WSO2 DAS uses a combination of the global-level permission model and the role-based access control (RBAC) model to provide better access level configurations. Thereby, WSO2 DAS users are allowed to restrict access to their dashboards and manage their dashboards based on their personal preferences. Furthermore, users who have the admin role can access all the functions in the Analytics Dashboard.
A user with global level permission can sign into the WSO2 DAS Analytics Dashboard and create a dashboard if he/she is provided with the required permissions via the WSO2 DAS Management Console. Role-based access control (RBAC) that is assigned via the Analytics Dashboard provides the flexibility to assign different roles for each of the separate role-based permissions in WSO2 DAS, which are namely viewer, editor, and owner.
When a user ( a dashboard designer) creates a dashboard in the Analytics Dashboard it is initially only visible to him/her. The Dashboard Designer can provide access to certain users, who belong to the same tenant, to work with that respective dashboard. Furthermore, the Dashboard Designer is able to modify the list of user roles that can work with the dashboard. A dashboard can have multiple roles that have full permission.
You can use the global-level permission model to set permissions for the following use cases of WSO2 DAS:
- Login - Users should have the login permission to access the Analytics Dashboard.
- Create - Users should have the create permission to create new dashboards in the Analytics Dashboard.
The permission structure is as follows:
RBAC for dashboards
When you (Dashboard Designer) create a dashboard, the following internal roles are automatically generated for the different role-based permission levels (i.e., viewer, editor, and owner) in the Analytics Dashboard and are assigned to you.
Internal/<DASHBOARD_ID>-viewer -Users who have this role can view the relevant dashboard.
Internal/<DASHBOARD_ID>-editor -Users who have this role can edit and view the relevant dashboard.
Internal/<DASHBOARD_ID>-owner -Users who have this role can edit, view and delete the relevant dashboard, and update the dashboard settings.
e.g., When a Dashboard Designer creates a dashboard with the ID
my-dashboard, the following roles are automatically generated and assigned.
Initially, only you have the ability to view, edit, delete, or modify the settings of their own dashboard at startup. If another user needs to view, edit, delete, or modify the settings your dashboard, and if they do not have global level permissions, they need to be assigned the respective roles. A dashboard can have multiple owners. In addition, users with the
Internal/<DASHBOARD_ID>-owner role can add different roles into different role-based permissions, using the dashboard settings page, and give access to users with different roles.