Permissions in views

Overview

Views interact with the permission system in two ways:
  1. Permissions are used to determine whether a view can be accessed at all. Use permissions to indicate that a view is only accessible to specific users or groups.
  2. Permissions are used to determine whether the tasks in a view can be executed. A user may be able to access a view, but not be able to execute some tasks in that view.

View permissions

Views can be configured with permissions, which are used to determine whether a view can be accessed. By default, views are accessible to all users, but you can restrict access to specific users or groups.
View permissions can either be set in the UI using the Share button on the view page, or in code. See Permissions in the UI and Permissions in code for more information.

Task permissions

A user may be able to see a view, but not be able to execute some tasks in that view due to permissions. Airplane Views execute tasks (e.g. manually executed or in a task-backed component) according to the permissions of the current user. This means that views often don't need any additional permissions, provided that:
  • All sensitive data access is done through tasks, and
  • The backing tasks have properly configured permissions.
Tasks are treated differently depending on whether they are queries or mutations. Queries simply return data without producing side effects, and are the tasks passed as input to components like Table and Select. By contrast, mutations are designed to produce side effects, such as in Buttons backed by tasks or runbooks. The distinction matters for requesting execution—In the context of a view, only mutations can be requested.

Permission-aware rendering

The backend always ensures that the caller has the right permissions when a task is executed, but views also proactively check permissions and render according to the user's permissions/roles.

Can execute

Views are rendered as normal.

Can request but not execute

View components that are backed by task queries don't render any data, and instead display an error message saying that permissions are missing. Buttons are rendered as normal, but clicking on a button opens up a dialog that enables users to request that task or runbook.

Can neither request nor execute

View components that are backed by task queries don't render any data, and instead display an error message saying that permissions are missing. Buttons are disabled.