Permissions

Deephaven's configurable access control enables the individual authorization of users and groups to view and/or edit data, queries and reports. There are a number of special groups, such as allusers and superusers. Changes to these groups must be made in the Deephaven swing version.

• Normal users will have full access to Deephaven on the web, meaning that they can open interactive consoles and create persistent queries.
• View-only users, as the name implies, can view queries, but are not allowed to create or edit queries. These users will not be able to see or open Code Studio tabs. When they open Deephaven on the web, they will be sent to +New. They can view shared dashboards or create dashboards of their own with the data made available to them.

View-Only Users

There may be instances when you want to share limited views of your data while keeping your queries private. You can create a shared user/view-only users in the Deephaven ACL Editor (in Swing) via the special group options.

To create shared users, they must be added to the deephaven-queryviewonly ACL group. Access the ACL Editor in the Advanced menu in Deephaven:

The Group Administration section (on the right side of panel) includes options for adding users to groups:

Select deephaven-queryviewonly from the Group drop-down list. Click Add User to Group. Members of this group are not allowed to create or edit queries, and can only view the specific persistent queries that denote them as a viewer. Dashboard Users are also included in the allusers group by default.

Users in special groups appear in a list at the bottom of the ACL Editor. To remove a user from a special group, right-click the username to access the context menu, and select Delete User to Group Mappings:

Persistent Query Access Control

It is necessary to manually configure permissions to individual persistent queries in order for view-only users to see the tables and plots used to build the dashboards shared with them. You can do so in the Permissions tab in the Query Monitor:

The box in yellow outline lists additional users with access to that query. You can add an individual user or a user group. Make your selection from the drop-down menu, then click Add. For example, the allusers group is being selected above. Then, assign Viewer or Admin privileges using the drop-down next to the name:

As the name implies, a Viewer will be able to view the name of the query and its associated tables and plots in the Deephaven Panels menu, but they will not see the query code nor be able to start/stop the query unless explicit permission is granted.

Operate As

Users with the appropriate permissions can operate as any other user using the Operate As option on the initial login page:

After entering the username of the user to operate as, in addition to your own credentials, you will be effectively logged in as the other user. You will be able to see the other user's workspace, including Code Studios and Dashboards. Note: changes made to the other user's workspace will persist when that user logs in.

The user Settings icon will become orange when operating as another user.

In addition, opening the user Settings menu will show "userName as operateAsUser".