Manage Workspace Permissions

Workspace permissions can be assigned using two types of permissions definition:

• permissions are tied to a specific workspace and define what a user can do with that one specific workspace.

• hierarchyPermissions are tied to a specific workspace and define what a user can do with that specific workspace and all of its child workspaces. For more information on workspace hierarchies, see Build a Workspace Hierarchy.

Supported Permissions

The following permissions are applicable to a workspace object:

• VIEW

  User can view dashboards.

• ANALYZE

  Additionally, user can create, edit or delete dashboards and visualizations. User can view the LDM and metrics.

• MANAGE

  Additionally, user can create, edit or delete LDM and metrics.

  Note

  To be able to work with the LDM fully, including PDM-LDM mapping, user also requires at least a USE permission for the data source that the workspace is connected to, see Manage Data Sources Permissions.

Set Permissions For a Workspace

Workspaces come with the API endpoint /api/v1/layout/workspaces/{workspaceId}/permissions that lets you to set permissions for a particular workspace without having to re-declare the entire workspace layout using a declarative API. Note that you need Organization.MANAGE permission or Workspace.MANAGE hierarchyPermission to use this API endpoint.

You can also set permissions using declarative API endpoints /api/v1/layout/workspaces or /api/v1/layout/organization. Note that you need Organization.MANAGE permission to use these API endpoints.

Steps:

1. Prepare a <your_workspace_permissions>.json file your workspace permissions definition:

   {
       "hierarchyPermissions": [
           {
               "assignee": {
                   "id": "<user_id_or_user_group_id>",
                   "type": "<user_or_userGroup>"
               },
               "name": "<MANAGE_or_ANALYZE_or_VIEW>"
           }
       ],
       "permissions": [
           {
               "assignee": {
                   "id": "<user_id_or_user_group_id>",
                   "type": "<user_or_userGroup>"
               },
               "name": "<MANAGE_or_ANALYZE_or_VIEW>"
           }
       ]
   }
   

   Use the permissions definition for users that should be able to access only the specific workspace.

   Use the hierarchyPermissions definition for users that should be able to access not only the specific workspace, but also its child workspaces.

   You may, but you do not have to use both types of these permission definitions.

2. Update the workspace permissions using the following API call:

   curl -H "Authorization: Bearer $API_TOKEN" \
       -H "Content-Type: application/json" \
       -X PUT \
       $HOST_URL/api/v1/layout/workspaces/{workspaceId}/permissions -d @<your_workspace_permissions>.json