The Users page lists all of the user accounts on your Looker instance. Users consist of two types:
- Regular (human) users who login via their email address and a password
- API users, which you use to access your Looker instance programmatically
Viewing and Searching Users
The table of users that appears on the page shows basic information about your users:
|ID||A user ID assigned by Looker at the time of user creation|
|Name||The actual name of the user that they enter when they initially sign up|
|Credentials||The user name of the user, which is an email address for normal users, and an API key for API users|
|Groups||A list of groups that the user belongs to|
|Roles||A list of roles assigned to the user|
|Actions||Actions you can take for a user|
You can sort the table by either the ID or Name column by clicking on those column’s headers.
You can also search the Name or Credentials column by entering a search term into the search box in the upper right, then pressing [Enter].
To add a user, simply click the Add Users or Add API User button in the upper left of the page.
If you choose to add regular users, you’ll be brought to a dialog where you can type or paste in a comma-separated list of email addresses, and select the roles that will be assigned to those users. Remember to click the Add Users button when you’re done to create the users and send sign-up emails (if you’ve chosen the Send setup emails checkbox).
If you choose to add an API user, the user is created immediately when you click the Add API User button, even if you don’t click the Save button in the following dialog. You’ll be brought to the edit screen for that user where you can see the API values you’ll need, and adjust other user settings as described below. When you’re done configuring the user, remember to click Save.
To edit a user, click the Edit button on the right hand side of their row. There you’ll be able to adjust many settings:
Choose to enable or disable a user. You may want to consider disabling users in favor of totally deleting them.
The first name of the user, if applicable. You aren’t required to add a value here, but it is useful for organizational purposes.
The last name of the user, if applicable. You aren’t required to add a value here, but it is useful for organizational purposes.
The email address of the user. For regular users, this will serve as their username when they login. It is not required for API users.
If you’ve configured user specific timezones on your Looker instance, you can select the timezone that will be used when this user runs a query in Looker.
If you need to reset a password, you can send a reset link to the email address specified above by clicking the Send reset link button. The reset URL that is sent to the user will be displayed.
API 3 Keys
To generate API keys and turn this user into an API user, click the API 3 Keys button.
Enables you to select the roles this user should have, if you want to assign roles individually. See the Roles page for more information on configuring roles, or the Permissions Management page for a broader discussion of Looker permissions.
We generally suggest assigning roles to groups instead of assigning roles directly to individual users.
Roles from Groups
Access Filter Fields
Access filter fields allow you to limit the data that a user will have access to. It requires several setup steps, including changes to your LookML. You can read about how to create these limits on the
To delete a user, click the Delete button on the right hand side of their row. You’ll receive a confirmation dialog before you delete the user. When you delete a user, all of their saved Looks, dashboards, and some detail from Looker’s usage history is deleted.
Deleting a user is irreversible. Consider your organization’s compliance and security needs before doing so. A great alternative is to edit the user account and disable it instead. This prevents a user from being able to login, but their information and content remain intact.
Impersonating (sudo-ing) Users
“Sudo” is a unix term that means to emulate the permissions of another user. When you sudo as a user (by clicking the Sudo button on the right hand side of their row), you can see what their experience of Looker is like. This is a good way to validate that you’ve properly configured permissions and other features. Sudo-ing is also a useful way to see a user’s LookML devleopment before they’ve committed and pushed their changes.
When you sudo you’ll see a bar at the top of the screen that warns you that you’re in a sudo-ed state, and that enables you to exit the sudo-ed state. Keep in mind that any changes you make while in this state will impact the user that you’re emulating.