User access & management
Permissions, user setup, and Looker setup
- 77 Topics
- 69 Replies
Hi guys! Could anyone help me understand about Looker licensing? Today our contract had 170 users "Standard (Creator)" and 20 "Developer (Admin)", I have some questions:Are licenses classified according to what we set up in "permission sets"? (https://docs.looker.com/admin-options/settings/roles#permissions_and_dependencies); Assigning a user to a "Developer (admin)" license also counts in the "Standard (Creator)" count or are they separate accounts?; Wouldn't the viewer license type have extra costs and have an unlimited quantity?; How does billing for apis calls work?Thanks!
These are the steps which we have found with customers to be successful in setting up SSO for your Looker instance using Azure AD. In your Looker App on the Azure side, we’ll need the Metadata information. Click the copy button to the right of the box for Federation Metadata Document, to copy this information. You’ll need it on the Looker admin panel Open a new browser tab. Log into your looker instance. Once you are logged in to the instance, click on the Admin button located in the upper right corner. After the Admin panel loads, scroll down the left column to SAML which you will find under the Authentication heading. Click the SAML option, and then be sure to click the option to enable SAML authentication. Paste the Federation Metadata information that you copied previously on Microsoft Azure, in to the box for IDP Metadata. Once you have pasted the information, click the button that says, “Load” right underneath the box. Be sure that the IDP Audience field has the value from the A
Hello Looker community!I'm looking at Looker from a user access management perspective. In order to (periodically) review assigned user permissions we're looking for an overview of all users and which user groups / roles / attributes are assigned. In most applications I've seen there is some build-in functionality to generate an user/permissions overview like this. Does anyone know if this is possible in Looker? Finally, is it possible to generate a log file of all changes made to users/roles/permissions/attributes etc?
Hello Looker Team I am confused between user roles vs content access. Why they both are different? For example: part 1: - If I have created a role:-marketing role = marketing models + developer permissions This role means that a user can only create looks, dashboards, see data from marketing models and play with it, (eg: access data, create, see lookml dashboards etc). I assigned that role to ‘marketing’ user group Part 2: There is content folder called ‘marketing’ which stores all the marketing content (eg: looks, dashboard), and on that folder I only give ‘view’ access to marketing user group. Part 1 and part 2 contradicts each other. On one side I am telling users to access marketing models and create content and on the other side I am telling the same users just to ‘view’ content in ‘marketing’ folder Can someone please clarify this confusion Thanks a lot! Raman
Hi Community folks! I am a Looker CSM, and am looking to connect with customers using BigQuery OAuth. The feature is fairly new, and I manage a customer interested in connecting with other organizations who have experience with it. Let me know if that’s you, and if you’d be open to speaking with them about it!
This errors 403 & 404 are getting from LOOKER after clicking the Authenticating button & as well from 'Test SAML Authentication' button after entering the login credentials.The credentials were tried using the email address/oktaid, both didn't work as expected.Can you please provide the steps how we can figure out root cause of the issue ? Attaching the looker log file where we couldn't find any issue,"Could you please let us know what attributes core product expects to be present? We currently only have access_user_id. Is there a need for any additional attributes ?" Can anyone please suggest how we can find the root cause of the issue Thanks,Satish
Hi all, I’ve looked but haven’t found the answer. After an embed user has been created by a Looker instance following access to an SSO embed URL, for how long is the embed user account kept in the instance? I learned embed users are temporary, but how temporary? thank you in advance!
Hi,I'm currently working on some dashboards and reports. Users will be able to download the data, and to make this possible, I added the download_without_limit permission.The problem is that this permission enables the Download Data option for each tile and throughout the dashboard.My question is: Would it be possible to disable the per-tile download option and keep only the one at the dashboard level?
Hi AllWe frequently use federated (external) tables within BigQuery, that look over a google sheet. Looker is capable of querying from these tables when we set up the connection via a service account - we simply have to share the sheet with the service account.However, we have recently come across a requirement where we must use an OAuth connection. Any queries that involve a federated table result in the following error: Query execution failed: - Access Denied: BigQuery BigQuery: Permission denied while getting Drive credentials.Typically this is because the correct scopes were not added to the OAuth consent. But even when we add them to the consent page config, Looker does not appear to request these. Note how on the left, the consent screen is set up to require many drive scopes (even a Fitness API scope), but on the right Looker actually requests BigQuery scopes instead.We have followed the oauth_for_bigquery_connections documentation.Any advice appreciated! Thank you
Dear community, I am wondering if there is a limitation as to how many concurrent SSO embed sessions a single Looker instance can handle. My team is integrating Looker into an application hit by hundreds of users daily, potentially at the same time.
Is it possible for admins to force the use of passcode or fingerprint in the looker mobile app? Is the passcode/fingerprint feature even available? I think the app is great, but feel somewhat uneasy that one can access the app and the data without a final verification step (thinking of cases where a phone might be stolen or left unattended).
We have a report where we need to provide downloading permission to just this one report for those with Viewer licenses.For this,1) we created a new model with just the fields we require in that report,2) created a permission set with all viewer settings and included download_with_limit and download_without_limit.3) Based on this we create a new role with the newly created model and permission.We are testing this now but we noticed that users who are viewers can download other reports based off other models as well.How can we prevent downloading permission to just this report?
schedule and send report(excel, csv, pdf) to email, but users are able to view part/full report according to roles.
Suppose, I have to schedule a dashboard report (export to excel/csv/pdf and email) to county, region and area manager. How to send the report to all manager, but the manager will only be able to view report according to their responsibility. Like area manager should be able to view only area data, region manager should be able to view area and region data and so on.
I have a scenario where User A and User B are in the same team(group). But user A should be able to view the explore X while User B should not be able to view the explore X. I tried using the access_grant, but it almost seems impossible. I do not want to create a new explore for another user. Is there any way I could accomplish this ? Please help!
Hi all!When creating a permission set, I see all of the permissions that are applicable. When I hover over the permission set, I get a tooltip that describes the permission in a single sentence. Is there any online looker help doc that has a list of all the permissions and explains each one of them?
I am a looker admin and a few users have clicked “Unsubscribe” on a scheduled email they had been receiving. Please note that these users do not have a looker account, they are just receiving scheduled emails containing looker data. These users currently do not receive ANY emails from Looker anymore, not just the email from the schedule where they clicked “unsubscribe”.I have tried the following steps to resolve this, but none have worked:I removed their names from the distribution list in the schedule and added them back in. I created a brand new schedule from the same look. I created a brand new look and added a new schedule to that look. I have tried searching the community forums but I don’t see anything showing how to fix this. I saw this post, but the solution proposed does not actually work I have tried checking the user settings for these users, but there is nothing in the menu about changing email preferences for other users (I did this under an Admin account)Please advis
I added the Looker entrepirse app to Azure and exported the federation xml info then used that to populated the fields in Looker - in azure i am struggling with the 2 fields at the start can somebody help with this info I am not getting anywhere with this SSO integration many thanks
Already have an account? Login
Login to the community
No account yet? Create an account