User Management and Role-Based Access Control (RBAC)

Looker is a modern platform for data exploration and visualization. One of its key features is the ability to fine-tune user access through User Management and Role-Based Access Control (RBAC). This guide provides a comprehensive overview of these features to ensure secure and efficient access management.

1. User Management in Looker

1.1. Creating User Accounts

• Navigate to the 'Admin' panel.
• Select 'Users' from the sidebar.
• Click 'Add Users' and provide the required details like email, first name, last name, etc.
• Define initial user attributes like roles, groups, and access settings.

1.2. Modifying User Accounts

• In the 'Users' tab, find the user account you wish to modify.
• Click on the account and make necessary changes.
• Save the updated settings.

1.3. Deactivating/Deleting User Accounts

• Locate the user account.
• Click 'Deactivate' to temporarily disable the account or 'Delete' to remove the account permanently.

2. Role-Based Access Control (RBAC)

2.1. Understanding Roles Roles are predefined sets of permissions that determine what actions users can or cannot perform.

2.2. Default Roles in Looker Looker provides default roles such as:

• Admin: Full system access.
• User: General access but limited to data exploration.
• See LookML: Can view LookML models but can't edit.

2.3. Creating Custom Roles

• Navigate to the 'Admin' panel.
• Select 'Roles' from the sidebar.
• Click 'Create Role' and define permissions based on your organization's requirements.

2.4. Assigning Roles to Users

• During user creation or while modifying a user, you can assign one or more roles.
• Ensure that roles assigned do not conflict in permissions.

3. User Groups

3.1. Benefits of User Groups Groups simplify user management by bundling users with similar access requirements.

3.2. Creating and Managing Groups

• Navigate to 'Groups' under the 'Admin' panel.
• Click 'Add Group', define its name, and assign users and roles to the group.

3.3. Nested Groups Looker allows nesting of groups, meaning a group can be part of another group. This feature aids in creating hierarchical access structures.

4. Permission Sets

4.1. Overview Permission sets define a collection of permissions that can be attached to roles.

4.2. Default Permission Sets Looker provides default sets like 'View' and 'Edit'.

4.3. Custom Permission Sets To create a custom set:

• Navigate to 'Permission Sets' under 'Admin'.
• Click 'Add Permission Set' and choose from available permissions.

5. Best Practices

5.1. Principle of Least Privilege Always assign the minimum necessary permissions to roles to ensure tight security.

5.2. Regular Audits Conduct regular audits of user accounts, roles, and permissions to ensure no redundant or overly permissive roles exist.

5.3. Group-Based Assignment Whenever possible, assign roles and permissions to groups instead of individual users to streamline management.

User Management and RBAC in Looker are instrumental in safeguarding data and ensuring that users have appropriate access levels. This guide offers a foundation, but always refer to Looker's official documentation for detailed instructions and updates. Properly implementing these features ensures data integrity, security, and efficient user management.