1

Hello !

Despite enforcing SAML-based authentication for all users, we notice that it’s still common for users to abuse the “share” button in order to generate public permanent URLs to any dashboard. As a result, company employees don’t even authenticate to Redash because if someone share a public URL, they don’t need to ever authenticate, at worst anyone outside of the company could access our data just by having a link.

If we cannot prevent generation of public URLs, then cannot control who access the data and it becomes a security issue.
Is there already an option to disable the dashboard sharing feature or restrict it to some users/roles ?

Thanks ! :wink:

1 Like
2

+1 on this! The types of data we have must be kept behind a login wall. We need a way to disable dashboards and queries from being shareable. This includes disabling API keys and public URLs, except from specified users, queries, dashboards, or data sets. We are surprised that this does not already exist…are people really ok with the data of all of their customers being accessible via public urls?

1 Like