How do you structure user access

GenDemo · 12-08-2021 03:14 PM

Hi All

I am looking for some advice on how to structure access and permission at my company in Looker.

We are currently using one group for all users and they have access to everything.

I have implemented different roles - that is sorted. I am referring to folder access and how you cascade that.

I have created groups for each department (but haven't implemented this yet, as I am unsure how this will work). From here, my understanding is that if you give a group permission to a folder, all the child folders are accessible to that group. So do I start at the deepest folder level and grant access and go up? How do I ensure some groups have access to certain folders while not having access to other?

I’d love to get some feedback of how people are implementing this?

GenDemo

PS: From what I’ve played around with, it looks like I need to add all my departments to my ‘Shared’ folder, then go into EVERY one of the sub folders and remove the departments that should not have access to that folder?!
I don't know if I am doing this right, but it seems like a really round about way of achieving what I want.
Why can’t you just add the group to the more granular level (with a tick box option for sub folders) and they automatically get added to the higher levels?

MiaData

Did you ever figure this out? We're dealing with the exact same thing now.

MaddyM

Hi Mia!

When thinking about structuring user access to folders, there are a few things to consider. If you have subfolders, they will inherit the Parent Folder's permissions. It would be beneficial to start with the rules of least privilege and granting users access to subfolders first and only giving parties who should have access to the parent folders. Additionally, you could create subfolders based on department or use case and provide access to the respective groups.

Below is a screenshot of what it looks like if I try to adjust users who have access to the parent folder.