Secure Embedded Dashboards with Role-Based Access Control

TL;DR: Role-based access control (RBAC) is the foundation of secure dashboard access in Bold BI®. It determines who can view, edit, or manage dashboards and related resources such as categories, data sources, and schedules. By assigning permissions through groups, roles, and users, role‑based access keeps access predictable, reduces exposure risk, and scales cleanly for embedded analytics.

Introduction

Organizations increasingly rely on dashboards to monitor operations, track performance, and support faster decision-making. As dashboards become widely used across departments, applications, and customer portals, controlling who can access what information becomes a critical security requirement.

In many organizations, the same dashboard may be accessed by executives, analysts, developers, partners, or even external customers. Each group requires a different level of access. Without proper access controls, sensitive metrics or operational data can easily become visible to unintended users.

This is where role‑based access control (RBAC) becomes essential. Role‑based access control addresses this by assigning permissions through groups which act as roles instead of assigning permissions directly to individual users. In Bold BI, role‑based access control helps administrators manage access efficiently through users, groups, and admin roles, ensuring dashboards and related resources are available only to authorized users.

In this blog, we explore how role‑based access control works in Bold BI, why it matters for secure analytics, and how to configure it effectively. Before diving into the technical configuration, let’s look at who will benefit most from this guide.

What is role‑based access control?

Role‑based access control is a security model where permissions are assigned to groups which act as roles instead of individual users. This makes access management simpler and more consistent. Instead of configuring permissions for every user separately, administrators organize access through two components:

• Users
• Groups

When a user is added to a group or admin role, they automatically inherit all the permissions assigned to that role.

Now that we’ve covered the basics, let’s examine why role‑based access control is so important in embedded analytics environments.

Why role‑based access control matters for securing embedded dashboards

In analytics environments, role‑based access control helps organizations:

• Prevent unauthorized access: Role‑based access ensures dashboards are visible only to users who are allowed to access them, reducing the risk of accidental data exposure.
• Simplify permissions management: Permissions can be assigned to roles or groups instead of configuring each user individually.
• Support scalable analytics environments: As organizations grow, role‑based access allows administrators to manage hundreds or thousands of users without increasing operational overhead.
• Maintain consistent security policies: Role-based permissions ensure access rules remain consistent across dashboards and analytics resources.

Before configuring permissions, make sure that users and groups are already created in your Bold BI environment.

With that foundation in place, let’s walk through how role‑based access works with users and groups.

How to provide role‑based access control for users in Bold BI

Permissions let administrators assign access through groups which act as roles instead of assigning permissions directly to individual users who need unique or temporary permissions.

To configure user-level permissions:

1. Log in to the dashboard page using your preferred login method and select Users, which is available in the left‑side navigation panel.
2. In the pop-up window, select the user you want to configure to open their User Details
3. Select Manage Permissions to open the permissions panel.
4. Select the permission level you want to grant, based on the actions you want the user to be able to perform. In this case, I have selected the Read, Write, and Delete options under Access Mode. Next, select the User (System Administrator) in the Actions
5. A pop-up window will open as shown below. Select Add Permission.
6. Enable all available entities in the Entity Table and choose the Access Mode of your choice. Here, I’ve selected the Read, Write, Delete Select Add to grant permission.

7. A confirmation message will appear indicating that the permission has been added successfully.

To dive deeper into setting up role‑based access control for your users, explore our documentation.

How to implement role‑based access control for groups in Bold BI

Group-based permissions are the recommended way to manage role‑based access because permissions assigned to a group automatically apply to all users within that group. To implement group permissions:

1. Go to Users > Groups in the left-side navigation panel of the Bold BI dashboard page.
2. Select New Group, located at the top‑right corner. From the dropdown menu that appears, select Create Group to begin setting up a new group.

3. In the Add Group dialog, enter a name for the group and provide an optional description. Once the details are filled in, select Add Group to create the new group.

4. A confirmation message will appear at the top-right of the Groups page indicating that the group has been successfully created.

5. Next, open the newly created group and open the Group Details Here, select the Manage Permissions button from the Manage drop-down menu to open the permissions panel for the group.

6. Next, select Add Permission > Resource Permission to open a group dialog for assigning permissions as shown.

7. In the Entity section, choose the entities you want to configure. Select an Access Mode of your choice. When finished, select Add to apply the permission. /li>

8. A notification will be sent to indicate that the permission was added successfully.

To learn more about how to implement role‑based access for groups in Bold BI, explore our documentation.

Now that you’ve seen how role‑based access works at both user and group levels, let’s look at key practices that help you maintain a secure and scalable setup.

Role‑based access best practices in Bold BI

To maintain a secure and scalable deployment in Bold BI:

• Prefer group-based permissions over individual permissions.
• Use role‑based access primarily for dashboard access control, not data filtering.
• Follow the principle of least privilege, granting only the required permissions.
• Use stable identifiers such as TenantID or RegionID for consistent access management.
• Regularly review group memberships and permissions.
• Enable audit logs to track permission changes.
• For embedded deployments, generate embed tokens securely on the server side.

By clearly separating access control from data filtering mechanisms such as row-level security, organizations can securely scale analytics environments without duplicating dashboards.

To understand how role‑based access delivers value in real environments, here are some examples of how different industries use it to secure sensitive analytics.

Use cases of role‑based access

Role-based access control provides significant benefits across industries.

1. Healthcare

Challenge

Healthcare teams work with highly sensitive patient information, and exposing clinical dashboards to unauthorized staff creates privacy, compliance, and data‑security risks.

How role‑based access helps
Role‑based access restricts patient‑related dashboards to authorized clinical roles only, ensuring that only approved medical staff can view sensitive insights and helping maintain strict healthcare privacy compliance.

2. Retail

Challenge

Retail organizations operate across multiple stores and regions. Giving all teams unrestricted dashboard access leads to cross‑region visibility issues and inconsistent operational insights.

How role‑based access helps
Role‑based access assigns dashboard access based on region or store role, ensuring headquarters, regional managers, and store managers see only the dashboards relevant to their responsibilities.

3. Finance

Challenge

Financial institutions must tightly control access to dashboards containing confidential financial data, and unrestricted visibility can cause compliance violations and data‑security risks.

How role‑based access helps
Role‑based access limits access to sensitive financial dashboards by user role, such as advisors, analysts, or executives, ensuring each user sees only the insights appropriate for their responsibilities.

Conclusion

Role-based access control plays a critical role in securing analytics environments. By assigning permissions through users and groups, organizations can efficiently manage dashboard access while reducing security risks.

Bold BI provides flexible role‑based access capabilities that allow administrators to control access to dashboards, data sources, categories, and other resources. This approach simplifies permissions management, reduces dashboard duplication, and enables organizations to securely scale analytics across internal teams and embedded applications.

To explore these capabilities further, review the Bold BI® documentation on permissions, or start a free trial or request a personalized demo to experience secure and scalable dashboard access in action.

Frequently asked questions

1. Does Bold BI support roles directly?

   Bold BI uses groups to represent roles. Users inherit permissions from the groups they belong to.

2. How can I prevent users from modifying dashboard permissions?

   Use group-based role‑based access and ensure users are assigned only the required permissions based on the principle of least privilege.

3. Can role‑based access reduce dashboard duplication?

   Yes. Role‑based access allows a single dashboard to serve multiple audiences without creating duplicate dashboards for each team.

4. Can role‑based access be used without individual user accounts?

   Yes. Anonymous access or identity provider integrations can apply group permissions automatically.