Is there a way to create additional top level spaces? I’ve looked through the admin settings and other menus and have seen ways to create and organize sub spaces. I’d like to be able to add additional top level spaces in addition to ‘Shared’, ‘Users’, and each user’s individual space.
Currently this is not possible, the top level spaces by default are “Shared”, “Users” (and “LookML Dashboards” technically). But we are always curious to hear your use case and how you would implement this if it existed.
What is the ‘best practice’ for sharing a single looker instance with multiple clients? We setting it up as a multi-tenant platform since we are a software services company and develop data visualizations for multiple clients and multiple projects per client.
My thought was to create a top level space per client and organize all of their dashboards and looks in there. But obviously this is not possible. So, the next best thing would be to unshare ‘Shared’ with everyone, create a subspace under ‘Shared’ per client, and share each subspace explicitly via groups, with 1 or more groups per client as needed for proper access control.
We are also running a multi-tenant environment and have created a subspace under ‘Shared’ per client. For each client subspace, we enter ‘Manage Access’ and switch to a custom access list that contains a group specific to that customer.
The trouble we have run into with this is that you have to give each customer group ‘View’ access to the top level ‘Shared’ space. Otherwise, the subspace’s custom access list will not allow you to add the customer’s group. For a multi-tenant environment this is bad news, because the minute you create a subspace under the top-level ‘Shared’ space, all tenants can see it until you create the custom access for the subspace.
To solve this problem, we have created a subspace that is only visible to Admins. We create client subspaces in the Admin subspace and grant the proper custom access there. Then we move the customer subspace from the Admin subspace to the top-level ‘Shared’ space.
Another thing you probably want to consider is enabling ‘Closed System’ under Admin -> General -> Settings. This destroys the “All Users” group so that users from one tenant will not be able to see users from other tenants.
It would easier and safer for multi-tenant implementations if you could add groups to the custom access list of a subspace without having to grant the group access to the top-level ‘Shared’ space. Feature request: Maybe this behavior could be implemented when ‘Closed System’ is enabled.
Closed System may solve your problem