Summary
Per-dashboard access control: owner, editors (can modify), viewers (can view only). UI shows the share dialog with role assignment per user / role.
Why
Today dashboards inherit the underlying repository ACL (per saiku#895/#896 work). That's coarse — a user with WRITE on /dashboards/ can edit any dashboard there. Dashboard-specific roles let an exec share a report with leadership as view-only without giving them edit access to the whole /dashboards/ tree.
Design
- Dashboard JSON gets
permissions: { owner, editors[], viewers[], publicRead: bool }
- Server checks at every read/write endpoint:
assertCanView / assertCanEdit
- Inherits from repository ACL but overlays the dashboard-specific grants
- UI: Share dialog with autocomplete user/role input
Affected code
org.saiku.web.rest.resources.dashboard.DashboardResource — permission checks- Dashboard JSON schema extended
Priority
High — required before any external sharing (#S2).
Refs
- Wiki:
pages/decisions/repository-acl.md — underlying ACL model
Summary
Per-dashboard access control: owner, editors (can modify), viewers (can view only). UI shows the share dialog with role assignment per user / role.
Why
Today dashboards inherit the underlying repository ACL (per saiku#895/#896 work). That's coarse — a user with WRITE on
/dashboards/can edit any dashboard there. Dashboard-specific roles let an exec share a report with leadership as view-only without giving them edit access to the whole/dashboards/tree.Design
permissions: { owner, editors[], viewers[], publicRead: bool }assertCanView/assertCanEditAffected code
org.saiku.web.rest.resources.dashboard.DashboardResource— permission checksPriority
High — required before any external sharing (#S2).
Refs
pages/decisions/repository-acl.md— underlying ACL model