Manage Dashboards

Security Requirements and Controls

When using an existing dashboard within your LogScale instance, you can choose to navigate around the dashboard view, change, share and alter the dashboard, and configure the dashboard access.

Access Existing Dashboards

Security Requirements and Controls

If you need to access previously created dashboards to consult them or edit them, first check your permissions: you might not have the permissions to some of the repositories or views containing those dashboards.

To access existing dashboards across all repositories and views:

  1. Click the All Dashboards tab from the top menu bar to get the full list of existing dashboards: for example, one entry in the list could be humio-metrics / Errors where humio-metrics is the name of the repository and Errors is the dashboard name within that repository.

    Access Existing Dashboards

    Figure 128. Access Existing Dashboards


  2. Select the desired dashboard by clicking the title after the slash: the dashboard and all its widgets will load (clicking the first item instead redirects you to the Search tab in that repository).

Tip

Click the star icon next to a dashboard to save it as favorite: it will go on top of the list for quicker access and will appear under Starred Dashboards in the main User Interface.

Main Operations

Click the three-dot menu on the upper right corner of a dashboard to perform the following operations:

  • Wall Monitors & Shared URLs — allows to share read-only dashboards. See Sharing Dashboards section below for more details.

  • Duplicate — creates an identical dashboard. You are prompted to provide:

    • Dashboard Name is the name you assign to the copied dashboard.

    • Target Repository or View is the repository or view where you want to store your copied dashboard.

  • Export as PDF report — allows you to export the dashboard in PDF with several print options such as add the dashboard title in the header or the time window it was executed, set it as portrait or landscape, etc.

    For more information, see Export Dashboards as PDF.

  • Asset sharing — allows you to give another user or group access to read, edit, or delete dashboards.

    For more information, see Permissions for dashboards.

  • Rename — allows you to change the name of the existing dashboard.

  • Export as template — allows you to create a template from the current dashboard, which you may reuse for new empty dashboards, as explained in Create Dashboards and Widgets.

  • Delete — deletes the dashboard and all associated widgets. Removal of a dashboard cannot be undone. To create a backup of the dashboard, consider using the Export as template option to keep a copy of the dashboard and its configuration.

Dashboard Options

Figure 129. Dashboard Options


The same dropdown menu is also available by clicking the cog icon in the list of all dashboards (see Figure 128, “Access Existing Dashboards”) or through the three-dot menu next to each dashboard in a given repository, see Figure 123, “Dashboards Tab”.

Sharing Dashboards

Security Requirements and Controls

Dashboards can be shared using a unique URL. Dashboards shared in this way are read only and can be used to share the dashboard with others, or when using the dashboard as part of a wall monitor. A shared dashboard does not need to authenticate and does not rely on sessions as users do, so sharing should be done with care as everyone with the link will be able to see the dashboard (if an IP filter is set, users need to be within the IP range).

To share dashboards in this way:

  1. Access the dropdown menu in the Query Editor.

  2. A dialog box will open — enter a name in the Link Name field.

  3. Queries run by the dashboard can either be executed on behalf of the organization or on behalf of the user who created the shared dashboard. For more information, see Organization Owned Queries.

  4. If the Dashboard security policies has not enforced an organization-wide IP filter, an optional IP filter can be selected. If the security policy enforces an IP filter, you will see the IP filter next to the Active dashboard URL. See IP Filters.

Disabling Access to Shared Dashboards

Security Requirements and Controls

  • Update dashboards permission

Because shared dashboards are accessible to anyone who has a link to them, there is a risk of unwanted information disclosure; therefore, in some cases you might want to prevent certain users from accessing these dashboards. You can do this in two ways:

  • Set the variable SHARED_DASHBOARDS_ENABLED configured to false to keep dashboards sharing disabled across the entire cluster. This configuration disables the + Create new link button.

  • Disable dashboard sharing via the UI — see Dashboard security policies for details.

When trying to access a shared dashboard that has been disabled afterward, two possible cases apply:

  • Users opened a shared dashboard before it became unavailable, meaning the dashboard is running — they are presented with an error and the dashboard changes status to reflect this. Furthermore, if access to that dashboard is re-enabled, it will come back for these users, without any manual intervention needed.

  • Users attempt to open a link to a shared dashboard after it became unavailable — they do not get any error message and it will look like it isn't a real dashboard. If the dashboard is re-enabled, these users will need to manually refresh the page to see the dashboard.

Restricting Access with IP Filters

Security Requirements and Controls

Once you have created read-only dashboards with the option Wall Monitors & Shared URLs, you can restrict their access to certain IP addresses only.

See Dashboard security policies for instructions on how to enable read-only dashboards for sharing. For information on limiting dashboard access to certain IPs only, see IP Filters.

Permissions for dashboards

Security Requirements and Controls

Sometimes you might want to collaborate with another user on a dashboard, but that user does not have permission to dashboards in the view. If you have permissions to do so, you can grant permissions to that user to edit and delete a particular dashboard in a view. For more information about asset permissions, see Asset permissions.

If you do not have Change user access permission on the repository, you will see a list of users only (no groups) that already have at least Read permissions on the repository. You can select from these users and give them more permissions (up to the same permissions you have).

To grant access to edit or delete a dashboard to another user or group:

Asset creator/Regular user

The creator of an asset and regular users can share the same permissions that they have to the asset with users who already have read access to the view. You cannot share access with users who do not have read access to the view. You cannot share access with groups at all.

  1. Click ⋮ next to the dashboard you want to share and select Asset sharing.

  2. In the Users and groups with access window you see users who currently have access to the dashboard and what access they have.

  3. Click Share dashboard.

  4. Click to select the user to get additional permissions. Note that you can only see users who already have read permission to the view. Click Next.

  5. Select the appropriate permissions to assign. Click Grant permissions.

You have Change user access permission

With Change user access permission, you can grant permission to users, including read permission if the user does not have that, and permissions that you do not have yourself. You can also see groups and group members and what permissions they have in the Groups tab, but you cannot change the permissions for the group in the Groups tab. To be able to change the permissions directly from the group tab, you must have Change organization permissions permission.

To grant additional permissions to a user that already has read access to the view:

  1. Click ⋮ next to the dashboard you want to share and select Asset sharing.

  2. In the Users and groups with access window you see users who currently have access to the dashboard and what access they have.

  3. Click the button next to the user or group in the list.

  4. Click to assign the permissions. Click Save changes.

  5. Click Close.

If you have the Change user access permission and you want to share permissions to the dashboard with a user or group not in the list, or you want to give a group that is in the list additional permissions:

  1. Click Share dashboard.

  2. Click to select the group or user who should get additional permissions. Click Next.

  3. Select the appropriate permissions to assign. Be aware of the message that the user or group gets Read access to all assets in the repository automatically when assigning asset permissions for one asset in the repository. Click Next.

  4. Confirm that you understand that you are granting Read access to all assets in the repository by adding the asset permission for the user or group. Click Grant data read access.

  5. Click Grant permissions.