Overview

While some users need access to all types of resources in ONE DATA, other users are only interested in viewing and executing reports. For those users the report should look like a standalone web application. 


For this type of report end-users, ONE DATA features viewer licenses. Viewer license users (or Viewers) are special users that can only be member of a so-called Viewer Group and may only access reports. The following sections will walk you through the process of  creating viewer users and setting them up.


Creating a Viewer Group

In order to make it easy to grant certain permissions to the viewer users, they can be summarized in so-called Viewer Groups. Such a group can be created under Settings > Group Settings By clicking Add Viewer Group (More information about group settings can be found in the following article).

Upon clicking, the following dialog pops up:


Within the dialog, set a name and optionally a description and keywords for the group. In case there are already some viewer users in the selected domain, you can add them to the group by checking the boxes in the list at the bottom of the dialog. When everything is set up, validate using the green button CREATE VIEWER GROUP to create the viewer group.


Creating Viewer Users

Similarly to normal users, viewer users can only be created by super-admins and domain-admins. New viewer user can be created under Settings > Group Settings By clicking Add Viewer Group.


Normal users and viewer license users are created in the same manner.


Upon clicking, the following dialog pops up:


Fill in the user's e-mail address, name and select a domain to which you want to associate the user. Once you select Viewer License as the user's type, The Group affiliation drop down will show the existent viewer groups.


Assign viewers to a project

To assign a viewer group to a project navigate to Settings > Project Settings. Search for the project you want to add the viewer group to and click the corresponding action button (Manage viewer groups and project landing pages).

Upon clicking, the following dialog pops up:

In the dialog you can select a landing page report for the project. When viewer users login into ONE DATA and have the project selected, they will be directed to the selected report.

In order to add a viewer group to the project click the add button at the bottom of the dialog. 
Select a previously created viewer group and a corresponding viewer role. The roles decide the permissions of the viewer user and are described in the next section.


Viewer Roles

Each of the predefined roles is associated with a certain combination of permissions on the resources of the project. The permissions are granted as follows:


Viewer Role
Read Data Tables
Read WorkflowsWrite WorkflowsExecute WorkflowsRead Workflow JobsWrite Workflow JobsCreate Workflow JobsRead ReportExecute Report
Viewer
Extended 
Viewer
Report Runner
Extended Report Runner


Read Datasets

The user can read datasets during execution of the report. This is necessary to load datasets during the execution of the underlying workflow.


Write Workflow

The viewer user can edit the underlying workflow. This is necessary when a workflow variable is set through e.g. a variable container.


Execute Workflow

The user is allowed to execute and read the underlying workflow.


Read Workflow Job

The user can access the hob history of the underlying workflow.

In case the user has this right, an additional button for displaying the reports jobs is shown in the reports side navigation.


Write Workflow Job

When the report is executed, a workflow job is created that is visible to all other users with read permissions on it.


Create Workflow Job

When the user executes the report the resulting job can be accessed by other users with the respective permissions.


Read Report

The user can see and open reports.


Execute Report

The user can click  in the side navigation menu.


Outlook: Future changes to viewer licenses

The viewer licenses and the predefined roles will be subject of change in the future. There will be six roles instead of the described four roles. The permissions for the new roles are:


Viewer Role
Execute Data Tables
Write WorkflowsExecute WorkflowsRead Workflow JobsWrite Workflow JobsCreate Workflow JobsRead ReportExecute Report
No execution / Get latest public job only
No execution / Get all public jobs
Execute private / Get latest private job
Execute private / Get all public jobs
Execute public / Get latest private only
Execute public / Get all public