One of the key advantages of using groups is that managing access to resources becomes a breeze! By adding or removing someone from a group, their access to all collections, dashboards and datasets shared with that group is automatically granted or revoked.

Creating Group(s) for your internal users

In order to streamline the sharing process within your Luzmo organization, we would recommend creating the (kinds of) groups shown in the image below, and adding the desired users to it.
This is of course a simplified setup, you might e.g. want to extend the setup with multiple "internal designer groups", to separate your internal 'Marketing' dashboard designers from those working on 'Sales' dashboards!

Internal developers group

• Purpose: Provides "owner" access to the desired datasets and dashboards, especially those that need to be embedded in your application.
• Users to add: "Developer" users

Internal designers group

• Purpose: Grants at least "can use" access to datasets that are ready for dashboard consumption, and "owner" access to dashboards created to allow for maintainance by different designers.
• Users to add: "Designer" users

Internal viewers group

• Purpose: Provides at least "can view" access to the desired dashboards and their underlying dataset(s).
• Users to add: "Viewer" users

Creating Collection(s) to group your Securables

Next to creating groups, creating one or more collections will greatly facilitate the management of your different Securables (i.e. dashboards and datasets). Using collections, you can now easily get an overview of the different dashboards and datasets associated with that Collection (e.g. your "Sales" collection of dashboard(s) and dataset(s), a customer-specific collection with their dashboard(s) and dataset(s), etc.)!

It's important to make sure:

• you give your group(s) access to your collection(s), ensuring the users of those group(s) can easily achieve their tasks. We'd recommend giving the least amount of access as a security best practice!
  • A developer group requires at least "can read" access to the collection(s), to allow providing your application's users access to these collections via an Embed token.
    Note that to provide specific access to the securables associated with the Collections itself, the group should also have equal or higher access to those securables itself.
  • A designer group would only require "can view" (seeing the collection), "can use" (updating access rights to resources shared with the collection), or "can edit" access (adding/removing resources shared with the collection).
  • We would recommend to provide "can view" access to a viewer group, allowing those users to be able to see the collection!
• you provide your group(s) access to the underlying securable(s) within the Collection, as this does not happen by default when sharing the Collection itself. We provided some recommendations in the "Purposes" of the different groups listed above, and go into more dept about the recommended access rights for the different resources and users in the next articles in this course!

Great, now that we've set up the basis for a scalable Luzmo organization and the access management of the different resources, let's dive straight into the next article! In here, we will share some suggestions on setting up Connection(s) to your data source(s).