Viewer Access

This documentation is for Dash Enterprise.
Dash Enterprise is the fastest way to write & deploy Dash apps and
Jupyter notebooks.
10% of the Fortune 500 uses Dash Enterprise to productionize AI and
data science apps. Find out if your company is using Dash Enterprise.

By configuring an app’s viewer access settings, you can decide
who can view the app. This also affects who can see it in the
App Portal.

Controlling Viewer Access for an App

Newly initialized apps default to the Restricted access level, meaning only users or groups that you add can view the app (as its owner, you can always view the app, and so can co-owners and administrators).

Other access levels are Authenticated (anyone can view the app as long as they are logged in) and Unauthenticated (anyone who can access Dash Enterprise on the network can view the app). Note that your administrator
may have disabled the Unauthenticated option.

To change the viewer access level:

  1. In the Dash Enterprise App Manager, select the app.
  2. Go to the Access tab.
  3. Select Edit Access.
  4. Choose the viewer access level for your app.

<img>
5. Select Save.

Managing Access to Restricted Apps

You can manage who has access to your Restricted apps by adding and removing individual users. If your organization uses groups, then you can also add and remove all the members of a group at once, or use a combination of individual users and groups.

Giving Viewer Access to Individual Users

To give viewer access to individual users:

  1. In the Dash Enterprise App Manager, select the app.
  2. Go to the Access tab.
  3. In the viewer access section, select Add Users.
  4. Select the users that you want to give access to.
  5. Select Add.

Depending on how Dash Enterprise authentication is configured in your organization, users may need to log in before you can add them. See User and Group Troubleshooting for more details.

The users you added are displayed in the list of users who can view the app. Changes take effect after a few seconds.

Users are not notified when they’re given viewer access to an app. Consider letting them know by sharing the app’s URL with them.

Giving Viewer Access to Groups

To give viewer access to groups:

  1. In the Dash Enterprise App Manager, select the app.
  2. Go to the Access tab.
  3. In the viewer access section, go to the Groups tab.
  4. Select Add Groups.
  5. Select the groups that you want to give access to. Check with your administrator if you need to confirm the group members.

If your administrator has chosen to use nested groups (where parent groups have child groups as members), you’ll see both parent groups and child groups available. Child groups are displayed in the format “Parent group/child group”. Note that child groups do not automatically inherit viewer access that you give to its parent group. To give viewer access to a group containing child groups, you need to select each child group.

  1. Select Add.

Depending on how Dash Enterprise groups are configured in your organization, a group may only be available once a member of the group has logged in. See User and Group Troubleshooting for more details.

The groups you added are displayed in the list of groups that can view the app; however, changes take effect the next time the users refresh or log in to Dash Enterprise, depending on how your administrator has configured the group. Administrators with access to Keycloak can log users out by going to Sessions > Log out all sessions, forcing them to log back in so that changes are applied.

Users are not notified when they’re given viewer access to an app. Consider letting them know by sharing the app’s URL with them.

Removing Viewer Access for Users and Groups

To remove viewer access for users and groups:

  1. In the Dash Enterprise App Manager, select the app.
  2. Go to the Access tab. A list of current users with access is displayed. Go to the Groups tab within viewer access to see a list of groups with access.

  3. Select any user or group you want to remove access for and select Remove.

    Remove users or groups

Changes take effect after a few seconds for individual users, and the next time the users refresh or log in to Dash Enterprise for groups (depending on how your administrator has configured the group).

Disabling the Unauthenticated Viewer Access Level

Disabling the Unauthenticated viewer access level is an administrator action and requires the admin role.

If the apps created by the Dash developers in your organization are not suitable for unauthenticated viewing, you can prevent app owners from using
the Unauthenticated viewer access level when configuring access to their apps. Disabling the Unauthenticated viewer access level affects all apps in
Dash Enterprise, and any apps that are currently Unauthenticated are changed to Authenticated, which makes login required to view them.

To disable the Unauthenticated viewer access level:

  1. In the Dash Enterprise App Manager, go to Settings.
  2. Under App Viewer Access Policy, select Edit App Viewer Access Policy.
  3. Select Disable the Unauthenticated viewer access option across all apps.

<img>

  1. Select Save.

If any apps are currently set to Unauthenticated, a warning appears with the names and owners of the Unauthenticated apps.

<img>

  1. When you are ready to change the Unauthenticated apps to Authenticated, select Continue.

The Unauthenticated apps are changed to Authenticated. App owners, co-owners, and administrators can further limit access by changing the viewer access level to Restricted.
The Unauthenticated option is not available.

<img>