https://www.gooddata.com/ logo
Join Slack
Powered by
Trying to get our permission structure configured....
# gooddata-cloud
c
Trying to get our permission structure configured. I have the following workspace hierarchy: • tenant-reporting-base ◦ tenant-a ◦ tenant-b I have a group (tenant-base-view) which is assigned the following on the tenant-reporting-base workspace:
Copy code
{
  "hierarchyPermissions": [
    {
      "assignee": {
        "id": "tenant-base-view",
        "type": "userGroup"
      },
      "name": "VIEW"
    }
  ],
  "permissions": []
}
The issues I'm seeing: • The tenant-reporting-base Workspace is listed but shows "This workspace is empty" beside it's name • The tenant-a and tenant-b workspaces are listed, but clicking them ends up looping back to the workspace list page. Just not sure what I'm missing in the group assignments.
m
Hi Craig, there is a mismatch in the permissions applied to the group since you are not getting any error messages. More specifically, your permissions array is empty: 
"permissions": []
You would need to assign the intended value to the user group directly on the root workspace following the structure documented here: https://www.gooddata.com/developers/cloud-native/doc/cloud/manage-organization/manage-permissions/set-permissions-for-workspace/#ManageWorkspacePermissions-SetPermissionsForaWorkspace
c
I've adjusted the permissions to:
Copy code
{
  "hierarchyPermissions": [
    {
      "assignee": {
        "id": "tenant-base-view",
        "type": "userGroup"
      },
      "name": "VIEW"
    }
  ],
  "permissions": [
    {
      "assignee": {
        "id": "tenant-base-view",
        "type": "userGroup"
      },
      "name": "VIEW"
    }
  ]
}
but am still having the same issue where a member of this group cannot open any of the workspaces successfully
m
Were the permissions set at the root workspace level? If so, is the workspace still showing as empty?
c
The permission are set on the tenant-reporting-base workspace, which is the parent to the others. It seems as if the workspace permissions aren't giving access to the dashboards. Do I need to explicity allow the group on each dashboard?
m
If you haven’t done so, please make the call described here: Manage Dashboard Permissions | GoodData Cloud Native
Note that for the user or user group to be able to be an available asignee in the dashboard/s they must first have the required workspace permission, so even if you assigned them a permission to access the dashboard, it will remain inacessible to them. That’s the reason it is mandatory to first assign a 
Workspace.VIEW
or 
Workspace.ANALYZE
permission to the user or user group first.
c
Ah, ok, so I have to explictly grant permissions to the dashboards. That seems to have helped resolve my issue. Thanks!
🙌 2
m
Glad to hear 🙂
c
Having a similar issue, I have a userGroup let's call this 
viewers
who I want to have a view only of a set of dashboards within a workspace. I've assign the workspace permissions as follows:
Copy code
{
    "hierarchyPermissions": [
        {
            "assignee": {
                "id": "viewer",
                "type": "userGroup"
            },
            "name": "VIEW"
        }
    ],
    "permissions": [
        {
            "assignee": {
                "id": "viewer,
                "type": "userGroup"
            },
            "name": "VIEW"
        }
    ]
}
I've then also assigned each dashboard in the workspace as follows via the GUI:
Copy code
{
  "userGroups": [
    {
      "id": "viewer",
      "name": "Viewers",
      "permissions": [
        {
          "level": "VIEW",
          "source": "direct"
        }
      ]
    }
  ],
  "users": []
}
I still see the "This workspace is empty" on the workspaces listing as @Craig Shyjak mentioned, - what am I missing? 😄 If I change the workspace permissions to 
ANALYZE
though I can then get in and view the dashboards within that workspace. However this is too much access for this usergroup, I only want them to 
View
.
c
@Cam Findlay seems like i'm in the same boat now. What was working now isn't it seems. View only access is giving me "The workspace is empty" messages. If i bump it up to analyze it works.
m
@Cam Findlay this is indeed bug on our side. We’re currently working on a fix. Please stay tuned for any updates.
🙌 1
c
@Moises Morales just checking back as we are still seeing this bug in GoodData Cloud for our VIEW level users - is this bug on any active roadmap or resolve path? Thanks 🙂
m
Hi Cam, our apologies for the delay in our response. I want to let you know that our team has scheduled the fix to be deployed this Thursday. We will keep you posted. In the meantime, I checked further and it looks like the bug can be avoided by giving the userGroup the 
ANALYZE
permission for the Workspace. It has more rights than the 
VIEW
permissions, but not as potentially disruptive as full Admin rights. The dashboard permissions should then apply correctly, so users in the Group will be able to access the Dashboards that were shared with them too.
c
Cheers for that we'll wait til Thursday as we have a particular group that should really be 
VIEW
only
m
The fix was successfully released. Can you please confirm the feature is working as expected now?
c
yes this is now working for our view only users
m
Glad to hear Cam. Thanks once more for your patience!
Open in Slack
PreviousNext
Powered by