Are there any plans to have any type of security around embedding? I’d love to use redash in our SAAS, but I really need to have some way of controlling access to the embedded graphs.

Alternatively is it possible if I self-host?

What do you mean? Currently you need an API key to open an embed. Or are you referring to the situation with parameters in embeds?

To be honest I’m also concerned/curious/slightly perplexed about the security aspect of embedding queries in our website. Security isn’t exactly my forte so I’d love to see a tutorial or simply an explanation of some kind that explicitly shows how (you could) go about securely embedding queries in a website that already has login/authentication of its own, so that not just anybody with the right URL could access the query.

Honestly, I’m sure it’s obvious/easy I’m just missing something. A bit thickheaded over here :slight_smile:

Like @rmoore I would like to embed a board (with numeric parameter) but cannot have it publicly accessible.
Is there a way to do it?

Is the numeric parameter part of what the user should be able to change, or the numeric parameter is what segments the dashboard for different customers and needs to be unchangeable?

Thanks for the fast response!
The parameter should be unchangeable, it is the customer ID

This is currently not supported. We do plan on adding this option, but we’re not there yet.

If you’re interested in implementing this, do let us know :slight_smile:

FYI @arikfr this is one of the use cases for which we are developing the SDK right now - auto-generating queries + visualizations per “workspace” (probably == customerID).

1 Like