Logi Composer 5.9.1 Release Notes

The following enhancements and updates were made to Composer in version 5.9.1. See the following topics:

Email salesteam@logianalytics.com to purchase Composer.

Licensing Updates

When a Composer standard license expires with this release, only supervisors can log in (so they can update the license). Regular users will see a message stating that the license has expired.

Migration Considerations

Logi Analytics highly recommends that you vacuum the PostgreSQL database instance after every upgrade, but especially after upgrading to Composer 5.9. See Vacuuming Composer's Metadata Store.

Product Rebranding Updates

The following product rebranding updates occurred in this release.

  • The Content-Type header vnd.composer.v2+json is now the default Content-Type used for API routes. The Content-Type header vnd.zoomdata.v2+json is still accepted for backward compatibility, but is deprecated and will be removed in a future release. API routes that respond with JSON that conforms to a schema, respond using the vnd.composer.v2+json or vnd.zoomdata.v2+json content type, depending on the setting of the Accept header. If the Accept header specifies either vnd.composer.v2+json or vnd.zoomdata.v2+json, the API response is returned using the requested content type. However, if neither vnd.composer.v2+json or vnd.zoomdata.v2+json are specified in the Accept header, the API response uses the content type specified by the Content-Type header.

  • The Composer context variable ${User.zoomdataUserName} has been renamed ${User.composerUserName}. Use of the ${User.zoomdataUserName} context variable is deprecated. See Supplied Context Variables.

Authorization Updates

The following authorization updates were made in this release.

  • A new UI privilege Can Generate Embed Code (API privilege ROLE_GENERATE_EMBED_CODE), is added in this release. Use this privilege to control whether users can generate the embeddable code for a dashboard snippet. See Group Privilege Reference.

  • The ability to use forced filters to filter data sources for a group has been moved from group definitions to data source definitions and is renamed row security. The Data Sources tab of a group definition in the UI no longer provides an option to add a filter for a data source. However, you can set row security filters for specific groups for a data source from the Sources page. See Restricting Group Access to Data Using Row Security for more information about row security for data sources. You can still restrict the overall use of data sources in a group definition. See Restricting Data Source Configurations in a Group.

  • The ability to restrict access to specific fields in a data source by group definition has been moved from group definitions to data source definitions and is renamed column security. The Data Sources tab of a group definition in the UI no longer provides an option to specify the data source fields available for the group. However, you can specify the data source fields available for the group using column security from the Sources page. See Restricting Group Access to Fields Using Column Security for more information.

  • A new OAuth 2.0 configuration property, oauth.token.always-create-new, was added in this release and is set to true by default. This property ensures that a valid access token is present all the time for Composer enhanced script-based dashboard embedding provided in this release. When this property is set to true, a new valid OAuth access token is generated each time a POST /api/oauth2/token or GET /api/oath/authorize endpoint request is issued, and any previously generated tokens are not invalidated. They will expire naturally.

    When this property is set to false and a POST /api/oauth2/token or GET /api/oath/authorize endpoint request is issued, an existing valid access token is returned, if one is available. If one is not available, a new valid OAuth access token is generated for the user.

  • If you submit a Composer API request using an invalid or expired OAuth 2.0 access token for the request, Composer now produces an error response. See Handling of OAuth 2.0 Invalid or Expired Access Tokens.

  • OAuth security is now enabled by default. However, if it is not enabled (by the supervisor in the supervisor UI), then all OAuth client and token-related API endpoints now return a 404 response code or a 401 unauthorized response code (when an existing token is used). In addition, the OAuth API endpoints are not visible in the Swagger documentation. The primary OAuth endpoints are:

    • /api/oauth2/client endpoints
    • /api/oauth2/token endpoints
    • /api/oauth/token endpoints
    • /oauth/authorize endpoint

    See Enabling OAuth 2.0.

Row and Column Security

This release introduces row and column security for data source configurations.

  • Row security allows you to use filters to restrict the data source data available to specific authorization groups. In past releases, this was accomplished using forced filters specified in group authorization definitions. Now this functionality is provided in the row security filters set for data source definitions. For more information about row security, see Restricting Group Access to Data Using Row Security.

    In addition, row security filters allow you to use variables (from custom user attributes) for numeric field values in addition to using them for attribute values. In past releases, you could only use variables as values for attributes in forced filters.

  • Column security allows you to restrict the data source fields available to an authorization group. In past releases, this functionality was available in the data source settings in group authorization definitions. Now it is provided in the column security filters set for data source definitions. See Restricting Group Access to Fields Using Column Security.

Dashboard Authorization Changes

This release adds dashboard authorization by user, the ability to permit a specific user in your account to read, write, or delete a dashboard. For complete information, see About Dashboard Authorization.

Dashboard Embedding Enhancements

This release enhances the dashboard embedding functionality available in past releases. To generate an embeddable dashboard snippet, you must be an administrator or your user definition must be a member of a group assigned the Can Generate Embed Code (ROLE_GENERATE_EMBED_CODE) privilege. In addition, OAuth authentication must be enabled and cross-origin sharing (CORS) must be enabled for your Composer instance. See Embed Composer v5 Dashboards.

A new option in the Actions column in the UI dashboard library allows you to generate and copy an embeddable snippet for the dashboard. When you select this icon, a new Embed Code dialog appears.

When dashboards are embedded, the way in which users can interact with them and their visuals is determined by settings established in:

For complete information, see Embed Composer v5 Dashboards.

Themes Changes

A new variable colors.linkColor and two new properties, customProperties.dashboardList.linkColor and customProperties.resourcesTable.linkColor, have been added to the input JSON for themes.

The colors.linkColor setting can be used to specify the colors of links in lists in the UI. It is the default setting for the new customProperties.dashboardList.linkColor and customProperties.resourcesTable.linkColorproperties. Change this variable setting and the link colors specified by these properties automatically change.

In addition, you can specify custom colors for the new properties:

  • Specify a custom color for the customProperties.dashboardList.linkColor property in the JSON to control the color of the links in the dashboard library list.
  • Specify a custom color for the customerProperties.resourcesTable.linkColor property in the JSON to control the color used for the lists in the Visual Gallery, the Connections page, and the Sources page in the UI.

See Sample Themes JSON File.

Actions Template Updates

Variables for the user account and user name can now be inserted in the URL in an action template. The variables are passed to the connection string via the following context variables.

  • ${User.composerUserName} can be used to insert the name of the user that is currently logged in or invoking a call. Note that the ${User.zoomdataUserName} context variable is deprecated.

  • ${User.accountId} can be used to insert the account ID of the user that is currently logged in and invoking the action. This is a new variable provided with Composer.

See Supplied Context Variables and Defining an Action Template.

API Changes

The following changes were made to the API in this release.

  • The Content-Type header vnd.composer.v2+json is now the default Content-Type used for API routes. The Content-Type header vnd.zoomdata.v2+json is still accepted for backward compatibility, but is deprecated and will be removed in a future release. API routes that respond with JSON that conforms to a schema, respond using the vnd.composer.v2+json or vnd.zoomdata.v2+json content type, depending on the setting of the Accept header. If the Accept header specifies either vnd.composer.v2+json or vnd.zoomdata.v2+json, the API response is returned using the requested content type. However, if neither vnd.composer.v2+json or vnd.zoomdata.v2+json are specified in the Accept header, the API response uses the content type specified by the Content-Type header.

  • The /api/security/attributes endpoint is deprecated with this release. Its code will be removed from the product in a future release. It has been replaced by the new /api/sources/<source-id>/security/attributes endpoint, used for column security.

  • The /api/filters endpoint is deprecated with this release. Its code will be removed from the product in a future release. This endpoint has been replaced by the new /api/sources/<source-id>/security/filters endpoint, used for row security.

  • A new /api/sources/<source-id>/security/attributes endpoint has been added to support column security. See Restricting Group Access to Fields Using Column Security.

  • A new /api/sources/<source-id>/security/filters endpoint has been added to support row security. See Restricting Group Access to Data Using Row Security.

  • The /api/dashboards/<dashboard-id>/key endpoint is deprecated with this release. Its code will be removed from the product in a future release. You can no longer share a dashboard by generating a public link.

  • A new X-AUTHORIZATION-ACCOUNT header has been added to the API that allows you to set the account to which the API call should be applied. The target account must be available to the user. For example:

    X-AUTHORIZATION-ACCOUNT : <account-id>

    This header is only supported for basic authentication requests.

  • If OAuth security is not enabled by the supervisor in the supervisor UI, then all OAuth client and token-related API endpoints now return a 404 response code or a 401 unauthorized response code (when an existing token is used). In addition, the OAuth API endpoints are not visible in the Swagger documentation. The primary OAuth endpoints are:

    • /api/oauth2/client endpoints
    • /api/oauth2/token endpoints
    • /api/oauth/token endpoints
    • /oauth/authorize endpoint
  • The /api/pagedata endpoint is deprecated in this release and its code has been removed.

API documentation is provided with your Composer installation at this link: https://<composer-URL>/composer/swagger-ui.html.

User Interface Changes

The following changes were made to the user interface in this release:

  • The Dashboard Permissions dialog now allows you to grant and revoke read, write, and delete permissions for specific dashboards to specific users in your account. See About Dashboard Authorization.

  • A new option in the Actions column in the dashboard library allows you to generate and copy an embeddable snippet for the dashboard. When you select this icon, a new Embed Code dialog appears. See Embed Composer v5 Dashboards.

  • The table on the Sources page now includes columns that allow you to specify row and column security filters for a data source configuration. In addition, when you select the icons in these columns, new Row Security and Column Security dialogs appear. See Sources Page, Restricting Group Access to Data Using Row Security, and Restricting Group Access to Fields Using Column Security.

  • You can now specify more than one value for a single wild card filter. In past versions, you could only specify one value. When multiple values are specified for a wild card filter, they are processed using OR processing. In other words, a record can meet the wild card filter criteria specified by any of the wild card values to be selected for filter processing. See Applying Wild Card Filters to a Visual or Dashboard.

  • The INCLUDE and EXCLUDE operators can now be used for numeric fields in filters. In past releases, they could only be used in filters for attribute fields. See Operators.

  • Custom attributes in user definitions now support multivalue fields (arrays). Specify the values you need in the custom attribute definition. Values should be separated with commas. See Specifying Custom User Attributes.

What's Fixed?

The following problems were fixed in this release:

  • The connector data store version support listed in data source configurations are now updated after an upgrade.

  • Safe checks have been incorporated to stop the creation of duplicate dashboard and visual elements when multiple saves are performed.

  • The Rows per Page option for pivot tables now works as expected, limiting the number of rows per page shown.

  • Histograms no longer break when one of the fields is named Count.

  • Resolved time zone and time bar offset inconsistencies.

  • Zoomdata 4.9 dashboards can now be saved in Composer 5 after they are imported.

What's Deprecated?

The following platforms, software and features are no longer supported in this release.

  • The Content-Type header vnd.zoomdata.v2+json is still accepted, but is deprecated and will be removed in a future release. Use the Content-Type header vnd.composer.v2+json instead.

  • The /api/security/attributes endpoint is deprecated with this release. Its code will be removed from the product in a future release. It has been replaced by the new /api/sources/<source-id>/security/attributes endpoint, used for column security.

  • The /api/filters endpoint is deprecated with this release. Its code will be removed from the product in a future release. This endpoint has been replaced by the new /api/sources/<source-id>/security/filters endpoint, used for row security.

  • The /api/dashboards/<dashboard-id>/key endpoint is deprecated with this release. Its code will be removed from the product in a future release. You can no longer share a dashboard by generating a public link.

  • The /api/pagedata endpoint is deprecated in this release and its code has been removed.

  • The Composer context variable ${User.zoomdataUserName} has been deprecated. Use the new Composer context variable ${User.composerUserName} instead. See Supplied Context Variables.