Hi. We have a root workspace with all data; if we ...
# gooddata-cnf
Filip Turniški
09/25/2023, 5:55 AMHi. We have a root workspace with all data; if we accidentally open it, we are crashing our database. Is there a way to prevent all users from seeing that workspace on the web interface, including the admin group?
i
Ivana Gasparekova
09/25/2023, 12:58 PMHi Filip,
I am afraid, this is not possible right now.
May I know why do you need to keep all the data in this particular workspace, please?
Also, have you considered managing such workspace under the separate organization, please?
f
Filip Turniški
09/25/2023, 1:04 PMwe have a main (root) workspace with all of the data and then we are making a child workspace with an account filter.
we are doing it this way for easier deployment of new versions of the workspace and easier maintaining of it
i
Ivana Gasparekova
09/25/2023, 1:50 PMThank you for the clarification. May I know what type of the database are you using, please?
Did you have a chance to collect any error message or a log before it crashed, by a chance?
j
Jan Soubusta
09/25/2023, 3:23 PMInteresting use case.
We suggest to not grant admin (organization admin) privileges to users using child workspaces (tenants, usually your customers). Instead, grant privilege to specific child workspace to each user.
f
Filip Turniški
09/26/2023, 5:58 AM@Ivana Gasparekova it's just getting timeout because mssql is not jet optimized and there is lot of data
Filip Turniški
09/26/2023, 5:59 AM@Jan Soubusta only developers have access to admin, but we were searching way to prevent accidents if it's posible
j
Jan Soubusta
09/27/2023, 7:00 AMWhat exact minimal privileges do these developers need?
I mean - do they need a read or even write access to the parent workspace?
And if yes, would you appreciate a setup where these developers have read/write access to the definitions of LDM/analytics but they would not have an access to execute any report?
f
Filip Turniški
09/27/2023, 7:03 AMwe have it set up like that, but i was hoping there is an option for "hide it" from everyone
j
Jan Soubusta
09/27/2023, 7:14 AMSo do the developers need a write access to the parent workspace?
f
Filip Turniški
09/27/2023, 7:30 AMnobody should have access to the parent workspace. Not just writing, it should be also forbidden from reading. At the moment we have only admin user who is having access to that workspace and we are pushing changes through API call to master and then it's propagated to children
j
Jan Soubusta
09/27/2023, 9:41 AMOK. So if the developers do not need an access to the parent workspace, then grant them privileges to all but the parent workspaces explicitly, do not grant them org admin privilege.
Would that work for you?
f
Filip Turniški
09/27/2023, 9:52 AMyes, it is how we do it at the moment. I just wanted to check if there is some other feature/ability to completely forbid access to the parent workspace. Thank you for your answers :D
j
Jan Soubusta
09/27/2023, 1:32 PMUnfortunately there is no such feature.
I am going to record it to our ProductBoard
p
Productboard
09/27/2023, 1:34 PM🎉 New note created.