Skip to main content

Workspace security

Workspace Admins can configure their workspace settings to restrict who can access and share what assets.

info
  • Available on Team and Enterprise plans.
  • Only workspace Admins can configure these settings.

Project sharing settings

Share projects to web

When on, users with Full Access and Can Edit project permissions will have the option to turn on Share to web at the project level. When enabled in the project, anyone with the link to the project would be able to navigate to and interact with the project.

Export apps as PDFs

When on, users can include a screenshot of published apps (including data and visualizations) in app notifications notifications. Any user with "App User" access or higher can be designated as a recipient of the email. This setting also enables any authenticated user with "App User" access to export PDFs from published apps.

When on, workspace users can embed Hex project info including individual cells or full apps in Notion. Embedded project details can be viewed by anyone with access to the Notion page. For more information, see Hex's embedding documentation.

When on, workspace users can generate a link to the Published app which includes the current inputs in the URL as query parameters. Inputs are represented as plaintext in the generated URL, so use caution if inputs include sensitive information. For more information, see Hex's publishing documentation.

Download and copy CSVs from tables

info

Teams on the Enterprise plan can disable this setting.

By default, Hex provides a convenient way for all users to download and copy tabular data that they have access to, including in table display cells, and when viewing data behind a chart.

By disabling this feature, users who are viewing a project will no longer be able to copy or download data. This includes viewing a published app, or a project's logic.

Note that users who are editing a project will continue to have access to this button.

Why can't I disable this functionality for users that are editing projects?

Due to the flexibility that Python cells provide, users that are editing projects are able to export data via code. Therefore, disabling the ability to download or copy data for when editing a project would not be a true safeguard against moving data outside of Hex. As such, we kept this functionality in place when editing a project.

Allow file uploads

info

Teams on the Enterprise plan can disable this setting.

By default, users can upload files to Hex, allowing users to flexibly analyze data from a variety of sources. This includes:

Admins can disable file uploads in their workspace which will disable all of the above methods of uploading files.

Note that disabling this feature will only prevent new files from being uploaded — any projects that already have files uploaded will continue to work as they did before this setting was disabled.

Show workspace secret values in project UI

info

Teams on the Enterprise plan can disable this setting.

By default, users with Can Edit access to a project can reveal the value of a secret by clicking the eye icon next to the secret.

Disabling this setting prevents users from revealing the value of a secret in the UI.

Note that this is not a failsafe method to prevent a user from accessing this value — Editors can still use methods in Python cells to gain access to the secret's value.

Allow project-level data connections

info

Teams on the Enterprise plan can disable this setting.

By default, users with the Editor role can create project data connections that are scoped to the project they are created in.

Admins may choose to disable this feature so that data connections can only be created in workspace settings by Admins.

If disabled, any existing project data connections will continue to work. Reach out to support to get a list of projects that are currently using a project data connection.

SSO configuration

Configure Hex to allow authentication via your SSO provider. Hex currently only supports Open ID Connect (OIDC) SSO.

See Hex's documentation on configuring SSO for set-up instructions.

API settings

Enable API access

When on, users will be able to configure and use tokens to access the Hex public API. Admins can specify the maximum expiration for personal access tokens created by users. For more information, see Hex's public API documentation.

warning

Setting the maximum expiration to a lower value will revoke any existing tokens that have existed longer than the new maximum expiration.

Workspace SSH key

This key is used when configuring Data Connections to connect via SSH.