Skip to main content

Overview

Everyone wants data, but not everyone wants to log into a BI tool to get it. The Omni Platform powers embedded dashboards and workbooks for internal use (wikis, Salesforce, Notion, etc) or external consumption (directly in your product with SSO).

Whether internally embedding or externally embedding data, establishing the right infrastructure is key to success.

Data Security

For internal embedding the content will only be visible to logged-in members of your Omni organization that have access to the underlying content. If they are not already logged in, they will be prompted to authenticate through the iFrame.

For both internal and external embedding the best practice for protecting data is to leverage user attributes to systematically filter the data.

Typically companies choose one of these two strategies for setting up their multi-tenant customer data:

  1. Row level security If all of the data is inside one big table, you can assign a user attribute per user and client and use it as an access filter. Specifically make sure to set up a default access filter to controlled in Omni with default_topic_access_filters:.

  2. Schema level security If each client is in a seperate, identical schemas then you can leverage dynamic schemas.

danger

Do not use hidden dashboard filters to segment data because it’s not secure.

Consider the following restrictions for embedding content:

If the content you are trying to embed meets any of the following criteria...

  • content that contains fields not modeled in a topic
  • content that is built on sql
  • content that is saved in your personal folder (the content must be in the shared hub)
  • content that contains changes to the workbook model's joins which have not been merged or promoted ...then your embedded dashboard will not render appropriately.
warning

Proceed with Caution

In the event that you do want to expose SQL-based or non-topic bound content to your Embed users, it is possible to accomplish this by enabling the "AccessBoost" role on the sharing settings for that piece of content. This has security implications - you may be exposing data to your embed users that you may not want them to see.

Features

Once the content is embedded, users can interact with the data just like it is set up in the application (filtering, interacting with controls and drilling). However, users are not able to schedule or set up alerts on embedded content yet.