Embedded: FAQs

What are the differences between the Permission Settings and Filter Display Settings?

We do understand that there is confusion between Permission Settings and Filter Display Settings since you can use Filter Display Settings to hard-set certain values to your dashboard viewers and function the same as permission.

However, these 2 settings serve 2 totally different intentions:

  • Permission settings allow users to apply data access restriction (at dataset level). This is very strict, you should use this when you want to restrict data access.
  • Filter display settings only help you to override the default filter values of your dashboard. Your viewers can still change the values to see more data.

When the Permission is set, it's also applied to the related filters. For example, your dashboard has countries. If you set the RLP for country_name to Vietnam, your country filter will only show the value Vietnam and it will return no value if you try to change the filter value to another value other than Vietnam.

Filter vs Permission

Furthermore, please note that hiding the filter display ("hidden": true) will only make your dashboard nicer and cleaner. It should not be used to restrict data scope

Why so complicated, all this JWT and extra code?

Our Embedded feature is designed for use cases where our clients want to embed a dashboard into their own application, where when each of their customers log in they will see different data, i.e a restaurant ordering SaaS system will use Holistics Embedded to provide analytics to their individual restaurant customers, where each restaurant only sees data related to their own restaurant.

Since cross-customer data security is important, there is a need for the extra work required to ensure encryption is properly set up.

In short, the additional coding effort is there to ensure:

  • Multi-tenancy data permission: Making sure each of your customers will see data related to themselves only.
  • The URL will expire at some point in the future, preventing anyone having access to the URL to pull the data.

InvalidAuthenticityToken error

Sometimes you'll receive this error: ActionController::InvalidAuthenticityToken

There are 2 reasons

  • Make sure your site has https
  • Enable 3rd-party cookies in your browsers

Access defined for localStorage

Uncaught SecurityError: Failed to read the 'localStorage' property from 'Window': Access is denied for this document

If you have an issue showing the embed, please check browser's console log for the error:

  1. Please open Chrome settings, type "third" in the search box, click the Content Settings button and view the fourth item under Cookies.
  2. Make sure that the option Block third-party cookies and site data is unchecked.

If this setting is checked, third-party scripts cookies are disallowed and access to localStorage may result in thrown SecurityError exceptions.