Manage Access Rights

How to restrict data sources, dashboard groups, and dashboards in an organization.

What access management does

Access management lets owners and admins create explicit restrictions for data sources, dashboard groups, and dashboards inside one organization. All access is allowed by default.

The model is resource-based. You do not manage one global matrix for the entire organization.

How this differs from roles

Roles and access restrictions solve different problems:

  • Roles define which product capabilities a person can use.
  • Access restrictions define which specific resource is restricted for that person or role.

Anyone who can see a resource can usually edit it too. The main exception is the Viewer role.

How the model works

Each restriction contains:

  • Category: data source, dashboard group, or dashboard
  • Resource: one or more concrete items from that category when you create a restriction
  • Restricted for: roles or individual people

There is also a simple inheritance toggle:

  • A restricted dashboard group can pass its restriction down to dashboards inside that group.
  • A restricted data source can pass its restriction down to dashboards that depend on it.

How to create a restriction

  1. Open Administration. You need the Owner or Admin role.
  2. Open the Restrict data access tile.
  3. Click Create access restriction.
  4. Choose the category.
  5. Choose one or more resources.
  6. Choose the roles or people the restriction should apply to.
  7. Set inheritance if needed.
  8. Save the restriction.

How to edit an existing restriction

  1. Open Administration and find the active restriction in Restrict data access.
  2. Click the settings icon.
  3. Change the category, target resource, affected roles or people, or the inheritance toggle.
  4. Save the restriction.

Editing always works on one existing restriction at a time. If you move that restriction to another resource, Zweigen performs one server-side retarget action instead of leaving the old restriction behind.

How data sources are labeled

Data sources use the same server-authoritative label in the picker and in the active restriction list.

  • If Zweigen knows both the provider and the connected property or site, the label is shown as Provider | Property.
  • Example: Google Search Console | zweigen.cloud
  • If there is no better property-specific label, Zweigen falls back to the data source name.

What affected users will see

  • Restricted dashboard groups are hidden.
  • Restricted dashboards are hidden.
  • Restricted data sources remain visible, but are disabled and explain that rights are missing.

Conflict handling

  • Changes are saved per resource. If someone else changed the same resource at the same time, Zweigen reloads the latest version of that resource and asks you to retry.
  • If you retarget a restriction to a resource that already has its own restriction, Zweigen blocks the save so both rules are not merged silently.

Related articles

1.4 Collaboration in OrganizationsHow Zweigen structures team collaboration through organizations, shared workspaces, and role models.1.7 GDPR ComplianceLearn how Zweigen helps you keep data handling practical, secure, and easy to explain inside your team.1.5 Mobile Device UsageHow to use Zweigen on mobile devices for monitoring and fast decisions.

All Data. One system.

ZweigenZWEIGEN

Zweigen is a self-service BI platform with an integrated data foundation for teams and secure EU-hosted operations.

Contact

We are happy to help and advise you, send an email to hi@zweigen.cloud.

Information about roadmap updates and submitting or voting on suggestions is available at /development.

Continue in Documentation

Previous article1.4.1 Role ManagementBack to category1 Getting StartedNext article1.4.3 Team Notifications