Restrict Platform Analytics for ITIL users
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
3 weeks ago
Hi all,
two questions:
1. Any of you that have looked into how we can restrict ITIL users to create new data visualizations in platform analytics, and only allow them to see "saved visualizations" - see attached image.
2. Would also like to understand if I can restrict the option for users to add their dashboard to e.g. Service Operation Workspace or similar.
I know that I can create an access control on the viz_dashboard to completely remove the ability to both, but would like to investigate above possibility.
If my answer has helped with your question, please mark my answer as the accepted solution and give a thumbs up.
Best regards
Anders
Rising star 2024
MVP 2025
linkedIn: https://www.linkedin.com/in/andersskovbjerg/
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
3 weeks ago
I had a look, and this is mostly controlled by roles, there isn’t a simple switch to just hide the create options for ITIL users.
If someone has the viz_creator or viz_admin role, they can create visualizations. If they don’t, they can only view saved and shared ones. So the easiest and cleanest way to handle this is to review your role assignments and make sure ITIL users don’t have the analytics creator roles.
Same idea for adding dashboards to workspaces. That’s also role-based. If they don’t have the right roles, they won’t be able to create or add dashboards there either.
So instead of heavy customization or complex ACLs, it’s really about tightening up who has the analytics creation roles and letting everyone else be viewers only.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
3 weeks ago
Hi @Vaibhav Chouhan ,
Thank you for your valuable input and contribution. According to your comment "Same idea for adding dashboards to workspaces. That’s also role-based. If they don’t have the right roles, they won’t be able to create or add dashboards there either." - which role are you thinking of here?
According to documentation: "Any role" can create dashboard.
If my answer has helped with your question, please mark my answer as the accepted solution and give a thumbs up.
Best regards
Anders
Rising star 2024
MVP 2025
linkedIn: https://www.linkedin.com/in/andersskovbjerg/
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
3 weeks ago
Thanks for pointing that out, you’re absolutely right.
I double checked the documentation and dashboards are handled differently from visualizations. For visualizations, creation is controlled by roles like viz_creator and viz_admin. If users don’t have those roles, they can’t create new visualizations in the library.
For dashboards, however, the documentation states that any role can create dashboards in Platform Analytics. So there isn’t an out of the box role you can remove to prevent dashboard creation while still allowing users to view shared dashboards.
In community discussions, admins who needed stricter control have handled this by restricting create access on the underlying dashboard table using ACLs. For Platform Analytics dashboards, that would be the par_dashboard table. Since there is no dedicated dashboard_creator role, access falls back to normal table security.
