The roles, permissions, and groups authorization paradigm manages global permissions. For example, a user with Dashboards permission can manage all dashboards. This paradigm is sufficient for many Wavefront customers.
Administrators who need finer-grained control can manage access on a per-object basis. We currently support access control for dashboards and alerts.
This video shows how to limit access for a dashboard, how to give access (share) that dashboard, and how to set the Security organization setting. You can manage access for alerts the same way. The video uses the 2020 version of the Wavefront UI.
How Access Control Works
Wavefront supports granting and revoking access to dashboards and alerts.
- By default, all users can view all dashboards and alerts.
- Users with Dashboards permission can:
- Restrict or grant access to individual dashboards from the Dashboard browser.
- Click the Share icon on individual dashboards to change who has access.
- Users with Alerts permission can:
- Restrict or grant access for individual alerts from the Alerts browser.
- Click the Share icon on individual alerts to change who has access.
In high-security environments, administrators can change the security organization setting. After that change:
- Each new object (dashboard or alert) is visible only to the creator of the object and to the Super Admin users.
- The object creator or a Super Admin user can then share new dashboards with groups or users.
- If the administrator changes the Security organization setting back to allow Everyone access, then the objects that were created while the strict security organization setting was set, continue to be governed by access control.
Change Access for One or More Dashboards or Alerts
Privileged users can change the access setting for one or more dashboards or alerts from the Dashboards browser or the Alerts browser. The process is the same for both objects. The following steps show how to do it for dashboards.
- From the top menu bar, click Dashboards > All Dashboards.
- Select the check boxes for the dashboards you want to change. You can see the current Access settings in the Access column.
- Click +Access to add groups or users and -Access to remove groups or users.
- Enter the groups or users and click Update.
Changing Access for Individual Dashboards or Alerts
You can change access for an individual dashboard or alert from the Edit page of the object. For example, you can add access for the Finance group and revoke access for the Everyone group for a dashboard:
- Click Dashboards > All Dashboards and navigate to the dashboard you want to modify.
Click the name of the dashboard, and click the Share icon.
- In the Dashboard Links and Access window, click the Accounts & Groups tab.
- To grant View Access or View & Modify access, type the name(s) of groups or users.
- To revoke View Access or View & Modify access, click the
xnext to the group or user name that you want to remove.
Change the Access Control Security Organization Setting
Initially, all users can view all dashboards and alerts. In addition, global permissions apply:
- Users with Dashboards permission can modify all dashboards.
- Users with Alerts permission can modify all alerts.
Administrators can restrict access for new dashboards and alerts:
- Click the gear icon on the taskbar, and select Organization Settings.
- Click the Security tab and select Grant Modify Access To: Object Creator
After the change, access to new dashboards and new alerts is initially limited to the dashboard creator and the Super Admin users. Those users can share the objects with other groups or individual users by giving View access or View & Modify access.
Making Orphan Dashboards or Alerts Visible
An orphan dashboard results if:
- All users and groups, including the Everyone group, no longer have access.
- Only one user had access to a dashboard or an alert, and that user was deleted.
To restore an orphan dashboard or alert:
- Log in as a Super Admin user and from the gear icon on the taskbar select Super Admin.
- Select the orphaned dashboard or alert and share it with other users or groups.