Skip to main content

Embedded: FAQs

What are the differences between the Permission Settings and Filter Display Settings?

We do understand that there is confusion between Permission Settings and Filter Display Settings since you can use Filter Display Settings to hard-set certain values to your dashboard viewers and function the same as permission.

However, these 2 settings serve 2 totally different intentions:

  • Permission settings allow users to apply data access restriction (at dataset level). This is very strict, you should use this when you want to restrict data access.
  • Filter display settings only help you to override the default filter values of your dashboard. Your viewers can still change the values to see more data.

When the Permission is set, it's also applied to the related filters. For example, your dashboard has countries. If you set the RLP for country_name to Vietnam, your country filter will only show the value Vietnam and it will return no value if you try to change the filter value to another value other than Vietnam.

Filter vs Permission

Furthermore, please note that hiding the filter display ("hidden": true) will only make your dashboard nicer and cleaner. It should not be used to restrict data scope

Why so complicated, all this JWT and extra code?

Our Embedded feature is designed for use cases where our clients want to embed a dashboard into their own application, where when each of their customers log in they will see different data, i.e a restaurant ordering SaaS system will use Holistics Embedded to provide analytics to their individual restaurant customers, where each restaurant only sees data related to their own restaurant.

Since cross-customer data security is important, there is a need for the extra work required to ensure encryption is properly set up.

In short, the additional coding effort is there to ensure:

  • Multi-tenancy data permission: Making sure each of your customers will see data related to themselves only.
  • The URL will expire at some point in the future, preventing anyone having access to the URL to pull the data.

InvalidAuthenticityToken error

Sometimes you'll receive this error: ActionController::InvalidAuthenticityToken

There are 2 reasons

  • Make sure your site has https
  • Enable 3rd-party cookies in your browsers

Access denied for localStorage

Uncaught SecurityError: Failed to read the 'localStorage' property from 'Window': Access is denied for this document

If you have an issue showing the embed, please check browser's console log for the error:

  1. Please open Chrome settings, type "third" in the search box, click the Content Settings button and view the fourth item under Cookies.
  2. Make sure that the option Block third-party cookies and site data is unchecked.

If this setting is checked, third-party scripts cookies are disallowed and access to localStorage may result in thrown SecurityError exceptions.

I saw a blank page when try to use the embedded frame at my local PC

Due to our security policy, using HTTPS is enforced to prevent token leakage that might lead to your data leakage. It could be the case that your local environment doesn't set up HTTPS.

To solve this problem, please embed the iframe inside a webpage that is served with HTTPS.

Would the embedded dashboards be mobile-friendly (responsive) when viewed outside of Holistics?

Yes. You can view our release note here: New Feature: Mobile Responsive View


Let us know what you think about this document :)