User Guide Getting Started Help Center Documentation Community Training
Looker
  
English
Français
Deutsch
日本語
Setting Permissions for Looker Extensions

Extensions are web applications built with Looker components. These extensions will inherit the permissions structure of your Looker instance, handling permissions at the model set level. If a user does not have permissions to see certain models in the standard Looker application, they will not be able to see those models in Looker extensions. This page explains how Looker admins can grant users the appropriate permissions to access Looker extensions.

The Looker Marketplace deploys an extension by importing a new project into your Looker application. This project contains all the code required to run the extension and has at least one model file. Looker admins can control how a user views or interacts with content based on that model by assigning them a role that has permissions to access the extension’s model.

For example, if your Looker instance has data based on models called finance, marketing, and sales, but you only want certain users to see the finance data, you would grant users access to only the finance model. Permissions for extensions work similarly.

Looker admins can control permissions to access an extension’s model (and therefore access the extension itself) as well as the model or models upon which any content within the extension is based.

Looker admins can see the available model sets for a Looker instance by navigating to the Roles page in the Admin panel. To access and use the extension, users must be assigned a role that has either manage models permissions or has explore or develop permissions for all models or the model set that contains the extensions’s model.

Granting Users Permissions to Extensions

Looker extensions are available for installation through the Looker Marketplace. Looker admins must enable the Marketplace Labs feature and users must have develop, manage_models, and deploy permissions for the extension’s model to be able to install an extension from the Looker Marketplace.

Each extension will have a project with at least one LookML model. Once the extension is installed through the Looker Marketplace, the Looker admin will need to configure user permissions. Some users are already configured to have access to all LookML models by default; other users will need a Looker admin to grant permissions to access the extension’s model or models.

For an example of granting permissions to an extension, see the Example: Data Dictionary Extension section later on this page.

Users with Default Permissions

By default, once the extension is installed, any user with a role that has explore or develop permissions and Model Set access set to All will automatically have the ability to view and use the extension and its content with no additional permission configuration required.

Adding User Permissions

For any users whose roles do not include explore or develop permissions or that have Model Set access not set to All, a Looker admin will need to grant those users a permissions set that includes explore or develop and access to a model set that includes the extension’s model or models.

To grant users access to the extension, Looker admins must:

  1. Edit an existing model set to add the extension’s model.
  2. Confirm that users are assigned to a role with explore or develop permissions for this model set.

Example: Data Dictionary Extension

The Data Dictionary extension project uses the data_dictionary model.

Users whose roles do not include explore or develop permissions or that have Model Set access not set to All will need a Looker admin to grant them explore or develop permissions for a model set that includes the data_dictionary model.

For example, say that you want to give your finance team access to the Data Dictionary extension, but the Finance Team model set does not currently grant access to the data_dictionary model:

Next to the Finance Team model set, click the Edit button and check the data_dictionary model checkbox:

Click Update Settings to save your selection.

After adding the data_dictionary model to the Finance Team model set, confirm that the finance team users are assigned to a role that has explore or develop permissions for the Finance Team model set. In this example, any users assigned to the Finance Department role will have access to the Data Dictionary extension.

Once using the Data Dictionary extension, users will have access to view only the models that they have permissions for. Even if a user outside the finance team has access to the Finance Team model set, they will be able to interact only with content in the Data Dictionary that is based on the other models in their model set.

Top