About Dashboard Authorization

Dashboard authorization allows you to permit your entire account, groups within your account, or users within your account to read, write, or delete a dashboard. This allows you to share a dashboard with other users.

If a user belongs to a group that has the Can Administer Dashboards privilege enabled, the user can read, add, modify, or remove any dashboard in the Composer account. However, if the user does not belong to a group with this privilege enabled, the user can still be granted permission to read, write, or delete specific dashboards in the account using dashboard authorization. Dashboard authorization allows users in an account or group to read, write, or delete a dashboard, regardless of any group privilege settings that ordinarily limit their ability to do so.

To manage authorization of a dashboard, your Composer user definition must meet one of the following criteria:

  • It must be an administrator, belonging to the Administrators group
  • It must belong to a group with the Can Administer Dashboards (ROLE_ADMINISTER_DASHBOARDS) privilege enabled.
  • It must belong to a group with the Can Manage Dashboard Permissions (ROLE_PERMISSION_DASHBOARDS) privilege enabled. If your user definition has only this privilege (and not the Can Administer Dashboards privilege), you will only be able to manage authorization for the dashboards you can read.

Dashboard permissions are determined using a most permissive model. For more information, see How Dashboard Permissions Are Determined.

Dashboard authorization specifications can also be made using the API endpoints /api/dashboards/<dashboardid>/acls, /api/dashboards/<dashboardid>/acls/bulk, GET /api/user/permissions/dashboards/<dashboardid>, and GET /api/inventory/<type>/<id>. API documentation is provided with your Composer installation at this link: https://<composer-URL>/composer/swagger-ui.html.

For more information, see the following topics: