Extensions are web applications built with Looker components that are developed through the Looker extension framework. These extensions will inherit the permissions structure of your Looker instance, handling permissions at the model set level. If a user does not have permissions to see certain models in the standard Looker application, they will not be able to see those models in Looker extensions. This page explains how Looker admins can grant users the appropriate permissions to access Looker extensions.
The Looker Marketplace deploys an extension by importing a new project into your Looker application. This project contains all the code required to run the extension and has at least one model file. Looker admins can control how a user views or interacts with content based on that model by assigning them a role that has permissions to access the extension’s model.
For example, if your Looker instance has data based on models called
sales, but you only want certain users to see the finance data, you would grant users access to only the
finance model. Permissions for extensions work similarly.
Looker admins can control permissions to access an extension’s model (and therefore access the extension itself) as well as the model or models upon which any content within the extension is based.
Looker admins can see the available model sets for a Looker instance by navigating to the Roles page in the Admin panel. To access and use the extension, users must be assigned a role that has either
manage models permissions or has
develop permissions for all models or the model set that contains the extensions’s model.
Granting Users Permissions to Extensions
Looker extensions are developed through the Looker extension framework and are available for installation through the Looker Marketplace. Extensions require that the Extension Framework, Marketplace, and Local Project Import Labs features be enabled. Looker admins must manually enable the Local Project Import Labs feature. Users must have
deploy permissions for the extension’s model to be able to install an extension from the Looker Marketplace. The Looker Data Dictionary extension is available without having to enable the Extension Framework Labs feature.
Each extension will have a project with at least one LookML model. Once the extension is installed through the Looker Marketplace, the Looker admin will need to configure user permissions. Some users are already configured to have access to all LookML models by default; other users will need a Looker admin to grant permissions to access the extension’s model or models.
For an example of granting permissions to an extension, see the Example: Data Dictionary Extension section later on this page.
Users with Default Permissions
By default, once the extension is installed, any user with a role that has
develop permissions and Model Set access set to All will automatically have the ability to view and use the extension and its content with no additional permission configuration required.
Adding User Permissions
For any users whose roles do not include
develop permissions or that have Model Set access not set to All, a Looker admin will need to grant those users a permissions set that includes
develop and access to a model set that includes the extension’s model or models.
To grant users access to the extension, Looker admins must:
- Edit an existing model set to add the extension’s model.
- Confirm that users are assigned to a role with
developpermissions for this model set.
Example: Data Dictionary Extension
The Data Dictionary extension project uses the
Users whose roles do not include
develop permissions or that have Model Set access not set to All will need a Looker admin to grant them
develop permissions for a model set that includes the
For example, say that you want to give your finance team access to the Data Dictionary extension, but the
Finance Team model set does not currently grant access to the
Next to the
Finance Team model set, click the Edit button and check the
data_dictionary model checkbox:
Click Update Settings to save your selection.
After adding the
data_dictionary model to the
Finance Team model set, confirm that the finance team users are assigned to a role that has
develop permissions for the
Finance Team model set. In this example, any users assigned to the Finance Department role will have access to the Data Dictionary extension.
Once using the Data Dictionary extension, users will have access to view only the models that they have permissions for. Even if a user outside the finance team has access to the
Finance Team model set, they will be able to interact only with content in the Data Dictionary that is based on the other models in their model set.