diff --git a/modules/ROOT/pages/selective-user-access.adoc b/modules/ROOT/pages/selective-user-access.adoc index 0b6bb1d0..8cecea96 100644 --- a/modules/ROOT/pages/selective-user-access.adoc +++ b/modules/ROOT/pages/selective-user-access.adoc @@ -13,14 +13,17 @@ If you have embedded ThoughtSpot content in your app, you may want to control ho [#block-access] == Control access to non-embedded content -If you have embedded ThoughtSpot using Visual Embed SDK v1.22.0 or later, the `blockNonEmbedFullAppAccess` property in the SDK is set to `true` by default. Due to this, your application users cannot access or navigate to the ThoughtSpot application experience outside the context of your app. +For ThoughtSpot releases 10.5.0.cl or earlier, if you have embedded ThoughtSpot using Visual Embed SDK v1.22.0 or later, the `blockNonEmbedFullAppAccess` property in the SDK is set to `true` by default. Due to this, your application users cannot access or navigate to the ThoughtSpot application experience outside the context of your app. If you are not using Visual Embed SDK to embed ThoughtSpot, you can turn on the *Block non-embed full app access* feature on the *Develop* > *Customizations* > *Security Settings* page. This will restrict your users from opening non-embedded ThoughtSpot pages from their embedded app context. Note that this feature does not restrict ThoughtSpot users with administrator or developer privileges from accessing ThoughtSpot pages. + [#selective-access] -== Selectively assign access [earlyAccess eaBackground]#Early Access# +== Selectively assign access + +[earlyAccess eaBackground]#Early Access# With the current implementation, if you have embedded ThoughtSpot content in your app, users can access only the ThoughtSpot pages embedded within the context of your host app. Trying to give some users the ability to access the ThoughtSpot cluster requires giving every such user the administrator or developer privilege, which is not recommended. @@ -58,7 +61,9 @@ Currently, there is no support for selective user access through the APIs. [NOTE] ==== -Users assigned this role via a group will be able to access the ThoughtSpot cluster even when `blockNonEmbedFullAppAccess = TRUE` in the SDK, just like the users with administrator or developer privilege. The selective user access granted through the *Security Settings* overrides the `blockNonEmbedFullAppAccess` SDK flag settings. +For ThoughtSpot releases 10.5.0.cl or earlier, users assigned this role via a group will be able to access the ThoughtSpot cluster even when `blockNonEmbedFullAppAccess = TRUE` in the SDK, just like the users with administrator or developer privilege. The selective user access granted through the *Security Settings* overrides the `blockNonEmbedFullAppAccess` SDK flag settings. + +However, starting with ThoughtSpot Cloud 10.6.0.cl release, the `blockNonEmbedFullAppAccess` in the SDK will not be available to new ThoughtSpot embedded users. ====