- 27 Jan 2023
- 2 Minutes to read
- Updated on 27 Jan 2023
- 2 Minutes to read
Dashboard Embedding is only available on the Enterprise plan.
Dashboard embedding enables you to embed a dashboard hosted in a Preset Cloud workspace into your own application via an iframe.
Embeds provide a great opportunity to bring insightful data analytics directly into your native environment. This feature can be used by a variety of different stakeholders, such as a Product team adding analytics to their SaaS application or a Data team adding dashboards to their internal tools.
In addition, embeds include easy-to-use security controls, such as specifying one or more allowlisted domains and using row-level security rules to to ensure that correct access is maintained.
Starting with Embeds
In this chapter, we've organized the dashboard embedding process into two steps: preparation and deployment.
Step 1, the preparation stage, involves the collection of specific Preset asset data, such as a team ID and workspace domain — this step does not require any particular technical expertise.
In step 2, we focus on the deployment of the dashboard to your environment using the Superset embedded SDK. This involves working with the Preset API and installing the SDK. This step may require some development experience.
Let's have a closer look at some specific features of dashboard embedding with Preset.
Access Control and Security
Dashboard embedding offers a number of security features designed to provide flexible access control without compromising your infrastructure.
Authentication can be configured using your app's authentication or using Preset authentication. Data access can be controlled programmatically with minimal coding — in fact, the entire embedding process can be launched in under 1 sprint.
You retain control of your user's access at all times via data permissions and, specifically, what they can see in the dashboard.
Other key security features include:
- Preset Cloud is certified as SOC2 Type2, PCI-DSS compliant
- Role-Based Access Controls (RBAC) for fine-grained permissions
- Encryption for data in transit with TLS 1.3+
- Encryption for data at rest with AES 256 encrypted storage
- Secure Software Development Lifecycle (SDLC) process
How does access work?
The host app defines data access restrictions by specifying row-level security rules during embed token generation. Rules can either be ad hoc (a key-value dictionary) or references to RLS rules defined in Superset from the UI. In addition to this, data requests will be checked to make sure the queried dataset is actually referenced by the embedded dashboard being viewed.
When viewing an embedded dashboard, the rules above will be the only access restrictions that apply. Embedded dashboards are rendered in an iframe without cookie access, so any existing Superset session will not be active when viewing it. The embed token is the only authorization method that will be used.
Data access controls that apply to the dashboard curator will not be considered when granting access to an embedded dashboard viewer. The guest token API can effectively be used to grant anyone full read access to the datasets of any dashboard that has been made embeddable. Thus, the
can_grant_guest_token permission should be considered "admin" level and be assigned with care.