Creating an Admin API user with access to all dashboards and datasets in your organization

Medium

To ensure your securables (i.e. dashboards and datasets) are accessible to the right people, you can create an Admin user that can access and share all securables that exist in your Luzmo organization. Among other potential use cases, this will allow you to gain access to an unshared dashboard/dataset created by a colleague who's enjoying some holidays, or to list all dashboards created by embed designer users.
Note that this access is not explicitly provisioned, but instead the admin user gets implicit access to all resources; this means you won't see the Admin user being listed in the Share modal of a securable.

Below you can find the steps necessary to create a Luzmo user with "admin" access to your Organization securables, as well as some API calls that show you how you can list or share these securables via the Admin user.

Create a Luzmo User
[Currently API-only] Promote the user to "Admin"
[Currently API-only] List all datasets and dashboards
[Currently API-only] Share a specific dataset or dashboard

Creating Luzmo user

The easiest way to create a Luzmo user is via the "Add new member" button in your Organization overview page. In here, we recommend creating a new user with role "Owner" and a dedicated email address (e.g. name+admin@company.com): make sure the email address you specify is valid, as it'll receive an email from Luzmo for verification (which will also allow you to set up a secure password for this user).
Once successfully created and logged in with this new user, we highly recommend to enable Multi Factor Authentication (in your Profile details page) to further secure this admin user. Last but not least, you should create an API key-token pair in the admin users' account (in Profile -> API tokens), which will be used for all admin-related API requests listed below.

Promote user to "Admin" access to org

After creating your admin user, it's time to promote this user's access to "Admin" to allow them to access all securables in the whole organization. For existing users, you'll need to update the association properties between the User-Organization resources:

curl https://api.luzmo.com/0.1.0/user  
-H "Content-Type: application/json" 
-d @- << EOF
{
  "version": "0.1.0",
  "action": "associate",
  "key": "$LUZMO_API_KEY",
  "token": "$LUZMO_API_TOKEN",
  "id": "< user id >",
  "resource": {
    "role": "Organizations",
    "id": "< organization id >"
  },
  "properties": {
    "flagMember": true,
    "flagEditor": true,
    "flagOwn": true,
    "flagAdmin": true
  }
}
EOF

Related API calls

Get your User ID:

curl https://api.luzmo.com/0.1.0/user  
-H "Content-Type: application/json" 
-d @- << EOF
{
  "action": "get",
  "key": "$LUZMO_API_KEY",
  "token": "$LUZMO_API_TOKEN",
  "version": "0.1.0",
  "find": {
    "where": {
      "id": "me"
    },
    "attributes": ["id", "name", "email"]
  }
}
EOF

Get your Organization ID:

curl https://api.luzmo.com/0.1.0/organization  
-H "Content-Type: application/json" 
-d @- << EOF
{
  "action": "get",
  "key": "$LUZMO_API_KEY",
  "token": "$LUZMO_API_TOKEN",
  "version": "0.1.0",
  "find": {
    "attributes": ["id"]
  }
}
EOF

List all datasets and dashboards

Once you've promoted the Luzmo user to have Admin access in your Organization, you can use its API key-token pair to list all dashboards & datasets that exist in your whole organization using the following API call:

curl https://api.luzmo.com/0.1.0/securable
-H "Content-Type: application/json"
-d @- << EOF
{
  "action": "get",
  "key": "$LUZMO_API_KEY",
  "token": "$LUZMO_API_TOKEN",
  "version": "0.1.0",
  "find": {
    "attributes": ["id", "type", "name"],
    "options": {
      "public": false
    }
  }
}
EOF

The response will contain one row per securable, where the "type" property indicates whether it's a dataset or a dashboard.

Share a specific dataset or dashboard

Once you've retrieved the list of dashboards and datasets, you might want to make one or more securables accessible to one or more users. We highly recommend providing access via Groups, as this will greatly facilitate access management in general (see this Academy article for more information about providing access to Groups).
Below you can find an example API request to share a securable with a Group, and a similar API request to share a securable with a single user.

Share with a Luzmo Group

In the request below, we're providing a specific Group "can modify" access to a specific securable:

curl https://api.luzmo.com/0.1.0/securable
-H "Content-Type: application/json"
-d @- << EOF
{
  "action": "associate",
  "key": "$LUZMO_API_KEY",
  "token": "$LUZMO_API_TOKEN",
  "version": "0.1.0",
  "id": "< dataset/dashboard id >",
  "resource": {
    "role": "Groups",
    "id": "< group id >"
  },
  "properties": {
    "flagRead": true,
    "flagUse": true,
    "flagModify": true,
    "flagOwn": false
  }
}
EOF

Related API call

Get all Group IDs:

curl https://api.luzmo.com/0.1.0/group  
-H "Content-Type: application/json" 
-d @- << EOF
{
  "action": "get",
  "key": "$LUZMO_API_KEY",
  "token": "$LUZMO_API_TOKEN",
  "version": "0.1.0",
  "find": {
    "attributes": ["id", "name"]
  }
}
EOF

Share with a Luzmo user

In this request we're providing a specific User "can use" access to a specific securable:

curl https://api.luzmo.com/0.1.0/securable
-H "Content-Type: application/json"
-d @- << EOF
{
  "action": "associate",
  "key": "$LUZMO_API_KEY",
  "token": "$LUZMO_API_TOKEN",
  "version": "0.1.0",
  "id": "< dataset/dashboard id >",
  "resource": {
    "role": "Users",
    "id": "< user id >"
  },
  "properties": {
    "flagRead": true,
    "flagUse": true,
    "flagModify": false,
    "flagOwn": false
  }
}
EOF