Content Sharing
Content can be shared directly from the content itself or by navigating to the folder the content is saved to.
Sharing from the document
To share from the document (workbook or dashboard), navigate to the Share button in the top right of the page (to the left of the user profile icon)
Share content from a folder
By navigating to the Home menu and locate your content within the folder it lives in. Then select the three-dot menu on the right side and select "Share..." in the drop-down menu.
When sharing content, users can determine how other users can interact with the content in two main ways: the access role of the user/group and the ability to interact with the content.
Access roles
The permission access role assigned to the folder acts as the base level permissions for all of the contents inside of the folder. This base level role is the minimum required permission role all documents will have inside said folder. A document may be assigned a more permissive role than the base role assigned to the folder the document is in; the reverse scenario is not allowed, i.e. a more permissive folder role and a less permissive document within that folder.
To assign a role, select Access in the Share modal then:
- Type in the user(s) and/or group(s) that you want to have access
- Choose the role: viewer, editor, or manager
- Save those options in the bottom right hand corner
Default roles are set at the organization level and applied as default values when documents and folders are shared with the organization.
As an owner, users will be able to select a role that has more granular access than the default if they would like. For instance, if the default at the organization is “No Access” a user will have three roles they can choose to assign to other users/groups:
- Viewer: Users with this level can only view the content but cannot make changes.
- Editor: Users with editing permissions can view and make modifications to the content.
- Manager: This level provides full control, allowing users to view, edit, and manage permissions for others.
Managing content access by folders
Users can also control content access by assigning rules in various folders and then adding content to those folders. For example, a user shares content to the organization’s Shared folder to make content accessible to the entire organization or save the content to your Personal folder.
When moving a document from your personal folder to a shared folder or from one shared folder to another shared folder, note that the document's owner will change to the new folder's content manager.
Document abilities
Beyond controlling the access roles, users can also choose what abilities users have to interact with the content by changing the Document Settings at the bottom left hand corner of the Share modal or under File > Document Settings on a dashboard or workbook.
There are four abilities user can control on a document:
- Schedule: Allow the creation of new deliveries and alerts on this document. Disabling will not remove existing deliveries or alerts.
- Download: Allow users to download this document or data from it
- Drill: Allow users to drill into various data points in this content.
- Viewers can see workbook: Allow users with the “Viewer” role to see a read-only version of the workbook. They will not be able to edit the workbook or see non-topic tabs or SQL tabs.
Admin can control the Ability settings for the whole instance by deciding the default settings and/or if the ability is disabled. If you do not see one of the options available, it may be disabled by your Admin.
Identifier
Under the document settings, users can also change the unique slug for this document. Changing this can give you a more readable name in the URL, but it must be unique. Updating this is reflected in real time. This could also be used for updates to an embedded dashboard without requiring an engineer to point from one identifier to another, by instead pointing to a fixed, immutable URL.
Admin Content Sharing Permissions
In the General > Settings, Admin can set a default access roles:
- No Access: Content will not appear in the content system or search results
- Viewer: Users with this level can only view the content but cannot make changes.
- Editor: Users with editing permissions can view and make modifications to the content.
- Manager: This level provides full control, allowing users to view, edit, and manage permissions for others.
Users who can manage content permissions (“Manager” or “Owner” roles in the document or folder) can set the organization access role higher or lower than the default on the shared content, if they so choose. Read more about content sharing from the user’s perspective here.
Admin document abilities
Admin can set which abilities can be selected by users by toggling on or off the ability and select the default behavior for shared content.
Content Organization
All Omni instances have a root Shared folder. Admin can allow users to create or add folders in that Shared folder by toggling this setting on. Otherwise they can only add content to folders they have been specifically granted access to.
AccessBoost
AccessBoost allows content managers to enable permission boosting. This has security implications. AccessBoost ignores an Omni user's database connection role. When enabled, the user can run a dashboard and view all of the data that dashboard shows even if they typically would not be able to see content built by SQL. AccessBoost only alters the access to the data on a dashboard. AccessBoost still respects a user's connection role when the user runs a query at the workbook level.
AccessBoost may be useful in scenarios where users with connection roles of Querier and Admins that want to share dashboard content with users that have lower level connection roles like Restricted Querier, Viewer and No Access.
- Admin Restrictions
- Embed Considerations
Admin > Content Permissions settings. - Enabling AccessBoost for the Organization role also applies on content that is embedded externally which can pose security implications to consider. Typically, for embedded content Omni applies the Viewer connection role - which would only allow users to see dashboard tiles that are tied to modeled topics; limiting data that is exposed to external customers.
- The good: the ability for embed users to view non-topic bound and SQL content in an embedded context.
- The bad: if AccessBoost is enabled on an embedded document, a user could inadvertently expose data they do not want to expose to embed users.
AccessBoost can be globally deactivated in the admin section of the app:
AccessBoost Scenarios by Level
| Level | Description | Enabled | Disabled |
|---|---|---|---|
| Organization | An admin user can enable or disable AccessBoost at the organization level in the Admin settings under Administration > Content Permissions | Allows users who manage content to enable AccessBoost at the folder and document levels | Prevents any users who manage content from enabling AccessBoost on the folder or document levels |
| Folder | Once an admin user has enabled AccessBoost in the Admin settings for Content Permissions the content manager users can choose to enable AccessBoost at the folder level. | Allows users with access to a folder to open any dashboards in that folder, view the content of those dashboards even if the user's connection role would prevent them from viewing that content. i.e. a dashboard built with SQL requires the user opening that dashboard to have a connection role of Querier or higher. | A user must have a viewer connection role or higher for dashboards built off of modeled topics. Any content on a dashboard built with SQL requires users to have a connection role of Querier or higher. |
| Document | A user managing their content can choose to enable AccessBoost at the document level | Allows users with access to the document to open and view the content of the document even if the user's connection role would prevent them from viewing that content. i.e. a dashboard built with SQL requires the user opening that dashboard to have a connection role of Querier or higher. | Without AccessBoost, a user must have a viewer connection role or higher for dashboards built off of modeled topics. Any content on a dashboard built with SQL requires users to have a connection role of Querier or higher. |
Sharing Content Externally
Omni has robust sharing functionality through Delivery and Embedding which allows users and organizations to securely share the data in a variety of forms. Read more in the links above.