We're in the process of migrating over to Platform Analytics and noticed that users can create visualizations based off of Indicators that they should not have access to and looking to figure out what we can do to prevent that.
When a pa_viewer user goes to Platform Analytics > Library > Indicators, the list view they have is of everything with the checkbox "show in library" checked. When they click on one that they shouldn't have access to, it does give them an access error, but in the Analytics Hub in the original Performance Analytics, those Indicators don't even show up in the list to try and click on.
And with that, when a user goes to create a Data Visualization with a Source of Indicator, they can select any Indicator in the system, even ones that should not be visible by role or are not "shown in library" and can view the data there.
This is an example of the Access Control tab on a completely out of box Indicator for Admin Logins. In our non-migrated instances, this isn't even visible in list views to users, but in our migrated instance, it's visible to all pa_viewer users in the list view and they can also create and view data visualizations created from it and throw them on a dashboard.
I would think since this one was completely OOB that I wouldn't need to update it in order to restrict it properly, but maybe I have to update the "Visible to" on all of these OOB Security ones?
Is there anything I might just be missing?
