Identity & Workspace
This is a Beta feature. The documentation and feature may change rapidly. You can request Beta access and try it out.
Introduction
Identity & workspace settings enable two critical capabilities for embedded analytics:
-
Create Boundaries for User-Generated Content: When you enable self-service analytics (users creating their own dashboards), you need clear boundaries:
- Personal boundaries: Each user gets their own private space for individual dashboards
- Organization boundaries: Team members can collaborate on shared dashboards, but different organizations remain completely isolated
- Permission boundaries: Control who can view vs. edit vs. create dashboards in organization's shared workspace
-
Audit & Track User Activity: When you add
embed_user_idandembed_org_id, Holistics can identify who the user is and log their activities, allowing you to:- User identification: Know which specific user performed each action
- Organization tracking: See which organization each user belongs to in the logs
- Activity logging: Track user interactions and dashboard creation with proper attribution
These identity and workspace features are currently only available with Embed Portal. Single Dashboard embedding does not support user identity or workspaces yet.
To enable these capabilities, you specify user and organization identity in your embed payload:
const embed_payload = {
// identify embed user
"embed_user_id": "user_id_1",
// user "user_id_1" in "organization_id_1" organization
"embed_org_id": "organization_id_1",
// grant them permission -> what they can do
"permissions": {
// specify role of user "user_id_1" in "organization_id_1" shared workspace
"org_workspace_role": "no_access" | "viewer" | "editor"
// allow "user_id_1" to save dashboard to their personal workspace
"enable_personal_workspace": true | false
}
}
Understanding workspaces
Think of workspaces as different rooms where users can work on dashboards:
| Personal Workspace | Organization Shared Workspace | |
|---|---|---|
| What it is | A private space where each user creates their own dashboards | A shared space where team members collaborate on dashboards |
| Who sees it | Only that specific user | All team members in that organization (with different permission levels) |
| Best for | When users need private analytics (like a personal expense tracker) | When teams need to work together on analytics (like a sales team dashboard) |
Setting up your embed configuration
Option 1: Individual users only (B2C)
When to use: Your app serves individual consumers who need private dashboards
Example: A fitness app where each user tracks their personal workout data
const embed_payload = {
"object_name": "embed_portal",
"object_type": "EmbedPortal",
// Tell us who this user is
"embed_user_id": "user_1_id",
// Give them permission to create personal dashboards
"permissions": {
"enable_personal_workspace": true
}
}
Note: You don't need to specify an organization ID for this setup.
Option 2: Business users with organizations (B2B)
When to use: Your app serves businesses with multiple users who may need to collaborate
Setup A: Personal workspaces only
Users get private workspaces but stay isolated within their organization.
const embed_payload = {
"object_name": "embed_portal",
"object_type": "EmbedPortal",
// Tell us who this user is
"embed_user_id": "user_1_id",
// Tell us which organization they belong to
"embed_org_id": "department_1",
// Set their permissions
"permissions": {
// No access to shared team workspace
"org_workspace_role": "no_access", // or "viewer" for read-only
// Allow personal dashboard creation
"enable_personal_workspace": true
}
}
Example use case: A company app where each employee tracks their individual performance metrics privately.
Setup B: Team collaboration
Users can work together on shared dashboards, plus optionally have personal space.
const embed_payload = {
"object_name": "embed_portal",
"object_type": "EmbedPortal",
// Tell us who this user is
"embed_user_id": "team_lead_1",
// Tell us which organization they belong to
"embed_org_id": "department_1",
// Set their permissions
"permissions": {
// Choose their role in the shared workspace
"org_workspace_role": "editor", // or "viewer" or "no_access"
// Optionally allow personal workspace too
"enable_personal_workspace": true // or false
}
}
Example use case: A project management app where team leads create departmental dashboards that team members can view and collaborate on, while also having personal project tracking spaces.
Understanding organization roles
no_access- Can't see the shared workspace at allviewer- Can view shared dashboards but can't create or edit themeditor- Can create, edit, and delete dashboards in the shared workspace
Real-world example:
- Editors: Team managers who create department dashboards
- Viewers: Team members who use those dashboards for their daily work
- No access: Users who only need personal analytics
How user isolation works
Your data stays secure through workspace isolation
Personal workspaces are completely separate based on the combination of user ID + organization ID. This means:
- Same person, different organizations = Different personal workspaces
- No data mixing between organizations
- Clean separation for security and privacy
Example scenario
Let's say John works for a company with multiple departments:
// John in the Marketing department
{
embed_user_id: "[email protected]",
embed_org_id: "marketing",
permissions: { enable_personal_workspace: true }
}
// Result: John gets a personal workspace with his marketing dashboards
// John moves to the Sales department
{
embed_user_id: "[email protected]",
embed_org_id: "sales",
permissions: { enable_personal_workspace: true }
}
// Result: John gets a NEW personal workspace for sales
// His old marketing dashboards are completely separate and not accessible
This isolation ensures that sensitive data from different departments never mix.