Doc version as of 2016-06-11

_sources/index.txt

@@ -32,6 +32,7 @@ Contents
 
     installation
     tutorial
+    security
     videos
     gallery
     druid

_sources/installation.txt

@@ -28,7 +28,7 @@ the required dependencies are installed: ::
 
 For **Fedora** and **RHEL-derivatives**, the following command will ensure
 that the required dependencies are installed: ::
-    
+
     sudo yum upgrade python-setuptools
     sudo yum install gcc libffi-devel python-devel python-pip python-wheel openssl-devel
 
@@ -88,10 +88,10 @@ To configure your application, you need to create a file (module)
 of the parameters you can copy / paste in that configuration module: ::
 
     #---------------------------------------------------------
-    # Caravel specifix config
+    # Caravel specific config
     #---------------------------------------------------------
     ROW_LIMIT = 5000
-    WEBSERVER_THREADS = 8
+    CARAVEL_WORKERS = 16
 
     CARAVEL_WEBSERVER_PORT = 8088
     #---------------------------------------------------------
@@ -228,6 +228,20 @@ Note that you can run the ``caravel refresh_druid`` command to refresh the
 metadata from your Druid cluster(s)
 
 
+CORS
+-----
+
+The extra CORS Dependency must be installed:
+
+    caravel[cors]
+
+
+The following keys in `caravel_config.py` can be specified to configure CORS:
+
+
+* ``ENABLE_CORS``: Must be set to True in order to enable CORS
+* ``CORS_OPTIONS``: options passed to Flask-CORS (`documentation <http://flask-cors.corydolphin.com/en/latest/api.html#extension>`)
+
 Upgrading
 ---------
 

_sources/security.txt

@@ -0,0 +1,92 @@
+Security
+========
+Security in Caravel is handled by Flask AppBuilder (FAB). FAB is a
+"Simple and rapid application development framework, built on top of Flask.".
+FAB provides authentication, user management, permissions and roles.
+
+
+Provided Roles
+--------------
+Caravel ships with 3 roles that are handled by Caravel itself. You can
+assume that these 3 roles will stay up-to-date as Caravel evolves.
+
+Admin
+"""""
+Admins have all rights, including granting or revoking rights from other
+users and altering other people's slices and dashboards.
+
+Alpha
+"""""
+Alpha have access to all data sources, but they cannot grant or revoke access
+from other users. They are also limited to altering the objects that they
+own. Alpha users can add and alter data sources.
+
+Gamma
+"""""
+Gamma have limited access. They can only consume data coming from data sources
+they have been giving access to through another complementary role.
+They only have access to view the slices and
+dashboards made from data sources that they have access to. Currently Gamma
+users are not able to alter or add data sources. We assume that they are
+mostly content consumers, though they can create slices and dashboards.
+
+Also note that when Gamma users look at the dashboards and slices list view,
+they will only see the objects that they have access to.
+
+
+Managing Gamma per data source access
+-------------------------------------
+Here's how to provide users access to only specific datasets. First make
+sure the users with limited access have [only] the Gamma role assigned to
+them. Second, create a new role (``Menu -> Security -> List Roles``) and
+click the ``+`` sign.
+
+.. image:: _static/img/create_role.png
+   :scale: 50 %
+
+This new window allows you to give this new role a name, attribute it to users
+and select the tables in the ``Permissions`` dropdown. To select the data
+sources you want to associate with this role, simply click in the dropdown
+and use the typeahead to search for your table names.
+
+You can then confirm with your Gamma users that they see the objects
+(dashboards and slices) associated with the tables related to their roles.
+
+
+Customizing
+-----------
+
+The permissions exposed by FAB are very granular and allow for a great level
+of customization. FAB creates many permissions automagically for each model
+that is create (can_add, can_delete, can_show, can_edit, ...) as well as for
+each view. On top of that, Caravel can expose more granular permissions like
+``all_datasource_access``.
+
+We do not recommend altering the 3 base roles as there
+are a set of assumptions that Caravel build upon. It is possible though for
+you to create your own roles, and union them to existing ones.
+
+The best way to go is probably to give user ``Gamma`` plus another role
+that would add specific permissions needed by this type of users. 
+
+
+Restricting the access to the metrics
+-------------------------------------
+Sometimes some metrics are relatively sensitive (e.g. revenue).
+We may want to restrict those metrics to only a few roles.
+For example, assumed there is a metric ``[cluster1].[datasource1].[revenue]``
+and only Admin users are allowed to see it. Here’s how to restrict the access.
+
+1. Edit the datasource (``Menu -> Source -> Druid datasources -> edit the 
+   record "datasource1"``) and go to the tab ``List Druid Metric``. Check 
+   the checkbox ``Is Restricted`` in the row of the metric ``revenue``.
+
+2. Edit the role (``Menu -> Security -> List Roles -> edit the record 
+   “Admin”``), in the permissions field, type-and-search the permission
+   ``metric access on [cluster1].[datasource1].[revenue] (id: 1)``, then 
+   click the Save button on the bottom of the page.
+
+Any users without the permission will see the error message
+*Access to the metrics denied: revenue (Status: 500)* in the slices.
+It also happens when the user wants to access a post-aggregation metric that
+is dependent on revenue.

druid.html

@@ -70,6 +70,7 @@
       aria-labelledby="dLabelGlobalToc"><ul class="current">
 <li class="toctree-l1"><a class="reference internal" href="installation.html">Installation &amp; Configuration</a></li>
 <li class="toctree-l1"><a class="reference internal" href="tutorial.html">Tutorial</a></li>
+<li class="toctree-l1"><a class="reference internal" href="security.html">Security</a></li>
 <li class="toctree-l1"><a class="reference internal" href="videos.html">Videos</a></li>
 <li class="toctree-l1"><a class="reference internal" href="gallery.html">Gallery</a></li>
 <li class="toctree-l1 current"><a class="current reference internal" href="#">Druid</a></li>

faq.html

@@ -69,6 +69,7 @@
       aria-labelledby="dLabelGlobalToc"><ul class="current">
 <li class="toctree-l1"><a class="reference internal" href="installation.html">Installation &amp; Configuration</a></li>
 <li class="toctree-l1"><a class="reference internal" href="tutorial.html">Tutorial</a></li>
+<li class="toctree-l1"><a class="reference internal" href="security.html">Security</a></li>
 <li class="toctree-l1"><a class="reference internal" href="videos.html">Videos</a></li>
 <li class="toctree-l1"><a class="reference internal" href="gallery.html">Gallery</a></li>
 <li class="toctree-l1"><a class="reference internal" href="druid.html">Druid</a></li>

gallery.html

@@ -70,6 +70,7 @@
       aria-labelledby="dLabelGlobalToc"><ul class="current">
 <li class="toctree-l1"><a class="reference internal" href="installation.html">Installation &amp; Configuration</a></li>
 <li class="toctree-l1"><a class="reference internal" href="tutorial.html">Tutorial</a></li>
+<li class="toctree-l1"><a class="reference internal" href="security.html">Security</a></li>
 <li class="toctree-l1"><a class="reference internal" href="videos.html">Videos</a></li>
 <li class="toctree-l1 current"><a class="current reference internal" href="#">Gallery</a></li>
 <li class="toctree-l1"><a class="reference internal" href="druid.html">Druid</a></li>

genindex.html

@@ -69,6 +69,7 @@
       aria-labelledby="dLabelGlobalToc"><ul>
 <li class="toctree-l1"><a class="reference internal" href="installation.html">Installation &amp; Configuration</a></li>
 <li class="toctree-l1"><a class="reference internal" href="tutorial.html">Tutorial</a></li>
+<li class="toctree-l1"><a class="reference internal" href="security.html">Security</a></li>
 <li class="toctree-l1"><a class="reference internal" href="videos.html">Videos</a></li>
 <li class="toctree-l1"><a class="reference internal" href="gallery.html">Gallery</a></li>
 <li class="toctree-l1"><a class="reference internal" href="druid.html">Druid</a></li>

index.html

@@ -69,6 +69,7 @@
       aria-labelledby="dLabelGlobalToc"><ul>
 <li class="toctree-l1"><a class="reference internal" href="installation.html">Installation &amp; Configuration</a></li>
 <li class="toctree-l1"><a class="reference internal" href="tutorial.html">Tutorial</a></li>
+<li class="toctree-l1"><a class="reference internal" href="security.html">Security</a></li>
 <li class="toctree-l1"><a class="reference internal" href="videos.html">Videos</a></li>
 <li class="toctree-l1"><a class="reference internal" href="gallery.html">Gallery</a></li>
 <li class="toctree-l1"><a class="reference internal" href="druid.html">Druid</a></li>
@@ -248,10 +249,18 @@ to the user</li>
 <li class="toctree-l2"><a class="reference internal" href="installation.html#schemas-postgres-redshift">Schemas (Postgres &amp; Redshift)</a></li>
 <li class="toctree-l2"><a class="reference internal" href="installation.html#ssl-access-to-databases">SSL Access to databases</a></li>
 <li class="toctree-l2"><a class="reference internal" href="installation.html#druid">Druid</a></li>
+<li class="toctree-l2"><a class="reference internal" href="installation.html#cors">CORS</a></li>
 <li class="toctree-l2"><a class="reference internal" href="installation.html#upgrading">Upgrading</a></li>
 </ul>
 </li>
 <li class="toctree-l1"><a class="reference internal" href="tutorial.html">Tutorial</a></li>
+<li class="toctree-l1"><a class="reference internal" href="security.html">Security</a><ul>
+<li class="toctree-l2"><a class="reference internal" href="security.html#provided-roles">Provided Roles</a></li>
+<li class="toctree-l2"><a class="reference internal" href="security.html#managing-gamma-per-data-source-access">Managing Gamma per data source access</a></li>
+<li class="toctree-l2"><a class="reference internal" href="security.html#customizing">Customizing</a></li>
+<li class="toctree-l2"><a class="reference internal" href="security.html#restricting-the-access-to-the-metrics">Restricting the access to the metrics</a></li>
+</ul>
+</li>
 <li class="toctree-l1"><a class="reference internal" href="videos.html">Videos</a><ul>
 <li class="toctree-l2"><a class="reference internal" href="videos.html#quick-intro">Quick Intro</a></li>
 <li class="toctree-l2"><a class="reference internal" href="videos.html#dashboard-creation">Dashboard Creation</a></li>

installation.html

@@ -70,6 +70,7 @@
       aria-labelledby="dLabelGlobalToc"><ul class="current">
 <li class="toctree-l1 current"><a class="current reference internal" href="#">Installation &amp; Configuration</a></li>
 <li class="toctree-l1"><a class="reference internal" href="tutorial.html">Tutorial</a></li>
+<li class="toctree-l1"><a class="reference internal" href="security.html">Security</a></li>
 <li class="toctree-l1"><a class="reference internal" href="videos.html">Videos</a></li>
 <li class="toctree-l1"><a class="reference internal" href="gallery.html">Gallery</a></li>
 <li class="toctree-l1"><a class="reference internal" href="druid.html">Druid</a></li>
@@ -98,6 +99,7 @@
 <li><a class="reference internal" href="#schemas-postgres-redshift">Schemas (Postgres &amp; Redshift)</a></li>
 <li><a class="reference internal" href="#ssl-access-to-databases">SSL Access to databases</a></li>
 <li><a class="reference internal" href="#druid">Druid</a></li>
+<li><a class="reference internal" href="#cors">CORS</a></li>
 <li><a class="reference internal" href="#upgrading">Upgrading</a></li>
 </ul>
 </li>
@@ -210,10 +212,10 @@ your datasources for Caravel to be aware of, and they should show up in
 <code class="docutils literal"><span class="pre">caravel_config.py</span></code> and make sure it is in your PYTHONPATH. Here are some
 of the parameters you can copy / paste in that configuration module:</p>
 <div class="highlight-default"><div class="highlight"><pre><span></span><span class="c1">#---------------------------------------------------------</span>
-<span class="c1"># Caravel specifix config</span>
+<span class="c1"># Caravel specific config</span>
 <span class="c1">#---------------------------------------------------------</span>
 <span class="n">ROW_LIMIT</span> <span class="o">=</span> <span class="mi">5000</span>
-<span class="n">WEBSERVER_THREADS</span> <span class="o">=</span> <span class="mi">8</span>
+<span class="n">CARAVEL_WORKERS</span> <span class="o">=</span> <span class="mi">16</span>
 
 <span class="n">CARAVEL_WEBSERVER_PORT</span> <span class="o">=</span> <span class="mi">8088</span>
 <span class="c1">#---------------------------------------------------------</span>
@@ -357,6 +359,17 @@ parameter</p>
 <p>Note that you can run the <code class="docutils literal"><span class="pre">caravel</span> <span class="pre">refresh_druid</span></code> command to refresh the
 metadata from your Druid cluster(s)</p>
 </div>
+<div class="section" id="cors">
+<h2>CORS<a class="headerlink" href="#cors" title="Permalink to this headline">¶</a></h2>
+<p>The extra CORS Dependency must be installed:</p>
+<blockquote>
+<div>caravel[cors]</div></blockquote>
+<p>The following keys in <cite>caravel_config.py</cite> can be specified to configure CORS:</p>
+<ul class="simple">
+<li><code class="docutils literal"><span class="pre">ENABLE_CORS</span></code>: Must be set to True in order to enable CORS</li>
+<li><code class="docutils literal"><span class="pre">CORS_OPTIONS</span></code>: options passed to Flask-CORS (<cite>documentation &lt;http://flask-cors.corydolphin.com/en/latest/api.html#extension&gt;</cite>)</li>
+</ul>
+</div>
 <div class="section" id="upgrading">
 <h2>Upgrading<a class="headerlink" href="#upgrading" title="Permalink to this headline">¶</a></h2>
 <p>Upgrading should be as straightforward as running:</p>

objects.inv

@@ -2,4 +2,11 @@
 # Project: caravel
 # Version: 
 # The remainder of this file is compressed using zlib.
-xÚmŽÁ‚0DïýŠž¼aâÕ›Ñh<5ï•]J“Òj[Pþ^`K(‰·<E280B0>™·“
W+à>Àlγ‡ÞX–¡Ò|ן¬ï4ï$¥ûÍ•I¡5º6Í£EÌ<45>“h”
ü OÔ]b<>ýÉ&,ö%ĹA×(üt<C3BC>]³Êš9;ùciB.øÖšBÉÚ
+xÚm<EFBFBD>±
+Â0†÷<E&·
+®n¢(¢¢¸ÇÞµ
+¤‰¦IµooÛKh
+n÷ÿ—ãX/<2F>7Ö`rž­8`Y¹ZñÝ0²B¼Ó¾<C393>Ôî7WV
+¥Ðvi9
+¬D-5àw•x¢Õ@É=#›´°/1Î-ÚV⧗×oN=w'—&æ‚o<E2809A>.déí˜YmàÏU¯.‹í8ð
+Ã}

search.html

@@ -76,6 +76,7 @@
       aria-labelledby="dLabelGlobalToc"><ul>
 <li class="toctree-l1"><a class="reference internal" href="installation.html">Installation &amp; Configuration</a></li>
 <li class="toctree-l1"><a class="reference internal" href="tutorial.html">Tutorial</a></li>
+<li class="toctree-l1"><a class="reference internal" href="security.html">Security</a></li>
 <li class="toctree-l1"><a class="reference internal" href="videos.html">Videos</a></li>
 <li class="toctree-l1"><a class="reference internal" href="gallery.html">Gallery</a></li>
 <li class="toctree-l1"><a class="reference internal" href="druid.html">Druid</a></li>

security.html

@@ -0,0 +1,228 @@
+<!DOCTYPE html>
+
+
+<html xmlns="http://www.w3.org/1999/xhtml">
+  <head>
+    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+    
+    <title>Security &mdash; caravel  documentation</title>
+    
+    <link rel="stylesheet" href="_static/basic.css" type="text/css" />
+    <link rel="stylesheet" href="_static/pygments.css" type="text/css" />
+    <link rel="stylesheet" href="_static/bootstrap-3.3.6/css/bootstrap.min.css" type="text/css" />
+    <link rel="stylesheet" href="_static/bootstrap-3.3.6/css/bootstrap-theme.min.css" type="text/css" />
+    <link rel="stylesheet" href="_static/bootstrap-sphinx.css" type="text/css" />
+    <link rel="stylesheet" href="_static/docs.css" type="text/css" />
+    
+    <script type="text/javascript">
+      var DOCUMENTATION_OPTIONS = {
+        URL_ROOT:    './',
+        VERSION:     '',
+        COLLAPSE_INDEX: false,
+        FILE_SUFFIX: '.html',
+        HAS_SOURCE:  true
+      };
+    </script>
+    <script type="text/javascript" src="_static/jquery.js"></script>
+    <script type="text/javascript" src="_static/underscore.js"></script>
+    <script type="text/javascript" src="_static/doctools.js"></script>
+    <script type="text/javascript" src="_static/js/jquery-1.11.0.min.js"></script>
+    <script type="text/javascript" src="_static/js/jquery-fix.js"></script>
+    <script type="text/javascript" src="_static/bootstrap-3.3.6/js/bootstrap.min.js"></script>
+    <script type="text/javascript" src="_static/bootstrap-sphinx.js"></script>
+    <link rel="top" title="caravel  documentation" href="index.html" />
+    <link rel="next" title="Videos" href="videos.html" />
+    <link rel="prev" title="Tutorial" href="tutorial.html" />
+<meta charset='utf-8'>
+<meta http-equiv='X-UA-Compatible' content='IE=edge,chrome=1'>
+<meta name='viewport' content='width=device-width, initial-scale=1.0, maximum-scale=1'>
+<meta name="apple-mobile-web-app-capable" content="yes">
+
+  </head>
+  <body role="document">
+  
+  <div id="navbar" class="navbar navbar-default ">
+    <div class="container">
+      <div class="navbar-header">
+        <!-- .btn-navbar is used as the toggle for collapsed navbar content -->
+        <button type="button" class="navbar-toggle" data-toggle="collapse" data-target=".nav-collapse">
+          <span class="icon-bar"></span>
+          <span class="icon-bar"></span>
+          <span class="icon-bar"></span>
+        </button>
+        <a class="navbar-brand" href="index.html">
+          Caravel Documentation</a>
+        <span class="navbar-text navbar-version pull-left"><b></b></span>
+      </div>
+
+        <div class="collapse navbar-collapse nav-collapse">
+          <ul class="nav navbar-nav">
+            
+            
+              <li class="dropdown globaltoc-container">
+  <a role="button"
+     id="dLabelGlobalToc"
+     data-toggle="dropdown"
+     data-target="#"
+     href="index.html">Topics <b class="caret"></b></a>
+  <ul class="dropdown-menu globaltoc"
+      role="menu"
+      aria-labelledby="dLabelGlobalToc"><ul class="current">
+<li class="toctree-l1"><a class="reference internal" href="installation.html">Installation &amp; Configuration</a></li>
+<li class="toctree-l1"><a class="reference internal" href="tutorial.html">Tutorial</a></li>
+<li class="toctree-l1 current"><a class="current reference internal" href="#">Security</a></li>
+<li class="toctree-l1"><a class="reference internal" href="videos.html">Videos</a></li>
+<li class="toctree-l1"><a class="reference internal" href="gallery.html">Gallery</a></li>
+<li class="toctree-l1"><a class="reference internal" href="druid.html">Druid</a></li>
+<li class="toctree-l1"><a class="reference internal" href="faq.html">FAQ</a></li>
+</ul>
+</ul>
+</li>
+              
+                <li class="dropdown">
+  <a role="button"
+     id="dLabelLocalToc"
+     data-toggle="dropdown"
+     data-target="#"
+     href="#">Page <b class="caret"></b></a>
+  <ul class="dropdown-menu localtoc"
+      role="menu"
+      aria-labelledby="dLabelLocalToc"><ul>
+<li><a class="reference internal" href="#">Security</a><ul>
+<li><a class="reference internal" href="#provided-roles">Provided Roles</a><ul>
+<li><a class="reference internal" href="#admin">Admin</a></li>
+<li><a class="reference internal" href="#alpha">Alpha</a></li>
+<li><a class="reference internal" href="#gamma">Gamma</a></li>
+</ul>
+</li>
+<li><a class="reference internal" href="#managing-gamma-per-data-source-access">Managing Gamma per data source access</a></li>
+<li><a class="reference internal" href="#customizing">Customizing</a></li>
+<li><a class="reference internal" href="#restricting-the-access-to-the-metrics">Restricting the access to the metrics</a></li>
+</ul>
+</li>
+</ul>
+</ul>
+</li>
+              
+            
+            
+            
+            
+            
+              <li class="hidden-sm"></li>
+            
+          </ul>
+
+          
+            
+<form class="navbar-form navbar-right" action="search.html" method="get">
+ <div class="form-group">
+  <input type="text" name="q" class="form-control" placeholder="Search" />
+ </div>
+  <input type="hidden" name="check_keywords" value="yes" />
+  <input type="hidden" name="area" value="default" />
+</form>
+          
+        </div>
+    </div>
+  </div>
+
+  
+  <div class="container mainbody">
+  
+  <div class="section" id="security">
+<h1>Security<a class="headerlink" href="#security" title="Permalink to this headline">¶</a></h1>
+<p>Security in Caravel is handled by Flask AppBuilder (FAB). FAB is a
+&#8220;Simple and rapid application development framework, built on top of Flask.&#8221;.
+FAB provides authentication, user management, permissions and roles.</p>
+<div class="section" id="provided-roles">
+<h2>Provided Roles<a class="headerlink" href="#provided-roles" title="Permalink to this headline">¶</a></h2>
+<p>Caravel ships with 3 roles that are handled by Caravel itself. You can
+assume that these 3 roles will stay up-to-date as Caravel evolves.</p>
+<div class="section" id="admin">
+<h3>Admin<a class="headerlink" href="#admin" title="Permalink to this headline">¶</a></h3>
+<p>Admins have all rights, including granting or revoking rights from other
+users and altering other people&#8217;s slices and dashboards.</p>
+</div>
+<div class="section" id="alpha">
+<h3>Alpha<a class="headerlink" href="#alpha" title="Permalink to this headline">¶</a></h3>
+<p>Alpha have access to all data sources, but they cannot grant or revoke access
+from other users. They are also limited to altering the objects that they
+own. Alpha users can add and alter data sources.</p>
+</div>
+<div class="section" id="gamma">
+<h3>Gamma<a class="headerlink" href="#gamma" title="Permalink to this headline">¶</a></h3>
+<p>Gamma have limited access. They can only consume data coming from data sources
+they have been giving access to through another complementary role.
+They only have access to view the slices and
+dashboards made from data sources that they have access to. Currently Gamma
+users are not able to alter or add data sources. We assume that they are
+mostly content consumers, though they can create slices and dashboards.</p>
+<p>Also note that when Gamma users look at the dashboards and slices list view,
+they will only see the objects that they have access to.</p>
+</div>
+</div>
+<div class="section" id="managing-gamma-per-data-source-access">
+<h2>Managing Gamma per data source access<a class="headerlink" href="#managing-gamma-per-data-source-access" title="Permalink to this headline">¶</a></h2>
+<p>Here&#8217;s how to provide users access to only specific datasets. First make
+sure the users with limited access have [only] the Gamma role assigned to
+them. Second, create a new role (<code class="docutils literal"><span class="pre">Menu</span> <span class="pre">-&gt;</span> <span class="pre">Security</span> <span class="pre">-&gt;</span> <span class="pre">List</span> <span class="pre">Roles</span></code>) and
+click the <code class="docutils literal"><span class="pre">+</span></code> sign.</p>
+<a class="reference internal image-reference" href="_images/create_role.png"><img alt="_images/create_role.png" src="_images/create_role.png" style="width: 591.5px; height: 309.5px;" /></a>
+<p>This new window allows you to give this new role a name, attribute it to users
+and select the tables in the <code class="docutils literal"><span class="pre">Permissions</span></code> dropdown. To select the data
+sources you want to associate with this role, simply click in the dropdown
+and use the typeahead to search for your table names.</p>
+<p>You can then confirm with your Gamma users that they see the objects
+(dashboards and slices) associated with the tables related to their roles.</p>
+</div>
+<div class="section" id="customizing">
+<h2>Customizing<a class="headerlink" href="#customizing" title="Permalink to this headline">¶</a></h2>
+<p>The permissions exposed by FAB are very granular and allow for a great level
+of customization. FAB creates many permissions automagically for each model
+that is create (can_add, can_delete, can_show, can_edit, ...) as well as for
+each view. On top of that, Caravel can expose more granular permissions like
+<code class="docutils literal"><span class="pre">all_datasource_access</span></code>.</p>
+<p>We do not recommend altering the 3 base roles as there
+are a set of assumptions that Caravel build upon. It is possible though for
+you to create your own roles, and union them to existing ones.</p>
+<p>The best way to go is probably to give user <code class="docutils literal"><span class="pre">Gamma</span></code> plus another role
+that would add specific permissions needed by this type of users.</p>
+</div>
+<div class="section" id="restricting-the-access-to-the-metrics">
+<h2>Restricting the access to the metrics<a class="headerlink" href="#restricting-the-access-to-the-metrics" title="Permalink to this headline">¶</a></h2>
+<p>Sometimes some metrics are relatively sensitive (e.g. revenue).
+We may want to restrict those metrics to only a few roles.
+For example, assumed there is a metric <code class="docutils literal"><span class="pre">[cluster1].[datasource1].[revenue]</span></code>
+and only Admin users are allowed to see it. Here’s how to restrict the access.</p>
+<ol class="arabic simple">
+<li>Edit the datasource (<code class="docutils literal"><span class="pre">Menu</span> <span class="pre">-&gt;</span> <span class="pre">Source</span> <span class="pre">-&gt;</span> <span class="pre">Druid</span> <span class="pre">datasources</span> <span class="pre">-&gt;</span> <span class="pre">edit</span> <span class="pre">the</span>
+<span class="pre">record</span> <span class="pre">&quot;datasource1&quot;</span></code>) and go to the tab <code class="docutils literal"><span class="pre">List</span> <span class="pre">Druid</span> <span class="pre">Metric</span></code>. Check
+the checkbox <code class="docutils literal"><span class="pre">Is</span> <span class="pre">Restricted</span></code> in the row of the metric <code class="docutils literal"><span class="pre">revenue</span></code>.</li>
+<li>Edit the role (<code class="docutils literal"><span class="pre">Menu</span> <span class="pre">-&gt;</span> <span class="pre">Security</span> <span class="pre">-&gt;</span> <span class="pre">List</span> <span class="pre">Roles</span> <span class="pre">-&gt;</span> <span class="pre">edit</span> <span class="pre">the</span> <span class="pre">record</span>
+<span class="pre">“Admin”</span></code>), in the permissions field, type-and-search the permission
+<code class="docutils literal"><span class="pre">metric</span> <span class="pre">access</span> <span class="pre">on</span> <span class="pre">[cluster1].[datasource1].[revenue]</span> <span class="pre">(id:</span> <span class="pre">1)</span></code>, then
+click the Save button on the bottom of the page.</li>
+</ol>
+<p>Any users without the permission will see the error message
+<em>Access to the metrics denied: revenue (Status: 500)</em> in the slices.
+It also happens when the user wants to access a post-aggregation metric that
+is dependent on revenue.</p>
+</div>
+</div>
+
+
+  </div>
+<footer class="footer">
+  <div class="container">
+    <p class="pull-right">
+      <a href="#">Back to top</a>
+      
+    </p>
+    <p>
+      Created using <a href="http://sphinx-doc.org/">Sphinx</a> 1.4.<br/>
+    </p>
+  </div>
+</footer>
+  </body>
+</html>

tutorial.html

@@ -31,7 +31,7 @@
     <script type="text/javascript" src="_static/bootstrap-3.3.6/js/bootstrap.min.js"></script>
     <script type="text/javascript" src="_static/bootstrap-sphinx.js"></script>
     <link rel="top" title="caravel  documentation" href="index.html" />
-    <link rel="next" title="Videos" href="videos.html" />
+    <link rel="next" title="Security" href="security.html" />
     <link rel="prev" title="Installation &amp; Configuration" href="installation.html" />
 <meta charset='utf-8'>
 <meta http-equiv='X-UA-Compatible' content='IE=edge,chrome=1'>
@@ -70,6 +70,7 @@
       aria-labelledby="dLabelGlobalToc"><ul class="current">
 <li class="toctree-l1"><a class="reference internal" href="installation.html">Installation &amp; Configuration</a></li>
 <li class="toctree-l1 current"><a class="current reference internal" href="#">Tutorial</a></li>
+<li class="toctree-l1"><a class="reference internal" href="security.html">Security</a></li>
 <li class="toctree-l1"><a class="reference internal" href="videos.html">Videos</a></li>
 <li class="toctree-l1"><a class="reference internal" href="gallery.html">Gallery</a></li>
 <li class="toctree-l1"><a class="reference internal" href="druid.html">Druid</a></li>

videos.html

@@ -32,7 +32,7 @@
     <script type="text/javascript" src="_static/bootstrap-sphinx.js"></script>
     <link rel="top" title="caravel  documentation" href="index.html" />
     <link rel="next" title="Gallery" href="gallery.html" />
-    <link rel="prev" title="Tutorial" href="tutorial.html" />
+    <link rel="prev" title="Security" href="security.html" />
 <meta charset='utf-8'>
 <meta http-equiv='X-UA-Compatible' content='IE=edge,chrome=1'>
 <meta name='viewport' content='width=device-width, initial-scale=1.0, maximum-scale=1'>
@@ -70,6 +70,7 @@
       aria-labelledby="dLabelGlobalToc"><ul class="current">
 <li class="toctree-l1"><a class="reference internal" href="installation.html">Installation &amp; Configuration</a></li>
 <li class="toctree-l1"><a class="reference internal" href="tutorial.html">Tutorial</a></li>
+<li class="toctree-l1"><a class="reference internal" href="security.html">Security</a></li>
 <li class="toctree-l1 current"><a class="current reference internal" href="#">Videos</a></li>
 <li class="toctree-l1"><a class="reference internal" href="gallery.html">Gallery</a></li>
 <li class="toctree-l1"><a class="reference internal" href="druid.html">Druid</a></li>