RBAC - Example of using Access Roles and Department Roles
With the Role Based Access Control, Admins have more control over what their users can do and on which dashboards. With memberships to multiple roles, Admins can specify the dashboards each user can see and what kind of privileges they have on those dashboards.
Below is an example of how a site can create roles based on users (seniority, technicality, etc.) and also create roles based on department (marketing, data, sales, etc.). With the combination of the two types of roles, admins are able to give the Senior Marketing Analyst edit access while giving the Marketing Intern only view access to the same set of dashboards.
Create Roles for Access
In this example I've created the following roles:
1. SQL: Access to Create SQL & Discovery charts and also Share Dashboards
2. View Only: Access to only Read Dashboards
3. Data Discovery: Access to Edit with Data Discovery only
4. View and Share: Access to Read Dashboards and also Share Dashboards.
*These roles have no permissions to any dashboards. These roles only give the users the privileges to do these things, but they don't give them any dashboards they can do it on.
The next set of roles will give them the permission to the actual dashboards.
Create Roles for Departments
These roles have a set of Dashboards that the users are able to access (if they have the privilege of seeing them given from another role). These roles will not have any sort of action privileges, only dashboards.
For example, the Marketing Role only has access to all Marketing Dashboards. In the image below, the Marketing role gives these users all access to the Marketing 1 Dashboard. But the Data and Sales Dashboards will be off limits to the Marketing Role.
Adding Users to the correct Roles
Going back to the example of the Senior Marketing Analyst and the Marketing Intern, let's add them to the appropriate roles.
They will both be a part of the Marketing Role so they have access to all of the same dashboards.
Kristen, the Sr. Marketing Analyst will be a part of the SQL Role, with anyone else that should also have SQL access to their own dashboards. Eric, the Sales Analyst is also a part of the SQL Role but only has SQL access to the Sales Dashboards since he is also a part of the Sales Role.
Kate, the Marketing Intern will be a part of the View Only role with anyone else that should only have View only access.
Both Kate and Kristen can see all of the Marketing Dashboards but only Kristen has SQL access to those dashboards.
Eric cannot see any of the Marketing Dashboards but has SQL access to any dashboard that is in the Sales Role since he is also a part of the Sales Role and the SQL Role.