in advance for your help,Ieronim
Hi all!When creating a permission set, I see all of the permissions that are applicable. When I hover over the permission set, I get a tooltip that describes the permission in a single sentence. Is there any online looker help doc that has a list of all the permissions and explains each one of them?
I’m looking to provide a team with the capabilities of having their dashboard on a TV screen for real-time updates. I’ve been brainstorming a few possibilities that I’ll list below and would love some feedback on these options, also wouldn’t mind a few more ideas if others have had this task before. Embedding the dashboard into a URL for the team to leave on screen - this would need to be a private URL so it would need to be Private Embedding Creating a new user account in Looker and allowing the team to view this account (the account would be owned solely by IT) Do either of these options sound simple/viable, or is there something I’m not yet thinking of? The Embedding seems like the more technological option, however more complicated
I would like to create and test security Roles and Groups in Dev and Deploy them to QA using GIT. Are there any issues with deploying security objects this way?I have seen this topic but it’s a couple years old and was wondering if there was a reason the API should be used to recreate Roles and Groups rather than Develop, Merge and Deploy them via GIT?https://community.looker.com/topic/show?tid=15842&fid=35
Hi All, Being an Admin to Looker, created a dashboard and shared to Internal user.After providing full permissions to the user, shared the dashboard.When he tries to open the dashboard, he was able to see dashboard but with out data in it as below. FYI.. Data consumed from BigQuery, Provided access on the data for the above mentioned user Can any one help me on this Thanks in AdvancePavan
Hi Team, I have few queries. Kindly assist - considering a business user What kind of access does a business user need to view dashboard Does view access - has cost involved or can we have get free access with organization to view and download reports What is the best solution for someone to view the reports without technical knowledge Do they need to reply on Analysts - everytime they need reportRegardsMadhu
Hello, We’re considering allowing our users to schedule report delivery to external stakeholders. We’d like to minimize the risk of mishaps such as: sending incorrect data, or PII data, or sending to the wrong recipient. Would anyone recommend or direct me to best practices along these lines?
These are the steps which we have found with customers to be successful in setting up SSO for your Looker instance using Azure AD. In your Looker App on the Azure side, we’ll need the Metadata information. Click the copy button to the right of the box for Federation Metadata Document, to copy this information. You’ll need it on the Looker admin panel Open a new browser tab. Log into your looker instance. Once you are logged in to the instance, click on the Admin button located in the upper right corner. After the Admin panel loads, scroll down the left column to SAML which you will find under the Authentication heading. Click the SAML option, and then be sure to click the option to enable SAML authentication. Paste the Federation Metadata information that you copied previously on Microsoft Azure, in to the box for IDP Metadata. Once you have pasted the information, click the button that says, “Load” right underneath the box. Be sure that the IDP Audience field has the value from the A
Hello!I’m trying to measure adoption of users of Looker using the History Explore, available by default in Looker. Our Dashboards are very well organized in different Folders that represent the names of the teams they have been created for. They are actually in a tree:Team Name > Released by BI > Dashboard Title or Look TitleIn the User activity, I can see the Dashboard link or the id, but not the folder it belongs to and I cannot find that data in the model. This is because actually the Dashboard link it’s not a folder path but just the id: So how can I get the location of this Dashboard to be able to group all the Dashboards made for a team? thanks for your help!! Best, Luciana Padua
Hi there,I defined an access_filter for an explore to restrict data of my dashboard for each user. But, the access_filter only works in development mode! when I exit the development mode the access_filter does not exist anymore!First I assumed my LookML branch that has the access_filter is not merged to the main branch but it is! in the Develop window I see the button below (which shows my LookML code is Up to Date):Does anyone has an idea why my access_filter disappeares in Production Mode? and how to solve this?ThanksMehrnaz
Hi all.In the dashboard I have a dimension/filter “City” with several cities in it: London, Barcelona, Paris. For now all users may see all data for all cities.My goal is to make each user see only data for specific city. Like those who response for Paris should see only Paris’s data. The same for users from London and Barcelona.Can you please give an advice how do I may to create such restriction?
Already have an account? Login
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.