Sharing OmniSci dashboard

Comments

12 comments

  • Avatar
    Neill Lewis

    Hi @HAPPY ,

    The user interface elements in OmniSci Immerse correspond with the privileges granted to the user. If you'd like a user to only be able to see a particular view, I might suggest creating a role for this user with only the minimum required privileges to load a specific dashboard and select only from the specific table or tables used by the dashboard. Here's an example:

    CREATE role limitedViewers;
    GRANT ACCESS on DATABASE omnisci to limitedViewers;
    GRANT SELECT ON TABLE tableUsedByMyDashboard to limitedViewers;
    GRANT VIEW ON DASHBOARD 1 to limitedViewers; 
    GRANT limitedViewers to someUsername;
    

    The above would create a role limitedViewers, and grant to this role the ability to login to the database, the ability to view a specific dashboard, and the ability to select from the table used by the dashboard. In the final line, I grant this role to my intended user.

    Further reading on this topic: Roles and Privileges - HEAVY.AI Docs Users and Databases - HEAVY.AI Docs

    Have a great day! Let us know if you encounter any other questions.

    1
    Comment actions Permalink
  • Avatar
    Candido Dessanti

    Hi,

    To add to what @Neill already said; there is a privilege called VIEW SQL EDITOR that can be revoked to users, and this would hide the SQL Editor from the users.

    Revoking or not giving the CREATE TABLE privilege would turn off the IMPORT DATA button.

    Candido

    0
    Comment actions Permalink
  • Avatar
    HAPPY

    Thank you @Neill and @candido.dessanti . This works great! A follow up question:

    GRANT VIEW ON DASHBOARD 1 to limitedViewers;

    Does the Dashboard name has to be in integer for this SQL command?

    0
    Comment actions Permalink
  • Avatar
    Candido Dessanti

    Hi,

    The privilege on a dashbaord Is granted or revoked specifying the dashbaord_id not the name, so the 1 in the previous example was an id.

    Here the link to the dashboard's privileges and the details about the syntax.

    https://docs.heavy.ai/installation-and-configuration/security/roles#grant-on-dashboard

    0
    Comment actions Permalink
  • Avatar
    HAPPY

    Thanks @candido.dessanti ! How do I find the ID of my dashboard?

    0
    Comment actions Permalink
  • Avatar
    Candido Dessanti

    Hi,

    as stated in the docs you need to use the \dash command of omnisql CLI command

    image|690x62

    I don't think we actually have a SQL command to show such data

    0
    Comment actions Permalink
  • Avatar
    HAPPY

    Thanks @candido.dessanti ! This worked. Could I revoke the privilege to "download CSV" from Charts in any way?

    0
    Comment actions Permalink
  • Avatar
    Candido Dessanti

    Hi, activating the feature flag ui/restricted_viewing in the servers.json file

    https://docs.heavy.ai/immerse/customization#feature-flags

    the users without the grant to edit a dashboard, so the ones that are basically read-only, won't be able to download data anymore.

    We have requests for a more specific parameter, but it's not prioritized right now

    Candido

    0
    Comment actions Permalink
  • Avatar
    Xiaokang Fu

    👍 Hi, after trying all the steps, we successfully create a user who can log in without a password and can only access the dashboard. But,

    1. Is there any way to make a dashboard totally public like this, which doesn't ask for inputting and username or database?
    2. If not, can we change the default user name and database to a specific one so that the user can hit the login button without inputting anything?
    0
    Comment actions Permalink
  • Avatar
    Candido Dessanti

    Hi Xiaokang Fu, HAPPY

    About the first question, in our demo there's a user that automatically log-in as you can see in this screenshot
    it's called demouser, and you can also log out.

    To make a default user login automatically, a server.json file is needed, containing the username and the password property (in this case, we are using a user called demouser)

    [
    {
       "database": "heavyai",
       "url": "localhost",
       "port": "6273",
       "username": "demouser",
       "password": "demouser",
       "feature_flags": {
          "ui/default_theme": "light",
          "ui/hide_deprecated_chart_types": false,
          "ui/enable_crosslink_panel" : true,
          "ui/enable_linked_zoom": true
       }

    }
    ]

    Save the servers.json file in a location accessible by the OS user running immerse and then add a line to you configuration file.

    [web]
    port = 6273
    frontend = "/opt/mapd/heavyai-ee-6.4.3-20230227-3693ae483b-Linux-x86_64-render/frontend"
    servers-json="/var/lib/heavyai/servers.json"


    If it's needed something like a kiosk mode, we haven't an easy way, but we'll have one soon; in the meantime, you can further customize the interface as we did in this post.

    https://support.heavy.ai/hc/en-us/community/posts/10752361057175/comments/10752419640343

    Bests,
    Candido

    0
    Comment actions Permalink
  • Avatar
    Xiaokang Fu

    Hi,

    Just an update on our work. For now, we want to share our dashboard only with those with our university key (All the users who log in with their university key can see the dashboard). We have discussed this with our IT support, we are now exploring the CAS protocol for sharing this dashboard. I wondering if it this possible to do that. What's the solution for doing that?

     

    0
    Comment actions Permalink
  • Avatar
    Candido Dessanti

    Hi,

    From what I know CAS authenticators can be configured to use SAML or LDAP, and both are supported. You can refer to the docs about the security section of the docs.

    https://docs.heavy.ai/installation-and-configuration/security/saml
    https://docs.heavy.ai/installation-and-configuration/security/ldap

    You can also use auth0 thru SAML.

    The configurations have to be changed in the database server, but I'm not sure if you can use with a Free License.

    Candido

    0
    Comment actions Permalink

Please sign in to leave a comment.