Providing you are a LUSID user with sufficient privileges, you can create a policy to grant or restrict access to one or more workspaces in LUSID.
Note: If you are the LUSID domain owner, you are automatically assigned the built-in
lusid-administrator
role, which has all the permissions necessary to perform the operations in this article.
Once created, you should assign the policy to a role.
Administrative access to workspaces
To create a policy that grants access to create, edit, and delete a workspace, and create and delete items within that workspace:
Navigate to Identity and Access > Policies and click the Create policy button.
Select JSON and supply a policy in the following format, setting
<workspace-name>
to your workspace:Save your policy.
Assign the policy to a role.
Assign the role to the user you wish to grant administrative workspace access to.
Read-only access to workspaces
To create a policy that grants read-only access to a workspace:
Navigate to Identity and Access > Policies and click the Create policy button.
Select JSON and supply a policy in the following format, setting
<workspace-name>
to your workspace:Save your policy.
Assign the policy to a role.
Assign the role to the user you wish to grant read-only workspace access to.
Note
Workspace permissions govern access to everything within a workspace, including the dashboards (
Read
activity) and data they display (ReadItem
activity).You may only grant
ReadItem
access for an entire workspace; you cannot restrict access to particular items within a workspace.If a dashboard set references a dashboard in another workspace, users must have read access to both workspaces.