Skip to content

feat: add docs for data visibility security setting #750

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
VisargD wants to merge 1 commit into
base: main
Choose a base branch
from
+78 −0
Open

feat: add docs for data visibility security setting #750

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions docs.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -202,6 +202,7 @@
"product/administration/enforce-workspace-budget-limts-and-rate-limits",
"product/administration/configure-logs-access-permissions-in-workspace",
"product/administration/configure-analytics-access-permissions",
"product/administration/configure-data-visibility-settings",
"product/administration/configure-virtual-key-access-permissions",
"product/administration/configure-api-key-access-permissions",
"product/administration/configure-prompt-access-permissions",
Expand Down
77 changes: 77 additions & 0 deletions product/administration/configure-data-visibility-settings.mdx
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,77 @@
---
title: "Configure Data Visibility Settings for Workspaces"
---

<Check>
This is a Portkey <a href="/product/enterprise-offering">Enterprise</a> plan feature.
</Check>

<Note>
**Prerequisites & Availability**
- **Enterprise (Hybrid Gateway)**: Gateway **v2.2.4** or later is required. Only logs generated from this version onward will be considered for user-level filtering.
- **Airgapped Deployments**: Requires Gateway **v2.2.4**, backend **v1.11.0**, and frontend **v1.6.5** or later. Only logs generated after upgrading to these versions will be considered for user-level filtering.
- **SaaS Users**: This setting will be applied to logs starting from **19th February 2026**.
</Note>

## Overview

Data Visibility settings in Portkey enable Organization administrators to control whether workspace managers and members can view all observability data (logs, analytics, and traces) within a workspace, or only the data generated by their own API keys. This is useful for teams where individual users should only have visibility into their own requests.

Check warning on line 18 in product/administration/configure-data-visibility-settings.mdx

View check run for this annotation

Mintlify / Mintlify Validation (portkey-docs) - vale-spellcheck

product/administration/configure-data-visibility-settings.mdx#L18 

Did you really mean 'Portkey'?

## Accessing Data Visibility Settings

1. Navigate to **Admin Settings** in the Portkey dashboard

Check warning on line 22 in product/administration/configure-data-visibility-settings.mdx

View check run for this annotation

Mintlify / Mintlify Validation (portkey-docs) - vale-spellcheck

product/administration/configure-data-visibility-settings.mdx#L22 

Did you really mean 'Portkey'?
2. Select the **Security** tab from the left sidebar
3. Locate the **Data Visibility** section

## Permission Settings

The Data Visibility section provides two permission options:

| Permission | Description |
|------------|-------------|
| **Managers View All Data** | Allow workspace managers to view logs, analytics, and traces generated by all users in the workspace |
| **Members View All Data** | Allow workspace members to view logs, analytics, and traces generated by all users in the workspace |

Both permissions are **enabled by default**, meaning all workspace users can see all data.

When a permission is **disabled**, users with that role will only see data generated by their own API keys across logs, analytics, and traces pages.

<Note>
Organization **Owners** and **Admins** always have full access to all data regardless of these settings.
</Note>

## How It Works

When data visibility is restricted for a role:
- **Logs**: The user only sees log entries for requests made with their own API keys
- **Analytics**: Charts and metrics are scoped to the user's own usage
- **Traces**: Only traces initiated by the user's API keys are visible

This restriction applies to both browser sessions and workspace-user API keys. Organization-level and workspace-level service API keys are not affected.

## Workspace-Level Overrides

Data Visibility settings support **workspace-level overrides**, allowing you to configure different data visibility rules per workspace.

When workspace-level overrides are enabled for Data Visibility:
- Each workspace can have its own `membersViewAllData` and `managersViewAllData` settings
- Workspace settings take precedence over organization-level settings
- Workspaces without explicit overrides fall back to the organization-level settings

To configure workspace-level overrides:
1. Enable the **Allow workspace-level configuration** toggle for Data Visibility in the Security settings
2. Navigate to the specific workspace settings to configure per-workspace data visibility

## Related Features

<Card title="Logs Access Permissions" href="/product/administration/configure-logs-access-permissions-in-workspace">
Configure who can view logs and log metadata within workspaces
</Card>

<Card title="Analytics Access Permissions" href="/product/administration/configure-analytics-access-permissions">
Configure who can view analytics within workspaces
</Card>

<Card title="Access Control Management" href="/product/enterprise-offering/access-control-management">
Learn about Portkey's access control features including user roles and organization hierarchy
</Card>