* [Members and groups](workspace-management/members-and-groups.md)

* [Permissions for resources](workspace-management/permissions-for-resources.md)

<figure><img src="../.gitbook/assets/image (3).png" alt=""><figcaption></figcaption></figure>

Store data in a temporary state.&#x20;

<figure><img src="../.gitbook/assets/image (37).png" alt=""><figcaption><p>Query editor</p></figcaption></figure>

<figure><img src="../.gitbook/assets/image (16).png" alt=""><figcaption><p>Query library</p></figcaption></figure>

You can connect to a data source that was already in your data source library or create a new one. For detailed information, see [data-source-basics.md](../data-sources/data-source-basics.md "mention").

In notification and advanced tabs, you can configure settings regarding notifications, timeout, periodic run, and more. Settings in **Notification** tab and **Advanced** vary based on trigger mode of your query.

| Tab | Settings | Inputs change or on page load | Manually invoked |

| ---------------- | ------------------------------------------- | :---------------------------: | :--------------: |

| **Notification** | Display a Success message after running | 🚫 | ✅ |

| | Display a Failure message after running | ✅ | ✅ |

| **Advanced** | Display a confirmation modal before running | <p>🚫<br></p> | ✅ |

| | Set timeout for query running | ✅ | ✅ |

| | Perform query periodically | ✅ | 🚫 |

<figure><img src=".gitbook/assets/image (3) (1).png" alt=""><figcaption></figcaption></figure>

1. Download the configuration file by clicking [docker-compose.yml](https://cdn-files.openblocks.dev/docker-compose.yml) or running the curl command: `curl https://cdn-files.openblocks.dev/docker-compose.yml -o $PWD/docker-compose.yml`\

2. Start the Docker container by running this command: `docker-compose up -d`\

``\

``The docker image, about 400 MB, is downloaded during the initial start-up.

After downloading, it usually takes less than 30 seconds to start the service.\

3. Check the logs by running this command: `docker logs -f openblocks`\

``\

``When you see `frontend`, `backend`, `redis`, and `mongo` `entered the RUNNING state`, the Openblocks service has officially started:\

1. Stop the firewall from blocking access from <mark style="background-color:yellow;">`docker0`</mark> by typing in the terminal:\ <mark style="background-color:blue;"></mark><mark style="background-color:yellow;">`iptables -A INPUT -p tcp -i docker0 --dport YOUR_DB_PORT -j ACCEPT`</mark>\

`Note: In this case`Here we use Postgres port <mark style="background-color:yellow;">`5432`</mark> for <mark style="background-color:yellow;">`YOUR_DB_PORT`</mark>, and you should replace it with your own.

<mark style="background-color:yellow;">`iptables-save > /etc/iptables.up.rules`</mark>

In Openblocks, you can organize the members of your workspace using different groups, and assign roles to groups to manage [permissions for resources](permissions-for-resources.md). You can find members and groups settings on the **Workspace settings** page by clicking the avatar in the top right corner.\

<img src="../.gitbook/assets/workspace-settings.png" alt="" data-size="original">

In the **Members** tab, click **Invite members** to invite new members to the workspace through the invitation link.

<figure><img src="../.gitbook/assets/invite-members-1.png" alt=""><figcaption></figcaption></figure>

You can also find the short cut to <img src="../.gitbook/assets/icon-members-2.png" alt="" data-size="line"> **Invite members** on the bottom left on Openblocks homepage.

<figure><img src="../.gitbook/assets/invite-members-2.png" alt=""><figcaption></figcaption></figure>

{% hint style="info" %}

Permission to invite new members is restricted to workspace **admins** and **developers group**.

{% endhint %}

Set an **Admin** or **Member** role for each workspace member. Role permissions are listed in the table below.

| Role | Workspace and group level permissions |

| ------ | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |

| Admin | <p>Workspace</p><ul><li>Modify workspace information (name, logo, etc.)</li><li>Delete workspace</li><li>Manage workspace members and set their roles</li><li>View workspace members</li></ul><p>Groups</p><ul><li>Create groups</li><li>Delete groups</li><li>Manage group members and set their roles</li></ul> |

| Member | None |

Note that the workspace creator is automatically granted with admin permissions. For more information about permissions of apps, modules, and data sources, see [permissions-for-resources.md](permissions-for-resources.md "mention").

Group-based management helps to organize members from different functional departments in your workspace. You can create groups in **Members** tab.

Openblocks creates a **Developers** group by default and it cannot be deleted, and workspace admins can add members into it. The members of it can create new apps, modules and data sources. Workspace admins can add members to the developers group.

<figure><img src="../.gitbook/assets/Developers-Group.png" alt=""><figcaption></figcaption></figure>

In the **Members** tab of **Workspace settings** interface, workspace admins can click **Create group +** to add a new group. The group creator naturally works as a group admin.

<figure><img src="../.gitbook/assets/create-group.png" alt=""><figcaption></figcaption></figure>

Group admins can add members into groups:

<figure><img src="../.gitbook/assets/add-members.png" alt=""><figcaption></figcaption></figure>

Set an **Admin** or **Member** role for each group member. The permissions are listed in the table below.

| Role | Permissions |

| ------ | ------------------------------------------------------------------------------------------------------------------------------------- |

| Admin | <ul><li>Change group name</li><li>Delete groups</li><li>Manage group members and set their roles</li><li>View group members</li></ul> |

| Member | View group members |

description: >-

Openblocks implements [Role-based Access Control](https://en.wikipedia.org/wiki/Role-based\_access\_control) (RBAC) by assigning a set of permissions to different roles. These permissions determine the actions users can take on resources, including apps, modules, queries, data sources and folders.&#x20;

Only workspace admins and members of Developers group are allowed to create resources. For workspace admins, they are in fact the owner of all resources.

App owners can add members to app and assign different roles to them. In a web app or module editor, click **Share** at the top right, then click **Add members**.

<figure><img src="../.gitbook/assets/share-add-members.png" alt=""><figcaption></figcaption></figure>

Choose members and groups in the list and set roles for them.

The available roles and their corresponding permissions are listed in the table below.

| Role | Permissions |

| ------------------------ | ---------------------------------------------------------------------------------------------------------------------------- |

| <ul><li>Viewer</li></ul> | <ul><li>View the app, or use the module</li></ul> |

| <ul><li>Editor</li></ul> | <ul><li>View the app, or use the module</li><li>Rename</li><li>Edit</li><li>Release</li><li>Export</li></ul> |

| <ul><li>Owner</li></ul> | <ul><li>All permissions of <strong></strong> Editor</li><li>Delete the app or module</li><li>Set roles for members</li></ul> |

If you want to make an app public and accessible to all users (including anonymous users), you can toggle the **Make the app public** switch in **Share** settings.

In Openblocks, members with permissions to use, edit and delete data sources **** are listed as follows:

* **Edit** or **Delete**

* Data source creators and workspace admins.

* **Use**

* Workspace admins and developers.

* Members with permissions to edit an app are automatically granted access to use data sources already used in the app.