This documentation is for Dash Enterprise.
Dash Enterprise is the fastest way to write & deploy Dash apps and
Jupyter notebooks.
10% of the Fortune 500 uses Dash Enterprise to productionize AI and
data science apps. Find out if your company is using Dash Enterprise.
What users can do in Dash Enterprise is determined by:
viewer
licensed_user
admin
The admin
role that administrators can assign in Keycloak grants access to the Admin section of Dash Enterprise.
This Admin section contains some settings that administrators can configure directly in Dash Enterprise, as well as links to other services intended for administrators:
https://auth-<your-dash-enterprise-server>
)https://auth-<your-dash-enterprise-server>/auth/realms/dash/wizard
)https://admin-<your-dash-enterprise-server>
)These services have separate authentication and require different credentials than what you use to log in to Dash Enterprise as an administrator.
The credentials were obtained by the administrator who performed your Dash Enterprise installation and stored according to your organization’s best practices. Keycloak and the Keycloak IdP setup wizard both use
one set of credentials, and the KOTS Admin Console uses a different set.
We sometimes refer to actions performed in Keycloak and the KOTS Admin Console as administrator-only, but they do not rely on the Dash Enterprise admin
role like other actions detailed in Permissions below.
You can assign roles to users in Keycloak. If you’re unfamiliar with Keycloak, make sure you’ve read Using Keycloak.
For help determining the roles your users need or troubleshooting user-reported permission issues, see Permissions below.
Roles for Dash Enterprise are considered client roles in Keycloak. Roles can be assigned directly or inherited.
By default, the viewer
role is added to all users as an inherited role, so you only need to assign licensed_user
and admin
roles. Assign licensed_user
to members of your organization
who need license seats, and admin
to those who administer Dash Enterprise.
Roles that you assign directly to a user become assigned roles, and roles that a user obtains through group membership become inherited roles. You can’t directly remove inherited roles from users in
their role mappings—instead, remove the user from the group or change the group’s role mappings.
User roles appear in the Dash Enterprise Users menu.
<img>
This list displays the same role information you see in Keycloak when selecting a user’s role mappings, but can be more convenient when you want to see multiple users’ roles at a glance.
If a user hasn’t logged in to Dash Enterprise yet, their role information may not be available in Dash Enterprise. Go to Keycloak to see the user’s roles.
Users can see their own roles by selecting their username.
<img>
They are also available in each user’s Personal Settings, in the User Profile section.
You can directly assign a role to a single user by editing the user’s role mappings. This is the recommended way to assign the licensed_user
role.
To assign a role to a single user:
https://auth-<your-dash-enterprise-server>
.<img>
Tip: If you have integrated a user federation provider, Keycloak does not display the user list when you go to Users. Find the user by searching.
<img>
dash
client have any effect in Dash Enterprise.<img>
Role changes take effect the next time the user logs in to Dash Enterprise.
Important: Be careful when making role changes to users with the
licensed_user
role. If you remove thelicensed_user
role from a user who owns or co-owns apps in Dash Enterprise,
they will lose ownership of those apps. Learn how to transfer ownerless apps to new owners.
You can assign a role to all the members of a group at once by mapping the group to the role.
If you don’t have any groups yet, create groups natively in Keycloak or
map groups from your identity provider.
Important: Mapping the licensed_user
role to a group is not recommended because it causes updates to license seat information in Dash Enterprise to be delayed.
To map a group to a role:
https://auth-<your-dash-enterprise-server>
.<img>
<img>
dash
client have any effect in Dash Enterprise.<img>
All group members now have the role as an inherited role.
Role changes take effect the next time the group members log in to Dash Enterprise.
Important: Be careful when making membership or role changes to groups mapped to the
licensed_user
role. If you remove thelicensed_user
role from a member of the group who owns or co-owns apps in Dash Enterprise
(by removing the user from the group or removing the role mapping from the group), they will lose ownership of those apps.