Dashboard Permissions
Dashboards in GradientHarbor have a flexible permission model that supports private work, team collaboration, and public sharing.
┌─────────────────────────────────────────────────────────────┐
│ Dashboard Permission Model │
├─────────────────────────────────────────────────────────────┤
│ │
│ Access Level Who Can View │
│ ───────────── ────────────────────── │
│ 🔒 Private Only explicitly granted users │
│ 🏢 Internal All organization members │
│ 🌐 Public Anyone with the link │
│ │
│ Permission Grants Capabilities │
│ ───────────────── ────────────────────── │
│ 📖 Read View dashboard + data │
│ ✏️ Write Edit cells, layout, queries │
│ ⚙️ Admin Manage permissions, delete │
│ │
│ Resolution Order: │
│ Creator → User Grant → Team Grant → Access Level │
│ (highest permission wins) │
│ │
└─────────────────────────────────────────────────────────────┘Access Levels
Every dashboard has one of three access levels:
Private
- Only users with explicit permission can view or edit the dashboard
- The dashboard creator has admin access by default
- Not visible in other users' dashboard lists unless they have a permission grant
Internal
- All members of the organization can view the dashboard
- Useful for company-wide dashboards (e.g., KPI trackers, operational dashboards)
- Editing still requires explicit write or admin permission
Public
- Anyone with the link can view the dashboard — no login required
- Useful for sharing reports with external stakeholders, embedding in presentations, or public data transparency
- Editing requires explicit write or admin permission
Permission Grants
Beyond the access level, you can grant specific permissions to individual users or teams:
| Permission | Capabilities |
|---|---|
| Read | View the dashboard and its data |
| Write | Edit cells, modify layout, update queries |
| Admin | All write capabilities, plus change access level, manage permissions, delete the dashboard |
Granting Permissions
- Open a dashboard in the editor
- Click the Share button
- Search for a user or team
- Select the permission level (read, write, or admin)
- Click Grant
Per-User vs Per-Team
- Per-user grants — Direct permission for a specific person
- Per-team grants — All members of the team inherit the permission
TIP
Prefer team-based permissions over individual grants. When someone joins or leaves a team, their dashboard access updates automatically.
Permission Resolution
When a user accesses a dashboard, permissions are evaluated in this order:
- Dashboard creator — Always has admin access
- Explicit user grant — Direct permission on the dashboard
- Team grant — Permission inherited from team membership
- Access level — Internal (all org members can read) or public (anyone can read)
- Private with no grant — Access denied
The highest permission level from any source is used. For example, if a user has read access via their team but write access via a direct grant, they get write access.
Dashboard Folders
Dashboards can be organized into folders. Folders are for organization only — they do not affect permissions. Each dashboard's permissions are managed independently.
- Create folders from the Dashboards page
- Move dashboards between folders
- Delete folders (with option to cascade-delete contained dashboards)