User access & management
Permissions, user setup, and Looker setup
- 77 Topics
- 69 Replies
Hello Looker Team I am confused between user roles vs content access. Why they both are different? For example: part 1: - If I have created a role:-marketing role = marketing models + developer permissions This role means that a user can only create looks, dashboards, see data from marketing models and play with it, (eg: access data, create, see lookml dashboards etc). I assigned that role to ‘marketing’ user group Part 2: There is content folder called ‘marketing’ which stores all the marketing content (eg: looks, dashboard), and on that folder I only give ‘view’ access to marketing user group. Part 1 and part 2 contradicts each other. On one side I am telling users to access marketing models and create content and on the other side I am telling the same users just to ‘view’ content in ‘marketing’ folder Can someone please clarify this confusion Thanks a lot! Raman
Hi all, I’ve looked but haven’t found the answer. After an embed user has been created by a Looker instance following access to an SSO embed URL, for how long is the embed user account kept in the instance? I learned embed users are temporary, but how temporary? thank you in advance!
Hi Community folks! I am a Looker CSM, and am looking to connect with customers using BigQuery OAuth. The feature is fairly new, and I manage a customer interested in connecting with other organizations who have experience with it. Let me know if that’s you, and if you’d be open to speaking with them about it!
These are the steps which we have found with customers to be successful in setting up SSO for your Looker instance using Azure AD. In your Looker App on the Azure side, we’ll need the Metadata information. Click the copy button to the right of the box for Federation Metadata Document, to copy this information. You’ll need it on the Looker admin panel Open a new browser tab. Log into your looker instance. Once you are logged in to the instance, click on the Admin button located in the upper right corner. After the Admin panel loads, scroll down the left column to SAML which you will find under the Authentication heading. Click the SAML option, and then be sure to click the option to enable SAML authentication. Paste the Federation Metadata information that you copied previously on Microsoft Azure, in to the box for IDP Metadata. Once you have pasted the information, click the button that says, “Load” right underneath the box. Be sure that the IDP Audience field has the value from the A
Hi guys! Could anyone help me understand about Looker licensing? Today our contract had 170 users "Standard (Creator)" and 20 "Developer (Admin)", I have some questions:Are licenses classified according to what we set up in "permission sets"? (https://docs.looker.com/admin-options/settings/roles#permissions_and_dependencies); Assigning a user to a "Developer (admin)" license also counts in the "Standard (Creator)" count or are they separate accounts?; Wouldn't the viewer license type have extra costs and have an unlimited quantity?; How does billing for apis calls work?Thanks!
We have a number fields that are masked using access_grants and a user variable at the model level. The fields are available when creating a look and when downloading said look to excel. However, when attempting to use the public access link for the excel web query file, the masked fields are not appearing.I wanted to ask if anyone has run into this issue before and if there is either a solution or work-around.Thanks in advance.
Hi everyone,we have a multi-stage ETL pipeline with the resulting tables living in different GCP projects in BigQuery as in the following example.Stages: unstable, staging, sandbox, prodGCP/BQ Setup:unstable-project.etl.my_event staging-project.etl.my_event sandbox-project.etl.my_event prod-project.etl.my_eventTable Schema (for all four tables):timestamp ts string user_id string statusAccess to these projects, datasets, and tables is fully managed in GCP and in Looker we grant access to our users and viewers via OAuth. Some accounts will have access to staging only, while others will have access to all stages.My goal is to develop ONE “My Event Dashboard” for all four stages.I want to avoid duplicating Looker Projects, Models, and Dashboards, if possible.As a user I would expect to have a filter control in a dashboard that allows selecting the GCP Project (or stage), such that I can see the data from that particular stage only. If I do not have access to some stages these should not be
Hi all.In the dashboard I have a dimension/filter “City” with several cities in it: London, Barcelona, Paris. For now all users may see all data for all cities.My goal is to make each user see only data for specific city. Like those who response for Paris should see only Paris’s data. The same for users from London and Barcelona.Can you please give an advice how do I may to create such restriction?
I added the Looker entrepirse app to Azure and exported the federation xml info then used that to populated the fields in Looker - in azure i am struggling with the 2 fields at the start can somebody help with this info I am not getting anywhere with this SSO integration many thanks
Hello Looker community!I'm looking at Looker from a user access management perspective. In order to (periodically) review assigned user permissions we're looking for an overview of all users and which user groups / roles / attributes are assigned. In most applications I've seen there is some build-in functionality to generate an user/permissions overview like this. Does anyone know if this is possible in Looker? Finally, is it possible to generate a log file of all changes made to users/roles/permissions/attributes etc?
I have a scenario where User A and User B are in the same team(group). But user A should be able to view the explore X while User B should not be able to view the explore X. I tried using the access_grant, but it almost seems impossible. I do not want to create a new explore for another user. Is there any way I could accomplish this ? Please help!
Dear community, I am wondering if there is a limitation as to how many concurrent SSO embed sessions a single Looker instance can handle. My team is integrating Looker into an application hit by hundreds of users daily, potentially at the same time.
Is it possible for admins to force the use of passcode or fingerprint in the looker mobile app? Is the passcode/fingerprint feature even available? I think the app is great, but feel somewhat uneasy that one can access the app and the data without a final verification step (thinking of cases where a phone might be stolen or left unattended).
Hello, We’re considering allowing our users to schedule report delivery to external stakeholders. We’d like to minimize the risk of mishaps such as: sending incorrect data, or PII data, or sending to the wrong recipient. Would anyone recommend or direct me to best practices along these lines?
Hi all!When creating a permission set, I see all of the permissions that are applicable. When I hover over the permission set, I get a tooltip that describes the permission in a single sentence. Is there any online looker help doc that has a list of all the permissions and explains each one of them?
Hello all,I’ve ben looking into setting up Looker alerts (guideline) which to be sent into Slack channels. Initially I have enabled from Looker Action Hub the Slack action which worked as expected. The only downsight is that the bot token is tied to user’s identity.For this reason I started looking into Slack Attachment (API Token) action and I have implemented it using this guideline. Just that when I set a new alert, it errors out with the message: Notification delivery failed with existing configuration.I don’t understand what I am missing as if I try to set a schedule for Slack Attachment (API Token) action it works.Was wondering if anyone had a similar issue and if managed to find a solution. Thank you in advance for your help,Ieronim
Already have an account? Login
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.