Various documentation pages discuss the business user features for exploring data and for finding, viewing, organizing, sharing, sending, scheduling, and downloading content. Many of those features must be enabled by a Looker admin or have Looker admin–specific or developer–specific functionality. This page organizes those business user-facing features onto one page for easy admin reference.
The Looker Browse menu includes two pages specific to Looker admins:
- Unused Content: Shows all Looks and dashboards that haven’t been viewed within a time range you select.
- Trash: Shows Looks and dashboards that users have deleted and that you can recover.
For details about these pages, see the Deleted and Unused Content for Admins documentation page.
This section includes admin-specific or developer-specific functionality and tips for creating dashboards, Looks, and Explores.
Using Custom Fields
Custom fields are a Labs feature so may change or be removed from the product.
Also, the custom fields feature is not a data security feature. Other users can still see the custom fields in shared queries, Looks, and dashboard tiles. They also can use Explore from Here to create new queries with those fields.
Enable custom fields if you want to let some of your business users:
- Visualize unmodeled data using Instant Explore from SQL Runner
- Create semi-permanent measures and dimensions for a one-time or an infrequent analysis
- Create semi-permanent measures and dimensions without the need of an analyst
Enabling Custom Fields
To enable custom fields, a Looker admin must:
- Enable the Custom Fields Labs feature.
- Grant the
create_table_calculationspermission to users or groups to allow access to the feature. The
create_table_calculationspermission is already part of several default permission sets included with Looker.
Custom Fields and the LookML Model
Although custom fields rely on the LookML model, they are not part of the modeling layer and do not appear in any view files. You cannot save or convert a custom field to a LookML field.
Consider using custom fields instead of LookML for fields that are only needed temporarily or only by your most sophisticated users.
You Can Create a Custom Field in SQL Runner
You can use custom fields to visualized unmodeled fields in SQL Runner, as described on the Using SQL Runner to Create Queries and Explores documentation page.
Changing the Field Picker Choices Using LookML
To learn the various ways that a Looker developer can use LookML to create and modify the fields available in the Field Picker, see the Changing the Explore Menu and Field Picker page.
This section includes admin-specific or developer-specific functionality and tips for delivering, downloading, and sharing content.
Sending, Scheduling, and Downloading Content
This section includes admin-specific or developer-specific functionality and tips for downloading, sending, and scheduling data.
Formatting JSON Deliveries and Downloads
Looker uses a dimension or measure’s LookML
view.field_name as its rendered value when downloading Looks and dashboards in JSON format and when sending and scheduling data deliveries in JSON — Simple, JSON — Simple, Inline, and JSON — Detailed, Inline formats.
In the JSON — Label format, Looker uses a dimension or measure’s label rather than its field name as its rendered value when sending or scheduling data deliveries.
See this Looker notice for more information.
Managing Sending and Scheduling
In the Admin section of Looker, admins can use the Scheduler Plans and Scheduler History pages to look up and resolve schedule issues. Admins should be careful about deleting or disabling a user who may be the owner of important scheduled deliveries, because the schedules are also deleted or disabled.
Sending Content as Recipient
You can check Run schedule as recipient to send data to multiple Looker users, each receiving the data they would see if they ran the query. This means that each user’s access filters and user attributes will be applied to the data included in each email.
For example, user A has an access filter set as
users.state = 'California', and the admin schedules the following report to user A:
When Run schedule as recipient is selected, the scheduled query will apply the access filter
users.state = 'California' and send the following filtered results to user A:
The Run schedule as recipient option is unavailable if an admin sender adds an email without a Looker account or if a non-admin sender schedules data to anyone other than themselves. A Looker icon next to the recipient in the Schedule dialog box indicates that the recipient is a Looker account:
Sending and Scheduling Data to Destinations That Support Streamed Results via Action Hub
Looker hosts and provides a stateless server, the Looker Action Hub, that implements Looker’s Action API and exposes popular actions.
With the Looker Action Hub, you can send and schedule data from within Looker to other SaaS tools automatically. Sending or scheduling data to destinations that support streaming or that use OAuth relies on synchronous queries running between Looker’s Action Hub and executable server, or JAR, file. For Looker-hosted instances, these sources are configured to communicate.
To use Looker integrations, the Looker Action Hub must be able to communicate with the Looker instance and fulfill these requirements. Admins of customer-hosted instances may need to consider additional factors when choosing to enable Looker integrations from the Looker Action Hub, especially integrations that support streamed results or that use OAuth.
Downloading Content from Dashboard Tiles without Download Permission
Typically, a user requires a role that includes the
see_user_dashboards and either the
download_without_limits permissions to view and download data from tiles on a dashboard. There is a condition, however, where a user can see and download data from a model to which they do not have those permissions. It occurs when the following is true:
- A dashboard has tiles that are based on queries from more than one model.
- A user is assigned one role that includes the
see_lookml_dashboardsand either the
download_without_limitpermissions to one of the models on which the dashboard is based.
- The user has a second role that has only the
access_datapermission to another model on which the dashboard is based.
In this case, that user can view and download data from the entire dashboard, including tiles based on models to which the user does not have permissions to view or download data.
Downloading Content in Rendered Format
Most types of downloads take into account the models associated with the user’s download permissions when determining whether or not a user can download a piece of content. However, users can view and download data from an entire dashboard, including tiles based on models to which the user does not have permissions to view or download data, in some circumstances.
Likewise, any downloads in rendered formats only require a download permission for any model associated with the content.
Considerations for Data Formats or Destinations
Some data formats have quirks to consider when delivering or downloading content.
Rendering Emailed Images
The Easy to Read Email Images feature lets the email client determine the optimal image size for images sent or scheduled in the body of emails. If images appear distorted when delivered by email, your users’ email client may be incompatible with this feature.
Sending Large Files in Excel Format
For downloads or deliveries of large Excel files (files over 5 GB), the download or delivery screen may appear to freeze, or you may be unable to open the delivered file. Here are some conditions that can cause this behavior, and how you might fix it:
- Large Excel file data deliveries can time out while streaming. In this case, try sending or downloading your data in the CSV format, which you can then import into Excel.
- Large Excel files sometimes are delivered successfully, but are too large to open locally. In this case, break your data delivery into smaller CSV files so that they will load successfully by the destination client.
- You may need an increase in temporary storage space on your Looker instance. Please contact your account manager or open a support request in Looker’s Help Center by clicking Contact Us.
Preventing Injection of Malicious Code into CSV Files
CSV files can contain macros that can run on Microsoft Excel or Google Sheets. Macros can be used to inject malicious code into CSV files, making CSV files a possible security risk.
To remove this risk, Looker admins can request a license update that causes Looker to pad any value in a cell that could be executable code. When this is enabled, Looker will add a
' character to any cell value that begins with a special character (
@) when generating a CSV file. This disables all macros in Looker-generated CSV files.
If you want to update your license for this feature, please contact your Account Manager or open a support request in Looker’s Help Center by clicking Contact Us.
Rendering Image-Based Data Formats for Sending, Scheduling, or Downloading
Looker uses Chromium to render these formats for your deliveries and downloads:
- For dashboards: PDF, Visualization (for sending and scheduling only)
- For Looks: Visualization, HTML
- For Explores (sending and downloading only): PNG (Image of Visualization), HTML
If your instance is Looker-hosted, Chromium is already installed.
If your instance is customer-hosted, you need to install the appropriate version of the Chromium renderer.
Downloading content in a rendered format may necessitate additional permissions considerations.
Storing SFTP Fingerprints
Once you’ve connected to an SFTP server from Looker at least once to deliver or download data, Looker stores a fingerprint of that SFTP server.
All SFTP fingerprints are kept in the file
~/.ssh/known-hosts on the Looker server.
If the fingerprint changes, this means that the server you are connecting to has changed the public key. This could indicate that the server was recreated or is behind a load balancer. It could also indicate that you are being targeted with a man-in-the-middle attack, where the attacker is somehow intercepting or rerouting your SSH connection to connect to a different host that could be stealing your credentials.
Public Sharing, Importing, and Embedding
To enable public access to Look URLs, including the ability to embed a Look, you must enable Public URLs in the General Settings page:
Please consider the security implications of this feature before enabling it. Although the URLs that Looker generates can’t be guessed or searched, anyone with the URL will be able to see the data. This means that anyone who receives the URL could share it with another person who was not intended to have access to your data. You should determine the privacy requirements of the data in question, evaluate your level of trust in anyone who receives a public URL, and clearly establish your expectations about whether — and, if so, how and with whom — it is to be shared.
Retrieving and Charting Data
This section includes admin-specific or developer-specific functionality and tips for retrieving and charting data.
Considerations for Customer-Hosted Deployments
This section gives a quick list of features that have additional considerations for customer-hosted Looker deployments, with links to the relevant sections on this page.