Inviting Users with Pre-applied Data Permissions

When a user is invited to join a project, an invitation is sent to the user who, if interested, can immediately join the project. When the user opens the project, however, no Data Permissions have been applied by default, which means that the user can see all data in the project. As a result, the invitation mechanism is not useful for inviting new users to projects where Data Permissions have been applied.

Data Permissions were formerly called Mandatory User Filters.

  • A Data Permissions filter is a data access control that pre-filters data returned to any user, based on specified values for an attribute. For more information, see Data Permissions
  • Invitations may be extended through the GoodData Portal or through API calls. An invitation generates a standard welcome email from GoodData, which includes a direct link to accept the invitation.

This article describes a simple way of inviting users into a project with predefined Data Permissions. The basic approach is to do the following:

  1. Create (do not invite) a user into the domain, if the user doesn’t already exist.
  2. Apply the Data Permissions filter to the user in the domain.
  3. Invite the user to the project.


  1. Suppose you are inviting a new user ( to your project.
  2. The Data Permissions filter you wish to apply to this user is the following:
  3. First, you must apply a project role to the user. To list all roles in the project, use the following API:
  4. In the returned JSON, retrieve the URI for the role you wish to assign to the user. See User Roles.
  5. Roles should be in the following form:
  6. Now that you have retrieved the URIs for the Data Permissions filter and project role, you can build the JSON to create the invitation:

    	"invitations": [
    			"invitation": {
    				"content": {
    					"email": "",
    					"userFilters": [
    					"role": "/gdc/projects/{project-id}/roles/{role-id}",
    					"action": {
    						"setMessage": "Hi, welcome to my project!"
  7. Submit this request body as a POST using the following API call:

If the POST is successful, the invitation is created and delivered to the user via email. When he logs into the project, all data in the project is filtered according the Data Permissions filter.

  • To verify that the Data Permissions filter has been applied, submit a GET to the following API endpoint:

For more information, see Invitations API.

Powered by Atlassian Confluence and Scroll Viewport.