UX: Dashboard permission model

Problem

Currently, GitLab dashboards are tightly coupled to the group/project hierarchy, which creates several limitations:

  • Rigid Access Control: Dashboards inherit permissions from their parent group/project, making cross-team collaboration difficult
  • Limited Sharing: Users cannot easily share dashboards with specific individuals outside their project/group structure
  • Organizational Silos: Teams working across multiple projects/groups cannot create unified dashboards without complex permission management
  • Poor Personal Dashboard Experience: Users cannot easily create and manage personal dashboards that aggregate data from multiple projects they have access to
  • Inflexible Collaboration: No granular control over who can view, edit, or share specific dashboards

Proposed Solution

Implement a decoupled, user-centric permissions model for dashboards similar to Google Drive, where:

  1. Dashboards become first-class entities with their own permission system
  2. Dashboard visibility is determined by both dashboard-level permissions AND underlying data access
  3. Users can create, share, and manage dashboards independently of the group/project hierarchy

Core Principles

Data Security First: While dashboard sharing is flexible, users can only see data they have permission to access. A dashboard shared with a user will only display dashboard panel/data for which they have appropriate project/group permissions.

User Ownership: Every dashboard has an owner who maintains full control over sharing and permissions.

Detailed Design

Permission Levels

Implement three permission levels for dashboards:

  1. Viewer

    • Can view the dashboard
    • Can duplicate the dashboard (creating their own copy)
    • Cannot modify the original dashboard
    • Can only see data they have access to

  2. Editor

    • All viewer permissions
    • Can modify dashboard layout, dashboard panels, and configurations
    • Can add/remove data sources (limited to those they have access to)
    • Cannot change sharing settings

  3. Owner

    • All editor permissions
    • Can manage sharing and permissions
    • Can transfer ownership
    • Can delete the dashboard

Sharing Mechanisms

Direct Sharing

  • Share with specific users by username/email
  • Share with GitLab groups (all members receive specified permission level)
  • Share with teams or custom user lists

Link Sharing

  • Private Link: Only authenticated users with the link can access
  • Organization Link: Any authenticated user in the GitLab instance can access
  • Public Link: Anyone with the link can view (optional, admin-configurable)

Sharing Settings 

dashboard:
  id: dashboard_uuid
  owner: @username
  permissions:
    users:
      - user: @alice
        level: editor
      - user: @bob
        level: viewer
    groups:
      - group: engineering
        level: viewer
    link_sharing:
      enabled: true
      type: private
      level: viewer
      expires_at: 2024-12-31

Data Access Model

Dual-Layer Security

  1. Dashboard Layer: Determines who can access the dashboard
  2. Data Layer: Determines what data is visible within the dashboard

Dashboard panel Behavior

When a user views a dashboard:

  • Each dashboard panel queries data using the viewer's credentials
  • dashboard panels gracefully handle permission denied scenarios:
    • Show placeholder with "Insufficient permissions" message
    • Provide option to request access
    • Display partial data where applicable

Example Scenario

Dashboard contains dashboard panels from Projects A, B, and C:

  • User 1 (access to A, B, C): Sees all dashboard panels
  • User 2 (access to A, B): Sees dashboard panels from A and B, placeholder for C
  • User 3 (access to C): Sees only dashboard panel C, placeholders for A and B

User Experience

Dashboard Creation Flow

  1. User creates dashboard from personal workspace or any project/group
  2. Dashboard is owned by the creator by default
  3. Creator can immediately share with specific users or groups
  4. Dashboard appears in recipient's "Shared with me" section

Dashboard Discovery

  • My Dashboards: Dashboards owned by the user
  • Shared with Me: Dashboards shared by others
  • Recent: Recently accessed dashboards
  • Starred: Favorited dashboards
  • Team Dashboards: Dashboards shared with user's groups

Permission Request Flow

  1. User attempts to view dashboard with limited data access
  2. User can request access to specific data sources
  3. Request routed to appropriate project/group owners
  4. Dashboard updates automatically when access is granted

Open Questions

  1. Should we support "anyone with the link" public sharing for dashboards?
  2. How should dashboard templates work with the new permission model?
  3. Should we implement approval workflows for sensitive dashboard sharing?
  4. What level of backwards compatibility is required for API consumers?
  5. How do we handle dashboard permissions during project/group transfers?

Related Issues & References

Acceptance Criteria

  • Users can create dashboards independent of project/group hierarchy
  • Dashboards can be shared with specific users with viewer/editor permissions
  • Dashboards can be shared with groups
  • Link-based sharing is implemented with appropriate security controls
  • Users only see data they have permission to access
  • Audit logs capture all dashboard sharing activities
  • Migration tool successfully converts existing dashboards
  • Performance remains within acceptable thresholds
  • Documentation is complete and user-tested
Edited by 🤖 GitLab Bot 🤖