How to Implement Role-Based Access Control for Dashboards in Bold BI?
Introduction to Permissions Management in Bold BI
Permissions management is a critical aspect of any software system, as it governs the access rights of users or groups to information and functionalities. In Bold BI, permissions management is robust and flexible, allowing administrators to assign various levels of access, such as read, write, create, and delete permissions, to different users and groups. This ensures that only authorized individuals can view or interact with dashboards and other resources.
Role-based access control (RBAC) is essential in managing permissions within any organizational structure. By implementing RBAC, administrators can control what access each role has to each resource, securing sensitive data effectively. Bold BI offers a robust set of features for permissions management, allowing administrators to dictate exactly who can view or interact with specific dashboards.
The Significance of Dashboard Access Control
Controlling dashboard access is essential for several reasons:
- Enhanced Security: By managing dashboard access permissions, organizations can protect sensitive business information from unauthorized access and potential data breaches.
- Increased Accountability: With clear access permissions, it is easier to identify and hold individuals accountable for the misuse of data, promoting responsible data handling.
- Customized User Experience: Tailoring dashboard access ensures that individuals only see information pertinent to their roles, simplifying navigation and reducing confusion.
- Regulatory Compliance and Resource Optimization: Proper dashboard access management aids in meeting regulatory compliance, protecting data privacy, and ensuring efficient use of resources.
Managing Dashboard Permissions in Bold BI
Managing permissions in Bold BI dashboards is essential for maintaining the security and integrity of your data. Permissions ensure that only authorized individuals or groups have access to the dashboards and can perform specific actions. This section outlines the steps to enable permissions for both individual users and groups within Bold BI.
Understanding Permissions
Before we dive into the steps, let’s understand the components involved in setting permissions:
- Entity: This defines what access is being granted. It could be a dashboard, a data source, or any other resource within Bold BI.
- Scope: This allows you to specify the resources or settings to which access is being granted. You can choose to grant access to specific dashboards or data sources.
- Access Mode: This determines the level of interaction users can have with a dashboard. It could range from view-only to full edit and interaction capabilities.
Access Mode Permissions in Bold BI are categorized to control distinct actions within the system:
- Read: Allows viewing of dashboards and reports.
- Write: Grants the ability to edit and save changes to dashboards.
- Create: Permits the creation of new dashboards or reports.
- Delete: Authorizes the removal of dashboards or reports.
Steps to Add Permissions
To grant access to a dashboard, follow these general steps:
- Select the entity for which you want to grant access.
- Choose the scope of the access if required.
- Determine the access mode that defines what actions the user or group can perform.
- Click Add to apply the framed permission for the user or group.
User Access
Important: Please consult the user guide documentation Manage Users in the Bold BI provided at the link for detailed instructions on how to add users in the Bold BI platform. It is important to note that only users within the System Administrator group have the ability to add, edit, or delete users within the system.
To enable dashboard access for individual users:
- Navigate to the user management grid and click the kebab menu icon, then select Manage Permissions.
- Click on the user’s name to go to their profile page, and then click Manage Permissions again.
- In the manage permissions grid, you will see permissions directly assigned to the user and those inherited from groups they belong to.
- Click Add Permission to assign new permissions to the user.
You can also select multiple scopes and entities to assign multiple permissions. For more information on how to add and manage permissions, please visit the Manage Permissions page.
Group Access
Important: For comprehensive instructions on the process of adding, editing, and deleting groups, as well as assigning users and overseeing permissions within Bold BI, please consult the detailed user guide documentation titled “Manage Groups” available at the following link: Manage Groups
To enable dashboard access for groups:
- In the group management grid, click the kebab menu and select Manage Permissions.
- Click on the group’s name to visit the group profile page, then choose Manage Permissions from the dropdown menu.
- The manage permissions grid will display permissions assigned directly to the group.
- Click Add Permission to assign new permissions to the group.
Utilizing Groups for Role-Based Access: Step-by-step guide on setting up RBAC
Important:While Bold BI does not have a direct role-based permissions system, administrators can achieve similar functionality by creating user groups. By assigning permissions to these groups, administrators can control access to dashboards and other resources, ensuring that users have the necessary access to perform their roles effectively.
This section provides a step-by-step guide on setting up RBAC for dashboards using Bold BI, focusing on a Project Management dashboard scenario.
The Project Management dashboard is a vital tool for team members and managers to organize, track, and measure the success of team projects and tasks. It provides insights into various aspects of project management, allowing for better decision-making and resource allocation.
Disclaimer: The data exhibited in the dashboard and the usernames employed as examples in this knowledge base article are entirely fictional and provided solely for demonstration purposes.
To implement RBAC in Bold BI, follow these steps:
Step 1: Add Users to Bold BI
Note: Please consult the user guide document provided at the following link for detailed instructions on how to add users within the Bold BI platform: Manage Users in the Bold BI
Before setting up RBAC, ensure that all users who need access to the dashboards are added to Bold BI. Users can be added manually or in bulk, depending on the organization’s needs.
Screenshot of the list of Example users added:
Step 2: Create the Project Management Dashboard
Develop a comprehensive Project Management dashboard that caters to the needs of your organization. This dashboard should provide relevant information that helps managers and team members in their respective roles.
Project Management dashboard Screenshot:
Step 3: Define Roles
Identify the different roles within your organization that will interact with the dashboards. For the Project Management dashboard, you might define roles such as Managers and Team Members. Each role will have different access needs based on their responsibilities.
Step 4: Create Role-Based Groups and Add Users
Important: For comprehensive instructions on the process of adding, editing, and deleting groups, as well as assigning users and overseeing permissions within Bold BI, please consult the detailed user guide documentation titled “Manage Groups” available at the following link: Manage Groups
Create groups corresponding to the roles identified in the previous step. Add users to these groups based on their roles within the organization. For instance, all project managers would be added to the Managers group, while individuals working on specific tasks would be part of the Team Members group.
Screenshot of the Managers Group with users:
Screenshot of the Team Members group with users:
Step 5: Assign Permissions
With the roles and groups in place, it’s time to assign permissions.
- Select the required group to which you want to assign the permission, here we select the Managers group.
- Click on the
Manage Permissionsoption.
- Now click on
Add Permission.
- The
Add Permissionsdialog will be shown. Here, you can set permissions at granular levels, such as Read, Write, and Delete access.
For example, you might give the Managers group full access (Read, Write, Delete) to the Project Management dashboard, while the Team Members group might only have Read access.
Screenshot of the Permissions assigned to the Managersgroup:
Screenshot of the permissions assigned to the Team Members group:
Step 6: Verify Access Control
After setting up the permissions, it’s crucial to verify that they are working as intended. Log in as users from different groups to ensure that they have the appropriate level of access to the Project Management dashboard. This step confirms that the RBAC setup is functioning correctly and that data security is maintained.
Read and Write Access Permissions
With the correct permissions, group members can use customization tools to read and edit the dashboard. In this example, The Managers group can view and edit the Project Management Dashboard as shown in the following screenshots.
Screenshot: Viewing the Dashboard from John Doe Account (Member of Managers group)
Screenshot: Editing the Dashboard from John Doe Account (Member of Managers group)
Read-Only Group Permissions
Group members can view the information but cannot make changes. In this example, The “Managers” group can only view the “Project Management Dashboard” as shown in the following screenshots.
Screenshot: Viewing the Dashboard from Sunita Iyer’s Account (Member of Team Members group)
Screenshot: Editing Dashboard is restricted for the Sunitha Iyer Account (Member of Team Members group)
No Access Permissions
If permissions are disabled, the group will not be able to access the dashboard. For example, We have removed the user Sunita Iyer from the Team members group. So the user can no longer access the Project Management Dashboard as shown in the following screenshots.
Best Practices for Permissions Management
- Define roles and required permissions clearly.
- Create user groups based on roles within the organization.
- Assign appropriate permissions to user groups.
- Implement row-level security for fine-grained access control.
- Regularly review and test permissions to ensure proper access levels.
- Educate managers on setting up permissions to prevent unauthorized access.
- Use single sign-on (SSO) for streamlined authentication.
- Monitor user activities to ensure compliance with permissions.
- Keep permissions updated to reflect changes in roles or responsibilities.
Conclusion
Implementing role-based dashboard access in Bold BI is a straightforward process that significantly enhances data security and operational efficiency. By following the outlined steps and best practices, administrators can ensure that users have the appropriate level of access to perform their roles while safeguarding sensitive information.
Row Level Security: The steps described in this knowledge base article address resource-level security for dashboards and data sources. Row level security allows for detailed control over data visibility, ensuring each user only sees data relevant to their role when sharing a dashboard. This enhances both security and efficiency. For more information on Row Level Security in Bold BI, please visit the following link: Row Level Security in Bold BI
Additional References
- Bold BI Blog: Unlocking the Power of Permissions: Managing Dashboard Access for Enhanced Security
- Bold BI Video Tutorial: Managing Users, Groups and Permissions in Bold BI
- User Guide: Manage permissions for Users
- User Guide: Manage permissions for Groups
- User Guide: User Access Control in Bold BI Security
- Bold BI Blog: Row-Level Security with User-Based Filters
- User Guide: Row-level Security with Isolation Code
- Knowledge Base: Assigning Dashboard Access Permissions to Groups and Users in Bold BI
- Knowledge Base: How to Provide Create Permission to Dashboards and Other Items in the Bold BI Site
- Knowledge Base: How to provide user permission for dashboard and other entities using Bold BI REST API
