User access & management
Permissions, user setup, and Looker setup
- 77 Topics
- 69 Replies
We have internal dashboards, and a few external ones that are meant to be shared with others outside. When we create a user for them and restrict their role to viewer, under sudo they can still see a few internal dashboards. Is there any easier way to restrict the access of external users to only their dashboard, rather than making all existing dashboards private or for a group?
If a Looker user using their user account accesses BiqQuery datasets across multiple projects how does consent work? oAuth consent screen will be set up on the BiqQuery projects but will the user just be prompted for consent once and then that applies to all projects they are accessing providing they have the relevant permissions? Thanks!
やりたいこと： Looker Support Usersをユーザーリストから削除 方法：Looker Support Usersをユーザーリストから削除する方法は二つあります：削除したいLooker Support Usersを下記リンクに当てはめて編集ページからユーザーを削除するhttps://[INSTANCEURL]/admin/users/454/edit ※ Looker Support Users の場合、edit ボタンはUIで表示されない仕様となっております。 API explorerから delete_user endpoint を使ってユーザーの削除をする
Problem:Want to delete Looker Support Users from your instance but don’t see the delete button in the UI.Solution:There are two ways you can do this:Poke in the user's id in a URL like https://[INSTANCEURL]/admin/users/454/edit to get to the user edit page and delete the user on that page. (This page is not exposed via a button for Looker Support users)Use the API explorer to delete users by using the delete_user endpoint.
Hi experts,I’m working on a Looker deployment model with three instances, each of which points to a git repo branch:Looker-dev → dev branchLooker-stg → staging branchLooker-prd → main branch (production) The needs are:Looker development should be able to deploy on production ASAP (i.e. no releasing branches) BI developers can ONLY go into development mode in Looker-dev Looker-prd is protected by human reviewers Looker-stg is protected by automated tests BI developers create feature branches from dev branch and merge into dev branch when development is done. I want them to merge the exactly same feature branches into staging (for more tests) and main branch for deployment. The merge into staging should be automatic with some tests/validation. However, because the dev branch is a volatile sandbox (Looker developers sometimes break the environment but we can reset it), it doesn’t make sense, or even possible to merge a feature branch (which contains all garbage from dev branch) into stagi
So I’m trying to switch the SAML method for my organization. We were using an internal username list for sign-on and now we want to use company emails associated with credentials saved in Azure.My problem is when we switched the IDP cert and changed the SAML groupIds in Looker, all of the users who already had accounts got new SAML accounts, as opposed to just updating the credentials/”username” of their old account. This has caused some headaches with lost work, etc.I set the “Merge Users Using” setting to Looker email/password, and the old users did have/still have their emails associated with their accounts. Not sure what else to do. Has anyone else run into this problem? Tried to reach out to Looker Support but didn’t hear anything back.References we used for setting up SAML already:https://docs.looker.com/admin-options/security/saml-authhttps://help.looker.com/hc/en-us/articles/4420219280531-What-Is-SAML-and-how-is-it-used-in-Looker-Community-
Hi LookerI'm looking for a way that I can manage explore visibility between different users or user groups.For example could be a feature similar to setting a hidden: yes parameter for an explore.This also can be set/customized at a user/user group level to limit what explore user can see or interact with from the explore field pickers, on the other end Looker should allow them to view content (looks and dashboards) built up on the hidden explore still no ability to modify/explore them. I explored model-set and access-grant this seem to work but the only challenge is the user are completely not able to view the already existing looks/dashboards which were made from the explores with limited access to them.
I am a looker admin and a few users have clicked “Unsubscribe” on a scheduled email they had been receiving. Please note that these users do not have a looker account, they are just receiving scheduled emails containing looker data. These users currently do not receive ANY emails from Looker anymore, not just the email from the schedule where they clicked “unsubscribe”.I have tried the following steps to resolve this, but none have worked:I removed their names from the distribution list in the schedule and added them back in. I created a brand new schedule from the same look. I created a brand new look and added a new schedule to that look. I have tried searching the community forums but I don’t see anything showing how to fix this. I saw this post, but the solution proposed does not actually work I have tried checking the user settings for these users, but there is nothing in the menu about changing email preferences for other users (I did this under an Admin account)Please advis
Hi everyone,we have a multi-stage ETL pipeline with the resulting tables living in different GCP projects in BigQuery as in the following example.Stages: unstable, staging, sandbox, prodGCP/BQ Setup:unstable-project.etl.my_event staging-project.etl.my_event sandbox-project.etl.my_event prod-project.etl.my_eventTable Schema (for all four tables):timestamp ts string user_id string statusAccess to these projects, datasets, and tables is fully managed in GCP and in Looker we grant access to our users and viewers via OAuth. Some accounts will have access to staging only, while others will have access to all stages.My goal is to develop ONE “My Event Dashboard” for all four stages.I want to avoid duplicating Looker Projects, Models, and Dashboards, if possible.As a user I would expect to have a filter control in a dashboard that allows selecting the GCP Project (or stage), such that I can see the data from that particular stage only. If I do not have access to some stages these should not be
Does changing a users role in Looker affect preexisting schedules/alerts? IE. if a user was an explorer that set up a schedule email previously, but the admin changes the user to be a viewer (which isn’t allowed scheduling emails) will the pre-scheduled emails still be sent
Hello!I was wondering whethet it is possible to narrow down the selection option (within a filter) for dashboard users to a specific time frame?For the context - I have uploaded some part of the data into BQ to present their analysis in Looker (let’s say only data since 2021 till now) and I don’t want dashboards’ users to try selecting any date ranges before the 2021.Right now, the Timeframe filter type allows them to select any date range possible, however since there is no data before 2021 available they obtain ‘No results’ message.Is they any way for Admin or Dev to narrow down their selection options so that it would not exceed the 2021 (fitting the data available) without the risk of causing the situation with ‘No results’ output? Please help, and of course shout if anything unclear!Thanks in advance!
Looker 22.2.21 Hello, hope you're doing well.My question is how can we give user access to only looks in a folder, but not dashboards?see_looks without see_user_dashboards results in a spinning wheel in embed content browser. It apprears that to only view looks and not dashboards is not possible. For example:user has access to folder. The folder contains both looks and dashboards. user has see_looks permission. user doesn’t have see_user_dashboards permission. Expected behavior: user should be able to view looks but not dashboards.Current behavior: Nothing loads. Infinite spinning wheels. There’s a API call to get dashboards from Looker (e.g. GET api/internal/dataflux/dashboards?space_id=12845) which returns 404. It apprears that in the embed content browser, Looker makes a call to get dashboards, and since user doesn’t have see_user_dashboards permission, that call fails, and results in a spinning wheel. Even though user should only see looks. Can you please advise?Is this a feature
I can’t seem to work out how to see the external_user_id for embed users once the “New Users Page” lab is enabled. previously you could see it on the admin/users page under credentials but with the new lab enabled this is long longer displayed which makes it impossible to determine exactly which user you are editing etc unless you are also passing unique values into a separate user attribute. Any thoughts?
Already have an account? Login
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.