Observable Framework for Private Data (login required)

Hi, would it be possible to make a Framework page that is deployed to ObservableHQ that requires a user to login with their Google account in order to view their private data? We have something similar set up on Google Colab, where a user logs into their account and obtains a token that is required to access data on a Google bucket.

Or would it be possible to set up some kind of private notebook sharing with users within ObservableHQ teams? We would need to give permission to different sets of users to view their own private notebook

would it be possible to make a Framework page that is deployed to ObservableHQ that requires a user to login with their Google account in order to view their private data?

We have a great big Framework project we use for our own BI dashboards, and it works a lot like that. We deploy it to Observable (naturally) and keep it private, shared only with our team.

  • We’re on the Enterprise tier, which lets us make workspace members authenticate to our Google Workspace — i.e., if we boot someone out of our Google Workspace, they won’t be able to access our company notebooks and projects in Observable, either.
  • The Enterprise tier also lets you make groups of users. So we could share the project only with the people in our Plot team, or our Design team, or whatever.

Note that you can’t set different permissions for pages within a project. The project is the unit of granularity for access control; if some pages need to be limited to a different set of users, you should set it up as a different project.

a user logs into their account and obtains a token that is required to access data on a Google bucket.

Yeah, we’re interested in improving our options for more lightweight sharing. If you have “Invite by domain” set up in your workspace membership settings, anyone in your Google domain can log into Observable without needing a specific invitation.

Notebooks have a concept of being shared “unlisted” — the URL is private, so it acts like a secret token. We’re interested in doing something similar for projects, but with a more secure token in the URL, so e.g. you can revoke it. Would that help you?

Or would it be possible to set up some kind of private notebook sharing with users within ObservableHQ teams? We would need to give permission to different sets of users to view their own private notebook

That’s very doable with the aforementioned groups feature! The Enterprise-only groups feature makes it easier (because you can share with the whole group at once), but it’s perfectly doable in any workspace, if I understand correctly. You can choose exactly who in your workspace can see each notebook.

1 Like

Thanks @tophtucker for all the information. Yes, that does seem to meet our needs and we will contact about enterprise usage.

2 Likes

Great! Happy to help; let me know if there’s anything else.

1 Like