Permissions

Deephaven's configurable access control enables the individual authorization of users and groups to view and/or edit data, queries and reports. There are a number of special groups, such as allusers and superusers (See Permissions in System Administration to learn more). Changes to these groups must be made in the Deephaven swing version.

Normal users will have full access to Deephaven on the web, meaning that they can open interactive consoles and create persistent queries.

View-only users, as the name implies, can view queries, but are not allowed to create or edit queries. These users will not be able to see or open Code Studio tabs. When they open Deephaven on the web, they will be sent to the +New window. They can view shared dashboards or create dashboards of their own with the data made available to them.

View-Only Users

There may be instances when you want to share limited views of your data while keeping your queries private. You can create a shared user/view-only users in the Deephaven ACL Editor (in Swing) via the special group options.

To create shared users, they must be added to the deephaven-queryviewonly ACL group. Access the ACL Editor in the Advanced menu in Deephaven:

The Group Administration section (on the right side of panel) includes options for adding users to groups, as shown below:

Select deephaven-queryviewonly from the Group drop-down list. Click Add User to Group. Members of this group are not allowed to create or edit queries, and can only view the specific persistent queries that denote them as a viewer. Dashboard Users are also included in the allusers group by default.

Users in special groups appear in a list at the bottom of the ACL Editor. To remove a user from a special group, right-click the username to access the context menu, and select Delete User to Group Mappings, as shown below.

Persistent Query Access Control

It is necessary to manually configure permissions to individual persistent queries in order for view-only users to see the tables and plots used to build the dashboards shared with them. You can do so in the Permissions tab in the Query Monitor:

The box in yellow outline lists additional users with access to that query. You can add an individual user or a user group. Make your selection from the drop-down menu, then click Add. For example, the "allusers" group is being selected above. Then, assign Viewer or Admin privileges using the drop-down next to the name:

As the name implies, a Viewer will be able to view the name of the query and its associated tables and plots in the Panels menu of the Web Dashboard, but they will not see the query code nor be able to start/stop the query unless explicit permission is granted.

See Query Monitor > Permissions to learn more.

Last Updated: 16 February 2021 18:07 -04:00 UTC Deephaven v.1.20200928 (See other versions)