From f69ae3d116cdf450598793775983bc20b33d8020 Mon Sep 17 00:00:00 2001 From: ShashiSubramanya Date: Wed, 7 Jan 2026 06:56:16 +0530 Subject: [PATCH 01/17] spotter-api and other edits --- modules/ROOT/pages/api-changelog.adoc | 5 +++-- modules/ROOT/pages/spotter-apis.adoc | 6 +++--- 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/modules/ROOT/pages/api-changelog.adoc b/modules/ROOT/pages/api-changelog.adoc index 510e867e7..c933ec744 100644 --- a/modules/ROOT/pages/api-changelog.adoc +++ b/modules/ROOT/pages/api-changelog.adoc @@ -13,7 +13,7 @@ This changelog lists only the changes introduced in the Visual Embed SDK. For in [width="100%" cols="1,4"] |==== -|[tag redBackground]#DEPRECATED# |**`defaultHeight` replaced with `minimumHeight` ** + +|[tag redBackground]#DEPRECATED# | ** Use `minimumHeight` instead of `defaultHeight` ** + The `defaultHeight` parameter is deprecated in Visual Embed SDK v1.44.2 and later. To set the minimum height of the embed container for ThoughtSpot components such as a Liveboard, use the `minimumHeight` attribute instead. @@ -54,7 +54,8 @@ The `HostEvent.UpdateParameters` event now supports configuring the `isVisibleTo [width="100%" cols="1,4"] |==== -|[tag greenBackground]#NEW FEATURE# a|*Runtime overrides in Spotter embed* +|[tag greenBackground]#NEW FEATURE# a|*Runtime overrides in Spotter embed* + The Visual Embed SDK now supports runtime overrides in Spotter embed. * To apply runtime filters, use the `runtimeFilters` object diff --git a/modules/ROOT/pages/spotter-apis.adoc b/modules/ROOT/pages/spotter-apis.adoc index 5485baa23..84cb5009c 100644 --- a/modules/ROOT/pages/spotter-apis.adoc +++ b/modules/ROOT/pages/spotter-apis.adoc @@ -62,7 +62,7 @@ xref:spotter-apis.adoc#_send_a_question_and_generate_streaming_responses[Streams __Available on ThoughtSpot Cloud instances from 10.13.0.cl onwards__. * `POST /api/rest/2.0/ai/agent/{conversation_identifier}/converse` + -xref:spotter-apis.adoc#_create_a_conversation_session_with_spotter_agent[Sends a message] to an ongoing conversation session with Spotter agent. + +xref:spotter-apis.adoc#_send_queries_to_a_conversation_session_with_spotter_agent[Sends a message] to an ongoing conversation session with Spotter agent. + __Available on ThoughtSpot Cloud instances from 10.15.0.cl onwards__. |Data literacy and guided analysis a| @@ -920,7 +920,7 @@ To use this API, the user must have access to the relevant conversational sessio |===== |Parameter|Type| Description |`conversation_identifier`|Path parameter|__String__. Required. Specify the conversation ID received from the xref:spotter-apis.adoc#_create_a_conversation_session_with_spotter_agent[POST /api/rest/2.0/ai/agent/conversation/create] API call. -|`message`|Form parameter|_String_. Required. Specify a natural language query string. For example, `total sales of jackets last month`. +|`messages`|Form parameter|_Array of strings_. Required. Specify at least one query in natural language. For example, `total sales of jackets last month`. |===== @@ -958,7 +958,7 @@ If the request is successful, the API returns an array of objects in the respons * `type` + Type of the message, such as text, answer, or error. -* `message` + +* `text` + Response message generated for the query. * `metadata` + Additional information based on the message type. From 95031a20e2188e12a580d7587d8b21968805f749 Mon Sep 17 00:00:00 2001 From: ShashiSubramanya Date: Wed, 7 Jan 2026 12:13:06 +0530 Subject: [PATCH 02/17] link fixes --- modules/ROOT/pages/api-changelog.adoc | 2 +- modules/ROOT/pages/deploy-with-tml-apis.adoc | 2 +- modules/ROOT/pages/embed-ai-analytics.adoc | 2 +- modules/ROOT/pages/mcp-integration.adoc | 4 +- modules/ROOT/pages/modify-tml.adoc | 2 +- .../pages/multi-tenancy-best-practices.adoc | 2 +- modules/ROOT/pages/rest-api-java-sdk.adoc | 2 +- .../pages/rest-api-v2-reference-beta.adoc | 1037 ----------------- modules/ROOT/pages/webhooks-lb-schedule.adoc | 8 +- modules/ROOT/pages/whats-new.adoc | 5 +- .../tse-fundamentals-lesson-05.adoc | 2 +- 11 files changed, 16 insertions(+), 1052 deletions(-) delete mode 100644 modules/ROOT/pages/rest-api-v2-reference-beta.adoc diff --git a/modules/ROOT/pages/api-changelog.adoc b/modules/ROOT/pages/api-changelog.adoc index c933ec744..4022f96ea 100644 --- a/modules/ROOT/pages/api-changelog.adoc +++ b/modules/ROOT/pages/api-changelog.adoc @@ -1064,7 +1064,7 @@ The earlier versions of the SDK supported only `GET` API requests. For more info |==== |[tag greenBackground]#NEW FEATURE#| This version of Visual Embed SDK includes the `enableSearchAssist` attribute, using which you can turn on the Search Assist feature on an embedded instance. + -For more information, see xref:search-assist-tse.adoc[Enable Search Assist, window=_blank]. +//For more information, see xref:search-assist-tse.adoc[Enable Search Assist, window=_blank]. |[tag greenBackground]#NEW FEATURE#| The new version of SDK introduces the `AuthType.SAML` enum for SAML-based SSO authentication. Note that `AuthType.SAML` replaces the `AuthType.SSO` enum, which is deprecated in the v1.13.0 version of the SDK. + For more information, see xref:embed-authentication.adoc#saml-sso-embed[Authentication]. |[tag redBackground]#DEPRECATED#| The `AuthType.SSO` enum is deprecated in v1.13.0. ThoughtSpot recommends using `AuthType.SAML` for the SAML SSO authentication method. + diff --git a/modules/ROOT/pages/deploy-with-tml-apis.adoc b/modules/ROOT/pages/deploy-with-tml-apis.adoc index eee2a74a3..ffad32d04 100644 --- a/modules/ROOT/pages/deploy-with-tml-apis.adoc +++ b/modules/ROOT/pages/deploy-with-tml-apis.adoc @@ -81,7 +81,7 @@ The process for exporting TML files into source control is: . Use `/metadata/tml/export` endpoint in REST API v1 or v2.0 with `export_fqns=true` argument and `formmattype=YAML` to retrieve the TML of the object . Save the TML response strings to disk in a Git-enabled directory using a consistent name format -You can use the link:https://thoughtspot.github.io/cs_tools/scriptability/[CS Tools, window=_blank] package for a pre-built tool for programmatic exporting or build your own equivalent using the link:https://github.com/thoughtspot/thoughtspot_rest_api_v1_python[thoughtspot_rest_api_v1 Python library, window=_blank]. +You can use the link:https://thoughtspot.github.io/cs_tools/[CS Tools, window=_blank] package for a pre-built tool for programmatic exporting or build your own equivalent using the link:https://github.com/thoughtspot/thoughtspot_rest_api_v1_python[thoughtspot_rest_api_v1 Python library, window=_blank]. === Best practices with TML export API The `formattype` argument can be set to `YAML` or `JSON`. diff --git a/modules/ROOT/pages/embed-ai-analytics.adoc b/modules/ROOT/pages/embed-ai-analytics.adoc index 91109f804..1641ce495 100644 --- a/modules/ROOT/pages/embed-ai-analytics.adoc +++ b/modules/ROOT/pages/embed-ai-analytics.adoc @@ -61,7 +61,7 @@ a| * Supported data object is Model Visual Embed SDK provides several configuration settings and controls for customizing Spotter embed view: * Configuration properties that enable or disable features. -For more information, see xref:_spotterembedviewconfig.adoc[SpotterEmbedViewConfig] and xref:SpotterAgentEmbedViewConfig.adoc[SpotterAgentEmbedConfig] +For more information, see xref:SpotterEmbedViewConfig.adoc[SpotterEmbedViewConfig] and xref:SpotterAgentEmbedViewConfig.adoc[SpotterAgentEmbedConfig] * The action customization framework to show or hide actions in the embedded view + For more information, see xref:Action.adoc[Action] and xref:embed-action-ref.adoc[Action IDs in the SDK] * Event handlers for host and embed app interaction + diff --git a/modules/ROOT/pages/mcp-integration.adoc b/modules/ROOT/pages/mcp-integration.adoc index 8b05690c6..6b877e5ae 100644 --- a/modules/ROOT/pages/mcp-integration.adoc +++ b/modules/ROOT/pages/mcp-integration.adoc @@ -145,7 +145,7 @@ To enable tool calling: You can generate an authentication token for a specific user from ThoughtSpot via a `POST` call to the `/api/rest/2.0/auth/token/full` REST API endpoint. + Logged-in users can view the authentication token for their current session by using the `/api/rest/2.0/auth/session/token` REST API endpoint or by opening the following URL in a new tab on the web browser: + -`https://{your-ts-instance}/api/rest/2.0/auth/session/token` +`\https://{your-ts-instance}/api/rest/2.0/auth/session/token` For information about calling MCP tools using LLM APIs and methods, see these sections: @@ -236,7 +236,7 @@ For more information, see the link:https://docs.claude.com/en/docs/agents-and-to ==== OpenAI API for MCP tool calling To enable tool calling and retrieve data from ThoughtSpot via OpenAI, you can use the Responses API endpoint. -To connect to the ThoughtSpot remote MCP server, call the `https://api.openai.com/v1/responses` API endpoint and specify the following properties in the API request: +To connect to the ThoughtSpot remote MCP server, call the `\https://api.openai.com/v1/responses` API endpoint and specify the following properties in the API request: * `tools` + In the `tools` array, include these parameters: diff --git a/modules/ROOT/pages/modify-tml.adoc b/modules/ROOT/pages/modify-tml.adoc index 9234c85d3..659a33093 100644 --- a/modules/ROOT/pages/modify-tml.adoc +++ b/modules/ROOT/pages/modify-tml.adoc @@ -350,7 +350,7 @@ For more information, see link:https://docs.thoughtspot.com/cloud/latest/tml-mod [IMPORTANT] ==== -Worksheets are deprecated and replaced with Models in ThoughtSpot Cloud 10.12.0.cl and later versions. You'll no longer be able to import a Worksheet TML object into ThoughtSpot without link:https://docs.thoughtspot.com/latest/worksheet-migration[converting it into a Model, window=_blank]. For information about the TML properties of a Model object, see link:https://docs.thoughtspot.com/cloud/latest/tml-models[TML for Models]. +Worksheets are deprecated and replaced with Models in ThoughtSpot Cloud 10.12.0.cl and later versions. You'll no longer be able to import a Worksheet TML object into ThoughtSpot without link:https://docs.thoughtspot.com/cloud/latest/worksheet-migration[converting it into a Model, window=_blank]. For information about the TML properties of a Model object, see link:https://docs.thoughtspot.com/cloud/latest/tml-models[TML for Models]. ==== Worksheets combine several *tables*, including *Views*, into a coherent data model optimized for searches. The TML syntax for Worksheets defines all aspects, including the tables it joins together, the columns and their properties, filters, and so on. diff --git a/modules/ROOT/pages/multi-tenancy-best-practices.adoc b/modules/ROOT/pages/multi-tenancy-best-practices.adoc index 604fc6d0d..b8315c099 100644 --- a/modules/ROOT/pages/multi-tenancy-best-practices.adoc +++ b/modules/ROOT/pages/multi-tenancy-best-practices.adoc @@ -69,7 +69,7 @@ Sharing is controlled through the UI (including when embedded) or via the xref:s Please see the full documentation on xref:access-control-sharing.adoc[sharing for access control] to learn how the various options work to isolate content for end customers that share a single "prod" environment. ==== What content should be shared? -While you can share individual tables from connections to users, the best practice is to create link:https://docs.thoughtspot.com/cloud/latest/worksheet-create[worksheets, window=_blank] and only share the relevant Models to end users. Any Liveboards and saved answers shared to users should only connect to Models. +While you can share individual tables from connections to users, the best practice is to create link:https://docs.thoughtspot.com/cloud/latest/models[Models, window=_blank] and only share the relevant Models to end users. Any Liveboards and saved Answers shared to users should only connect to Models. Remember to share the Model as *READ_ONLY* along with the Liveboards and answers so the users can access self-service features such as changing filter values. diff --git a/modules/ROOT/pages/rest-api-java-sdk.adoc b/modules/ROOT/pages/rest-api-java-sdk.adoc index fc8e94be3..db8adb37c 100644 --- a/modules/ROOT/pages/rest-api-java-sdk.adoc +++ b/modules/ROOT/pages/rest-api-java-sdk.adoc @@ -297,7 +297,7 @@ a|ThoughtSpot Cloud: 10.9.0.cl | v2.14.0 or later |===== |Method|HTTP request -|link:ThoughtSpotRestApi.md#activateUser[activateUser, window=_blank] |*POST* +|link:https://github.com/thoughtspot/rest-api-sdk/blob/release/sdks/java/docs/ThoughtSpotRestApi.md#activateUser[activateUser, window=_blank] |*POST* /api/rest/2.0/users/activate |link:https://github.com/thoughtspot/rest-api-sdk/blob/release/sdks/java/docs/ThoughtSpotRestApi.md#assignChangeAuthor[assignChangeAuthor^] diff --git a/modules/ROOT/pages/rest-api-v2-reference-beta.adoc b/modules/ROOT/pages/rest-api-v2-reference-beta.adoc deleted file mode 100644 index 0b551fd5d..000000000 --- a/modules/ROOT/pages/rest-api-v2-reference-beta.adoc +++ /dev/null @@ -1,1037 +0,0 @@ -= REST API v2 ^Beta^ endpoints (Deprecated) -:toc: true - -:page-title: REST API Reference Guide -:page-pageid: rest-apiv2-beta-reference -:page-description: REST API Reference - -[div announcementBlock] --- -Starting from the ThoughtSpot Cloud 9.0.0.cl release, REST API v2 endpoints[beta betaBackground]^Beta^ are deprecated and removed from the ThoughtSpot API Playground. The API Playground will display the REST API V2 endpoints that are qualified for General Availability (GA). - -For detailed information about the endpoints listed in this article, see link:https://visual-embed-sdk-git-redoc-api-docs-thoughtspot-site.vercel.app/docs/apiv2Beta/index.html[REST API V2 (Beta) documentation, window=_blank]. --- - -The REST API v2 endpoints[beta betaBackground]^Beta^ includes the following resource collections and endpoints. - -== Session - --- -`**GET** /tspublic/rest/v2/session` - -Gets details of the current session for the logged-in user. - -//// -++++ -View in Playground -++++ -//// -+++

+++ - -`*POST* /tspublic/rest/v2/session/login` - -Signs in a user to ThoughtSpot. - -+++

+++ - -//// -++++ -View in Playground -++++ -//// - - -`**POST** /tspublic/rest/v2/session/gettoken` - -Gets an OAuth access token for a ThoughtSpot client. You must send this token in the `Authorization` header to authorize your API requests. -//// -++++ -View in Playground -++++ -//// -+++

+++ - -`**POST** /tspublic/rest/v2/session/revoketoken` - -Revokes an existing access token assigned to a ThoughtSpot client. To make API calls, you must obtain a new access token. -//// -++++ -View in Playground -++++ -//// -+++

+++ - -`**POST** /tspublic/rest/v2/session/logout` - -Logs out a ThoughtSpot user. -//// -++++ -View in Playground -++++ -//// --- - -== Users --- - -`*POST* /tspublic/rest/v2/user/create` - -Creates a user object. -//// -++++ -View in Playground -++++ -//// -+++

+++ - -`GET /tspublic/rest/v2/user` - -Gets details of a specific user. You must provide the username or the GUID of the user. -//// -++++ -View in Playground -++++ -//// -+++

+++ - -`*PUT* /tspublic/rest/v2/user/update` - -Modifies the properties of a user object. You must specify a username or the GUID of the user. Requires administrator privileges. -//// -++++ -View in Playground -++++ -//// -+++

+++ - -`DELETE /tspublic/rest/v2/user/delete` - -Deletes a user object. -//// -++++ -View in Playground -++++ -//// -+++

+++ - -`**PUT** /tspublic/rest/v2/user/addgroup` - -Assigns a user to groups. If the assigned groups have privileges configured, the user inherits these privileges. -//// -++++ -View in Playground -++++ -//// -+++

+++ - -`*PUT* /tspublic/rest/v2/user/removegroup` - -Removes the groups assigned to a user. -//// -++++ -View in Playground -++++ -//// -+++

+++ - -`**PUT** /tspublic/rest/v2/user/changepassword` - -Allows changing a ThoughtSpot user's password. -//// -++++ -View in Playground -++++ -//// -+++

+++ - -`**POST** /tspublic/rest/v2/user/search` - -Gets a list of users available in the ThoughtSpot system. To filter your query, you can specify the user type, group, privileges, sharing visibility, and other such attributes. -//// -++++ -View in Playground -++++ -//// --- - -== Groups - --- -`*GET* /tspublic/rest/v2/group` - -Gets details of a specific group. -//// -++++ -View in Playground -++++ -//// -+++

+++ - -`*POST* /tspublic/rest/v2/group/create` - -Creates a group object. Requires administrator privileges. -//// -++++ -View in Playground -++++ -//// -+++

+++ - -`**PUT** /tspublic/rest/v2/group/update` - -Modifies the properties of a group object. Requires administrator privileges. -//// -++++ -View in Playground -++++ -//// -+++

+++ - -`**PUT **/tspublic/rest/v2/group/addprivilege` - -Assigns privileges to a group. Requires administrator privileges. - -//// -++++ -View in Playground -++++ -//// -+++

+++ - -`**PUT **/tspublic/rest/v2/group/removeprivilege` - -Removes privileges assigned to a group. Requires administrator privileges. - -//// -++++ -View in Playground -++++ -//// -+++

+++ - -`**DELETE** /tspublic/rest/v2/group/delete` - -Deletes a group object. Requires administrator privileges. - -//// -++++ -View in Playground -++++ -//// - -+++

+++ - -`*PUT* /tspublic/rest/v2/group/adduser` - -Assigns users to a group. Requires administrator privileges. - -//// -++++ -View in Playground -++++ -//// - -+++

+++ - -`**PUT **/tspublic/rest/v2/group/removeuser` - -Removes one or several users assigned to a group. Requires administrator privileges. - -//// -++++ -View in Playground -++++ -//// -+++

+++ - -`*PUT* /tspublic/rest/v2/group/addgroup` - -Adds a group to another group object. This API request creates a hierarchy of groups. The subgroups inherit the privileges assigned to the parent group. - -//// -++++ -View in Playground -++++ -//// -+++

+++ - -`**PUT** /tspublic/rest/v2/group/removegroup` - -Removes a group from the parent group. - -//// -++++ -View in Playground -++++ -//// -+++

+++ - -`*POST* /tspublic/rest/v2/group/search` - -Gets a list of groups created in the ThoughtSpot system. To filter your query, you can specify the group type, group name, privileges, sharing visibility, users, and other such attributes. -//// -++++ -View in Playground -++++ -//// --- - -== Admin - --- -`**GET ** /tspublic/rest/v2/admin/configuration` - -Gets details of the current configuration of a ThoughtSpot cluster. - -//// -++++ -View in Playground -++++ -//// -+++

+++ - -`*GET* /tspublic/rest/v2/admin/configuration/overrides` - -Gets details of configuration overrides. - -//// -++++ -View in Playground -++++ -//// -+++

+++ - -`**PUT **/tspublic/rest/v2/admin/configuration/update` - -Updates configuration settings of the ThoughtSpot cluster. - -//// -++++ -View in Playground -++++ -//// -+++

+++ - -`*PUT* /tspublic/rest/v2/admin/resetpassword` - -Resets the password of a user account. - -//// -++++ -View in Playground -++++ -//// - -+++

+++ - -`*PUT* /tspublic/rest/v2/admin/syncprincipal` - -Synchronizes user account and group properties from an external database with ThoughtSpot. - -//// -++++ -View in Playground -++++ -//// - -+++

+++ - -`*PUT* /tspublic/rest/v2/admin/changeauthor` - -Transfers the ownership of objects from one user to another. - -//// -++++ -View in Playground -++++ -//// - -+++

+++ - -`*PUT* /tspublic/rest/v2/admin/assignauthor` - -Assigns ownership of objects to a specific user. - -//// -++++ -View in Playground -++++ -//// -+++

+++ - -`*POST* /tspublic/rest/v2/admin/forcelogout` + - -Logs out specified users from ThoughtSpot. - -//// -++++ -View in Playground -++++ -//// --- - -== Metadata - --- -`*GET* /tspublic/rest/v2/metadata/tag` - -Gets details for the specified tag. You must specify the tag name or the GUID. - -//// -++++ -View in Playground -++++ -//// -+++

+++ - -`*POST* /tspublic/rest/v2/metadata/tag/create` - -Creates a tag object. - -//// -++++ -View in Playground -++++ -//// - -+++

+++ - -`*PUT* /tspublic/rest/v2/metadata/tag/update` - -Modifies the properties of a tag object. - -//// -++++ -View in Playground -++++ -//// - -+++

+++ - -`*PUT* /tspublic/rest/v2/metadata/tag/assign` - -Assigns a tag to one or several metadata objects. You can assign a tag to a Liveboard, Answer, data object, and data connection objects. - -//// -++++ -View in Playground -++++ -//// - -+++

+++ - -`*PUT* /tspublic/rest/v2/metadata/tag/unassign` - -Removes the tag assigned to an object. - -//// -++++ -View in Playground -++++ -//// - -+++

+++ - -`*DELETE* /tspublic/rest/v2/metadata/tag/delete` - -Deletes the specified tag. - -//// -++++ -View in Playground -++++ -//// - -+++

+++ - -`**PUT** /tspublic/rest/v2/metadata/favorite/assign` - -Adds an object such as Liveboards and answers to a user's favorites list. - -//// -++++ -View in Playground -++++ -//// - -+++

+++ - -`**PUT ** /tspublic/rest/v2/metadata/favorite/unassign` - -Removes the specified object from the user's favorites list. - -//// -++++ -View in Playground -++++ -//// - -+++

+++ - -`**GET** /tspublic/rest/v2/metadata/homeliveboard` - -Gets the details of the Liveboard that is set as a default Liveboard for the ThoughtSpot user. - -//// -++++ -View in Playground -++++ -//// - -+++

+++ - -`**PUT** /tspublic/rest/v2/metadata/homeliveboard/assign` - -Assigns a Liveboard as a default Liveboard for a ThoughtSpot user. - -//// -++++ -View in Playground -++++ -//// - -+++

+++ - -`*PUT* /tspublic/rest/v2/metadata/homeliveboard/unassign` - -Removes the default home Liveboard setting for a ThoughtSpot user. - -//// -++++ -View in Playground -++++ -//// - -+++

+++ - -`*GET* /tspublic/rest/v2/metadata/incomplete` - -Gets a list of objects with incomplete metadata. - -//// -++++ -View in Playground -++++ -//// - -+++

+++ - -`*GET* /tspublic/rest/v2/metadata/header` - -Gets header details for a specific metadata object. - -//// -++++ -View in Playground -++++ -//// - -+++

+++ - -`*GET* /tspublic/rest/v2/metadata/details` - -Gets details of a specific metadata object. To filter your query, specify the metadata object type and the ID. - -//// -++++ -View in Playground -++++ -//// - -+++

+++ - -`*GET* /tspublic/rest/v2/metadata/vizheaders` - -Gets a list of visualization headers associated with a Liveboard. - -//// -++++ -View in Playground -++++ -//// -+++

+++ - -`*POST* /tspublic/rest/v2/metadata/header/search` - -Gets a list of all metadata objects in the ThoughtSpot system. To filter your query, specify the metadata object type, access level, and other such attributes. - -//// -++++ -View in Playground -++++ -//// - -+++

+++ - -`*POST* /tspublic/rest/v2/metadata/detail/search` - -Gets details of one or several metadata objects of a specific type. - -//// -++++ -View in Playground -++++ -//// - -+++

+++ - -`*DELETE* /tspublic/rest/v2/metadata/delete` - -Deletes the specified metadata object. You can delete answers, Liveboards, Tags, Models, Views, Tables, Columns, and Table joins. + -Note that the endpoint does not support deleting the connection, user, and group objects. To delete these objects, use the following endpoints: - -* `DELETE /tspublic/rest/v2/connection/delete` -* `DELETE /tspublic/rest/v2/user/delete` -* `DELETE /tspublic/rest/v2/group/delete` - -//// -++++ -View in Playground -++++ -//// -+++

+++ - -`*POST* /tspublic/rest/v2/metadata/dependency` - -Gets a list of dependent metadata objects. - -//// -++++ -View in Playground -++++ -//// - -+++

+++ - -`*POST* /tspublic/rest/v2/metadata/tml/export` - -Exports a TML object and associated metadata. - -//// -++++ -View in Playground -++++ -//// -+++

+++ - -`**POST** /tspublic/rest/v2/metadata/tml/import` - -Imports one or several TML objects and object associations. - -//// -++++ -View in Playground -++++ -//// --- - -== Connections - --- -`*GET* /tspublic/rest/v2/connection` - -Gets details of a specific data connection. - -//// -++++ -View in Playground -++++ -//// -+++

+++ - -`**GET** /tspublic/rest/v2/connection/database` - -Gets details of the databases associated with a connection ID. - -//// -++++ -View in Playground -++++ -//// -+++

+++ - -`**POST** /tspublic/rest/v2/connection/table` - -Gets details of the tables associated with a connection ID. - -//// -++++ -View in Playground -++++ -//// -+++

+++ - -`*POST* /tspublic/rest/v2/connection/tablecoloumn` - -Gets details of the columns of the tables associated with a connection ID. - -//// -++++ -View in Playground -++++ -//// - -+++

+++ - -`*POST* /tspublic/rest/v2/connection/create` - -Creates a data connection. - -//// -++++ -View in Playground -++++ -//// -+++

+++ - -`*PUT* /tspublic/rest/v2/connection/update` - -Updates an existing data connection. - -//// -++++ -View in Playground -++++ -//// - -+++

+++ - -*DELETE* /tspublic/rest/v2/connection/delete - -Deletes a data connection. - -//// -++++ -View in Playground -++++ -//// - -+++

+++ - -`*PUT* /tspublic/rest/v2/connection/addtable` - -Adds a table to an existing data connection. - -//// -++++ -View in Playground -++++ -//// - -+++

+++ - -`*PUT* /tspublic/rest/v2/connection/removetable` - -Removes a table from an existing data connection. - -//// -++++ -View in Playground -++++ -//// - -+++

+++ - -`*POST* /tspublic/rest/v2/connection/search` - -Gets details of all data connections. You can also query data for a specific connection type. - -//// -++++ -View in Playground -++++ -//// --- - -== Data - --- -`**POST** /tspublic/rest/v2/data/search` - -Allows constructing a search query string and retrieves data from a search query. - -//// -++++ -View in Playground -++++ -//// -+++

+++ - -`**POST** /tspublic/rest/v2/data/answer` - -Gets data from a saved search answer. - -//// -++++ -View in Playground -++++ -//// - -+++

+++ - -`**POST** /tspublic/rest/v2/data/liveboard` - -Gets data from the specified Liveboard and visualization. - -//// -++++ -View in Playground -++++ -//// --- - -+++

+++ - -`*GET* /tspublic/rest/v2/data/answer/querysql` - -Retrieves SQL for an Answer object. - -//// -++++ -View in Playground -++++ -//// --- - -+++

+++ - -`*GET* /tspublic/rest/v2/data/liveboard/querysql` - -Retrieves SQL for a visualization on a Liveboard. - -//// -++++ -View in Playground -++++ -//// --- - -== Report - --- -`*POST* /tspublic/rest/v2/report/answer` - -Downloads Answer data in the specified file format, such as PDF, CSV, PNG, and XLSX. - -//// -++++ -View in Playground -++++ -//// - -+++

+++ - -`**POST** /tspublic/rest/v2/report/liveboard` - -Downloads a given Liveboard and its visualizations as a PDF, CSV, XLSX, or PNG file. - -//// -++++ -View in Playground -++++ -//// --- - -== Security - -`*POST* /tspublic/rest/v2/security/share/tsobject` - -Allows sharing an object with another user or group in ThoughtSpot. - -//// -++++ -View in Playground -++++ -//// - -+++

+++ - -`**POST** /tspublic/rest/v2/security/share/visualization` - -Allows sharing a Liveboard visualization with another user or group in ThoughtSpot. - -//// -++++ -View in Playground -++++ -//// - -+++

+++ - -`**GET** /tspublic/rest/v2/security/permission/tsobject` - -Gets access permission details for a metadata object. - -//// -++++ -View in Playground -++++ -//// -+++

+++ - -`*GET* /tspublic/rest/v2/security/permission/principal` - -Gets a list of objects that the specified user or group has access to. - -//// -++++ -View in Playground -++++ -//// - -+++

+++ - -`*POST* /tspublic/rest/v2/security/permission/tsobject/search` - -Gets permission details for specific objects, and users and groups who have access to these objects. - -//// -++++ -View in Playground -++++ -//// - -+++

+++ - -`*POST* /tspublic/rest/v2/security/permission/principal/search` - -Gets a list objects to which a user or group has `READ_ONLY` or `MODIFY` permissions. - -//// -++++ -View in Playground -++++ -//// - -== Custom actions - -`*GET* /tspublic/rest/v2/customaction` - -Gets details of a custom action. - -//// -++++ -View in Playground -++++ -//// - -+++

+++ - -`**POST **/tspublic/rest/v2/customaction/create` - -Creates a custom action. - -//// -++++ -View in Playground -++++ -//// - -+++

+++ - -`**PUT** /tspublic/rest/v2/customaction/update` - -Updates a custom action object. - -//// -++++ -View in Playground -++++ -//// - -+++

+++ - -`**DELETE** /tspublic/rest/v2/customaction/delete` - -Deletes a custom action object. - -//// -++++ -View in Playground -++++ -//// - -+++

+++ - -`**POST** /tspublic/rest/v2/customaction/search` - -Allows searching for custom actions available in ThoughtSpot. - -//// -++++ -View in Playground -++++ -//// - -+++

+++ - -`*GET* /tspublic/rest/v2/customaction/association` - -Gets metadata association details for a given custom action. - -//// -++++ -View in Playground -++++ -//// -+++

+++ - -`*PUT* /tspublic/rest/v2/customaction/association/update` - -Updates metadata association for a given custom action. - -//// -++++ -View in Playground -++++ -//// - -+++

+++ - -`**DELETE **/tspublic/rest/v2/customactions/association/delete` - -Removes custom action association to a user, group or metadata object. - -//// -++++ -View in Playground -++++ -//// - -+++

+++ - -== Log --- -`*GET* /tspublic/rest/v2/logs/events` - -Gets security audit logs from the ThoughtSpot system. - -//// -++++ -View in Playground -++++ -//// -+++

+++ --- - -//// -== Materialization --- -`*PUT* /tspublic/rest/v2/materialization/refreshview` - -Refreshes data in a materialized view. + - -This endpoint is applicable to ThoughtSpot Software deployments only. - -++++ -View in Playground -++++ -+++

+++ --- - -== Database - -The Database endpoints are applicable to ThoughtSpot Falcon-based Software deployments only. - - -//// diff --git a/modules/ROOT/pages/webhooks-lb-schedule.adoc b/modules/ROOT/pages/webhooks-lb-schedule.adoc index e695ee250..eec7e3d5a 100644 --- a/modules/ROOT/pages/webhooks-lb-schedule.adoc +++ b/modules/ROOT/pages/webhooks-lb-schedule.adoc @@ -396,7 +396,7 @@ If the webhook creation is successful, the API returns the following response: "modification_time_in_millis": 1761050197164, "created_by": { "id": "08c6b203-ff6e-4ed8-b923-35ebbbfef27b", - "name": "UserA@thoughtspot.com" + "name": "UserA@UserA@example.com" }, "last_modified_by": null } @@ -477,11 +477,11 @@ If the API request is successful, ThoughtSpot returns the webhook configuration "modification_time_in_millis": 1761051944507, "created_by": { "id": "08c6b203-ff6e-4ed8-b923-35ebbbfef27b", - "name": "UserA@thoughtspot.com" + "name": "UserA@UserA@example.com" }, "last_modified_by": { "id": "08c6b203-ff6e-4ed8-b923-35ebbbfef27b", - "name": "UserA@thoughtspot.com" + "name": "UserA@UserA@example.com" } } ], @@ -603,7 +603,7 @@ If the API request is successful, the webhook is deleted, and the API returns th "modification_time_in_millis": 1761184185887, "created_by": { "id": "08c6b203-ff6e-4ed8-b923-35ebbbfef27b", - "name": "UserA@thoughtspot.com" + "name": "UserA@UserA@example.com" }, "last_modified_by": null } diff --git a/modules/ROOT/pages/whats-new.adoc b/modules/ROOT/pages/whats-new.adoc index 1bbd50faa..40437acc7 100644 --- a/modules/ROOT/pages/whats-new.adoc +++ b/modules/ROOT/pages/whats-new.adoc @@ -957,7 +957,8 @@ For more information, see xref:security-settings.adoc[Security Settings]. .Support for Sage coach [%collapsible] ==== -In full application embedding, you can now review user feedback on the natural language search queries on the **Data** page. For more information, see link:https://docs.thoughtspot.com/cloud/latest/sage-coach[Sage Coach, window=_blank]. +In full application embedding, you can now review user feedback on the natural language search queries on the **Data** page. +//For more information, see link:https://docs.thoughtspot.com/cloud/latest/sage-coach[Sage Coach, window=_blank]. ==== .Visual Embed SDK @@ -1253,7 +1254,7 @@ For more information, see xref:version_control.adoc[Version control with Git int ==== The Visual Embed developer Playground now includes a *Try* button in the preview panel. The *Try* button is attached to an event handler. You can register a host event and click *Try* to trigger an action on the embedded page in the Playground. -For more information, see xref:embed-events.adoc#host-events[Events reference]. +For more information, see xref:embed-events.adoc[Events reference]. ==== .Visual Embed SDK diff --git a/modules/tutorials/pages/tse-fundamentals/tse-fundamentals-lesson-05.adoc b/modules/tutorials/pages/tse-fundamentals/tse-fundamentals-lesson-05.adoc index ac63049b4..7579d96e9 100644 --- a/modules/tutorials/pages/tse-fundamentals/tse-fundamentals-lesson-05.adoc +++ b/modules/tutorials/pages/tse-fundamentals/tse-fundamentals-lesson-05.adoc @@ -68,7 +68,7 @@ image:images/tutorials/tse-fundamentals/lesson-05-search-console.png[Console out Before embedding the search, we need to initialize the SDK. Initializing the SDK tells it which ThoughtSpot instance to communicate with and the type of authentication. -There are additional parameters you can pass, which you can read about in the link:https://developer-docs-nnh3ibjh0-thoughtspot-site.vercel.app/docs/tsembed#initSdk[documentation]. +There are additional parameters you can pass, which you can read about in the link:https://developers.thoughtspot.com/docs/tsembed#initSdk[documentation]. One useful parameter to consider is `callPrefetch`, which can speed up the first embed object's load time by caching static content locally. This will not have an effect if caching is disabled during development but can improve performance in production. From 21e072cb77d50d1c2a3da25bc753f17d09a9f9b2 Mon Sep 17 00:00:00 2001 From: ShashiSubramanya Date: Fri, 9 Jan 2026 17:07:10 +0530 Subject: [PATCH 03/17] SCAL-289827 --- modules/ROOT/pages/locale-setting.adoc | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/modules/ROOT/pages/locale-setting.adoc b/modules/ROOT/pages/locale-setting.adoc index 00e49b0b0..1c43f2a14 100644 --- a/modules/ROOT/pages/locale-setting.adoc +++ b/modules/ROOT/pages/locale-setting.adoc @@ -23,30 +23,30 @@ If you want to set your embedded app view to a specific locale for your applicat [options="header"] |==================== | Locale | Language -| `ar-EG` | Egyptian Arabic | `da-DK` | Dansk | `de-DE` | Deutsch -| `de-CH` | German (Switzerland) +| `de-CH` | Deutsch (Switzerland) | `en-AU` | English (Australia) | `en-CA` | English (Canada) | `en-DE` | English (Germany) | `en-IN` | English (India) +| `en-NZ` | English (New Zealand) | `en-GB` | English (United Kingdom) | `en-US` | English (United States) -| `en-NZ` | English (New Zealand) +| `es-ES` | Español | `es-US` | Español (Latinoamérica) -| `es-ES` | Español (España) -| `es-MX` | Spanish (Mexico) -| `fi-FI` | Suomi +| `es-MX` | Español (Mexico) | `fr-CA` | Français (Canada) | `fr-FR` | Français (France) +| `ja-JP` | 日本語 +| `ko-KR` | 한국어 | `it-IT` | Italiano -| `ja-JP` | Japanese (Japan)/ 日本語 | `nb-NO` | Norsk | `nl-NL` | Nederland | `pt-BR` | Português (Brasil) | `pt-PT` | Português (Portugal) -| `ru-RU` | Russian (Russia) +| `ru-RU` | Pусский (ограниченный выпуск) +| `fi-FI` | Suomi | `sv-SE` | Svenska | `zh-CN` | 中文(简体) | `zh-HANT`| 中文 (繁體) From 79b9f58e5439c2bca3ac1c93a682095e3140cc8c Mon Sep 17 00:00:00 2001 From: Rani Gangwar Date: Thu, 15 Jan 2026 20:54:27 +0530 Subject: [PATCH 04/17] lb report csv xlsx --- modules/ROOT/pages/data-report-v2-api.adoc | 22 +++++++++++++++++++--- 1 file changed, 19 insertions(+), 3 deletions(-) diff --git a/modules/ROOT/pages/data-report-v2-api.adoc b/modules/ROOT/pages/data-report-v2-api.adoc index 1e5f6a9c3..4289c6842 100644 --- a/modules/ROOT/pages/data-report-v2-api.adoc +++ b/modules/ROOT/pages/data-report-v2-api.adoc @@ -235,11 +235,27 @@ To download a personalized view of the Liveboard, specify the view name in the ` * Attempting to override existing filter values with runtime filters while exporting a Liveboard will result in an error. ==== -==== File Format +==== File Formats -The default `file_format` is PDF. For PDF downloads, you can specify additional parameters to customize the page orientation and include or exclude the cover page, logo, footer text, and page numbers. You can also download the report in PNG format. +The default `file_format` is *CSV* [earlyAccess eaBackground]#Early Access#. -For PNG downloads, you can now define +* Each visualization is exported as a separate .csv file. +* If multiple visualizations are selected, the downloaded report is a single compressed .zip file containing all .CSV files. +* It does not support any additional parameters to customize the page orientation and `include_cover_page`,`include_filter_page`, logo, footer text, and page numbers. +* Charts are exported as tabular data. Downloaded reports may include columns not seen in the visualization if they were used as tokens in the underlying search query. + +For *XLSX* downloads [earlyAccess eaBackground]#Early Access#, + +* Visualization is exported as an Excel workbook (.xlsx). +* If multiple visualizations are selected, the downloaded report is a single Excel workbook (.xlsx) containing each visualization in their individual tabs. +* A maximum of 255 tabs per .xlsx workbook are allowed. +* It does not support any additional parameters to customize the page orientation and `include_cover_page`,`include_filter_page`, logo, footer text, and page numbers. +* Charts are exported as tabular data. Downloaded reports may include columns not seen in the visualization if they were used as tokens in the underlying search query. + + +For *PDF* downloads, you can specify additional parameters to customize the page orientation and include or exclude the cover page, logo, footer text, and page numbers. You can also download the report in PNG format. + +For *PNG* downloads, you can now define * `image_resolution` [earlyAccess eaBackground]#Early Access# * `image_scale` [earlyAccess eaBackground]#Early Access# From 85c683157cace5e1684b7022fc072505fe33cbe6 Mon Sep 17 00:00:00 2001 From: Rani Gangwar Date: Thu, 15 Jan 2026 23:29:09 +0530 Subject: [PATCH 05/17] API for security settings --- modules/ROOT/pages/security-settings.adoc | 56 +++++++++++++++++------ 1 file changed, 43 insertions(+), 13 deletions(-) diff --git a/modules/ROOT/pages/security-settings.adoc b/modules/ROOT/pages/security-settings.adoc index 050132cc0..fa52c2b83 100644 --- a/modules/ROOT/pages/security-settings.adoc +++ b/modules/ROOT/pages/security-settings.adoc @@ -1,6 +1,6 @@ = Security settings :toc: true -:toclevels: 2 +:toclevels: 3 :page-title: Security settings :page-pageid: security-settings @@ -21,7 +21,7 @@ To avoid this issue, ThoughtSpot recommends the following: * If you are using a ThoughtSpot Cloud instance, set up your instance to the same domain as your host application. For more information, see link:https://docs.thoughtspot.com/cloud/latest/custom-domains[Custom domain configuration, window=_blank]. * If you are using authentication methods that rely on cookies, xref:_enable_partition_cookies[enable partition cookies]. -== Security settings in ThoughtSpot +== Configure security settings via the ThoughtSpot UI Users with administration privileges can configure security settings on the Security settings page of the ThoughtSpot UI. Note that the following settings on the **Security Settings** page will appear as locked for ThoughtSpot Analytics application users and will require an embedding license: @@ -31,7 +31,7 @@ Users with administration privileges can configure security settings on the Secu * xref:configure-saml.adoc#saml-redirect[SAML redirect domains] * xref:trusted-authentication.adoc[Trusted authentication] -=== Security settings for Orgs +==== Security settings for Orgs On ThoughtSpot instances with Orgs, security settings can be managed at two levels: @@ -86,7 +86,7 @@ Each Org can have a separate secret key, which can be used to authenticate users ==== -== CSP allowlists +=== CSP allowlists To allow another application to embed ThoughtSpot, you must xref:security-settings.adoc#csp-viz-embed-hosts[add your host application domain as a CSP Visual Embed host]. @@ -98,7 +98,7 @@ If your instance has Orgs configured, note that the default Org on your instance ==== [#csp-viz-embed-hosts] -=== Add CSP visual embed hosts +==== Add CSP visual embed hosts To allow your host domain to set the `frame-ancestors` CSP policy header and embed a ThoughtSpot object within your application frame, add your application domain as a CSP visual embed host. . On your ThoughtSpot application instance, go to *Develop* page. @@ -114,7 +114,7 @@ Only users with a valid embed license can add Visual Embed hosts. ==== [#csp-connect-src] -=== Add URLs to CSP connect-src allowlist +==== Add URLs to CSP connect-src allowlist If you plan to use a custom action or webhook to send data to an external endpoint or application, you must add the domains of the target endpoints or applications to the `CSP connect-src` allowlist. . On your ThoughtSpot application instance, go to *Develop* page. @@ -125,7 +125,7 @@ If you plan to use a custom action or webhook to send data to an external endpoi . Click *Save changes*. [#csp-trusted-domain] -=== Add other trusted domains +==== Add other trusted domains To import images, fonts, and stylesheets from external sites, or load the content from an external site using an iFrame element, you must add the source URLs as trusted domains in the CSP allowlist. For example, in the Liveboard Note tiles, if you want to insert an image from an external site or embed content from an external site in an iFrame, you must add domain URLs of these sites to the CSP allowList. Similarly, to import fonts and custom styles from an external source, you must add the source URL as a trusted domain in ThoughtSpot. @@ -148,7 +148,7 @@ Add the domains from which you want host scripts. For more information, see xref Add the iframe source URL domains. //// -=== Add permitted iFrame domains +==== Add permitted iFrame domains Features such as link:https://docs.thoughtspot.com/software/latest/liveboard-notes[Liveboard Note tiles, window=_blank] and link:https://docs.thoughtspot.com/cloud/latest/chart-custom[custom charts, window=_blank] allow iFrame content. If you are planning to embed content from an external site, make sure the domain URLs of these sites are added to the iFrame domain allowlist: . On your ThoughtSpot application instance, go to *Develop* page. @@ -160,7 +160,7 @@ Features such as link:https://docs.thoughtspot.com/software/latest/liveboard-not [#cors-hosts] -=== Enable CORS +==== Enable CORS To allow your embedding application to call ThoughtSpot, access its resources, and render embedded content, add your host application domain URL as a trusted host for CORS. @@ -183,7 +183,7 @@ To add domain names to the CORS allowlist, follow these steps: . Click *Save changes*. [#csp-cors-hosts] -=== Domain name format for CSP and CORS configuration +==== Domain name format for CSP and CORS configuration [IMPORTANT] ==== @@ -282,10 +282,10 @@ a|+++Wildcard (*) for port+++ |==== -== Block access to non-embedded ThoughtSpot pages +=== Block access to non-embedded ThoughtSpot pages If you have embedded ThoughtSpot content in your app, you may want your users to access only the ThoughtSpot pages embedded within the context of your host app. ThoughtSpot allows administrators to restrict user access to non-embedded application pages from the embedding application context or selectively grant access to specific user groups. For information, see xref:selective-user-access.adoc[Control User Access]. -== Enable partitioned cookies +=== Enable partitioned cookies Many web browsers do not allow third-party cookies. If you are using authentication methods that rely on cookies, users will not be able to access the embedded content when browsers block third-party cookies. Therefore, ThoughtSpot recommends using xref:trusted-auth-sdk.adoc[cookieless authentication] in production environments. However, if your implementation uses cookie-based authentication or xref:embed-authentication.adoc#none[AuthType.None], ensure that you enable partitioned cookies: @@ -304,5 +304,35 @@ With partitioned cookies enabled, when a user logs in to ThoughtSpot and accesse Safari blocks all third-party cookies and does not support partitioned cookies. You can switch to a different browser that supports partitioned cookies, or use cookieless authentication in your embedding implementation. ==== -== Trusted authentication +=== Trusted authentication See xref:trusted-authentication.adoc[Trusted authentication] and xref:_secret_key_management[Secret key management]. + +== Configure security settings via API + +* For REST API v2 operations, the Org context is determined based on the authentication token used in your API requests. Ensure you log in to the appropriate Org context from which you want to send API requests. +* Ensure that you have developer or administrator privileges for the Org. + +=== Configure Security Settings +Security settings can be configured for the ThoughtSpot instance and for the Org as well. To configure security settings send a `POST` request to `POST /api/rest/2.0/system/security-settings/configure` API endpoint. + +[NOTE] +==== +* When security settings are defined at both levels, the Org-level settings take precedence over cluster-level settings within that Org. +* If the configuration settings are available at both levels and are configured only at the All Orgs level, the Orgs on the instance will inherit these settings. +* If the settings are not defined either at the All Orgs level or per Org, the system defaults will be applied. +==== + +=== Request parameters +In your `POST` request body, include the following parameters: + +[width="100%" cols="1,4"] +[options='header'] +|===== +|Parameter|Description + +|cluster_preferences a|__String__. Required. A JSON map of customizable security settings for the ThoughtSpot instance. +|enable_partitioned_cookies a|__Boolean__. +|org_identifier a|__String__. Required. The unique ID or name of the Org for which the email customization is being updated. +|===== + + From 7d4a0d59b6839caa7d59b4534359e0c25dc28d34 Mon Sep 17 00:00:00 2001 From: Rani Gangwar Date: Fri, 16 Jan 2026 11:47:50 +0530 Subject: [PATCH 06/17] edits to lb report --- modules/ROOT/pages/data-report-v2-api.adoc | 7 +++---- modules/ROOT/pages/security-settings.adoc | 12 ++++++++++-- 2 files changed, 13 insertions(+), 6 deletions(-) diff --git a/modules/ROOT/pages/data-report-v2-api.adoc b/modules/ROOT/pages/data-report-v2-api.adoc index 4289c6842..7b404fa90 100644 --- a/modules/ROOT/pages/data-report-v2-api.adoc +++ b/modules/ROOT/pages/data-report-v2-api.adoc @@ -237,7 +237,7 @@ To download a personalized view of the Liveboard, specify the view name in the ` ==== File Formats -The default `file_format` is *CSV* [earlyAccess eaBackground]#Early Access#. +The default `file_format` is *CSV* [earlyAccess eaBackground]#Early Access#. If you do not have this feature enabled for your ThoughtSpot instance, please select an appropriate `file_format` to successfully download the report. * Each visualization is exported as a separate .csv file. * If multiple visualizations are selected, the downloaded report is a single compressed .zip file containing all .CSV files. @@ -253,8 +253,7 @@ For *XLSX* downloads [earlyAccess eaBackground]#Early Access#, * Charts are exported as tabular data. Downloaded reports may include columns not seen in the visualization if they were used as tokens in the underlying search query. -For *PDF* downloads, you can specify additional parameters to customize the page orientation and include or exclude the cover page, logo, footer text, and page numbers. You can also download the report in PNG format. - +For *PDF* downloads, you can specify additional parameters to customize the page orientation and include or exclude the cover page, logo, footer text, and page numbers. For *PNG* downloads, you can now define * `image_resolution` [earlyAccess eaBackground]#Early Access# @@ -296,7 +295,7 @@ curl -X POST \ ==== Override filters -If the Liveboard has filters applied and you want to override the filters before downloading the Liveboard, you can specify the filters in the `override_filters` array. +If the Liveboard has filters applied, and you want to override the filters before downloading the Liveboard, you can specify the filters in the `override_filters` array. [source,JSON] ---- diff --git a/modules/ROOT/pages/security-settings.adoc b/modules/ROOT/pages/security-settings.adoc index fa52c2b83..27f98ac27 100644 --- a/modules/ROOT/pages/security-settings.adoc +++ b/modules/ROOT/pages/security-settings.adoc @@ -8,6 +8,7 @@ The **Security Settings** page in ThoughtSpot UI allows administrators and developers to configure allowlists for Content Security Policy (CSP) and Cross-origin Resource Sharing (CORS), authentication attributes, and access control settings. +These settings can also be done via REST APIs v2, by sending a `POST` request to `POST /api/rest/2.0/system/security-settings/configure` API endpoint. == Overview Most web browsers block cross-site scripting, cross-domain requests, and third-party cookies by default. Web browsers also have built-in security mechanisms such as same-origin and content security policies. These policies restrict how applications and scripts from one origin (domain) can interact with the resources hosted on another origin (domain). To ensure data security and a seamless user experience in embedding applications, configure the settings described in this section. @@ -108,6 +109,9 @@ To allow your host domain to set the `frame-ancestors` CSP policy header and emb . In the *CSP visual embed hosts* text box, add the domain names. For valid domain name formats, See xref:security-settings.adoc#csp-cors-hosts[Domain name format for CSP and CORS configuration]. . Click *Save changes*. +#Through the API:: +`visual_embed_hosts`# + [NOTE] ==== Only users with a valid embed license can add Visual Embed hosts. @@ -182,6 +186,10 @@ To add domain names to the CORS allowlist, follow these steps: . In the *CORS whitelisted domains* text box, add the domain names. For valid domain name formats, See xref:security-settings.adoc#csp-cors-hosts[Domain name format for CSP and CORS configuration]. . Click *Save changes*. +#Through the API:: +`cors_whitelisted_urls` is an array of whitelisted URLs. Set this to `null` when there is no urls to be set.# + + [#csp-cors-hosts] ==== Domain name format for CSP and CORS configuration @@ -308,7 +316,7 @@ Safari blocks all third-party cookies and does not support partitioned cookies. See xref:trusted-authentication.adoc[Trusted authentication] and xref:_secret_key_management[Secret key management]. == Configure security settings via API - +# * For REST API v2 operations, the Org context is determined based on the authentication token used in your API requests. Ensure you log in to the appropriate Org context from which you want to send API requests. * Ensure that you have developer or administrator privileges for the Org. @@ -334,5 +342,5 @@ In your `POST` request body, include the following parameters: |enable_partitioned_cookies a|__Boolean__. |org_identifier a|__String__. Required. The unique ID or name of the Org for which the email customization is being updated. |===== - +# From 4894dd3498b87cd147609df675cdbb03026aea7c Mon Sep 17 00:00:00 2001 From: Rani Gangwar Date: Fri, 16 Jan 2026 17:14:43 +0530 Subject: [PATCH 07/17] lb report feedback edits --- modules/ROOT/pages/data-report-v2-api.adoc | 86 +++++++++++++++++++--- 1 file changed, 76 insertions(+), 10 deletions(-) diff --git a/modules/ROOT/pages/data-report-v2-api.adoc b/modules/ROOT/pages/data-report-v2-api.adoc index 7b404fa90..30e55b4c7 100644 --- a/modules/ROOT/pages/data-report-v2-api.adoc +++ b/modules/ROOT/pages/data-report-v2-api.adoc @@ -237,23 +237,87 @@ To download a personalized view of the Liveboard, specify the view name in the ` ==== File Formats -The default `file_format` is *CSV* [earlyAccess eaBackground]#Early Access#. If you do not have this feature enabled for your ThoughtSpot instance, please select an appropriate `file_format` to successfully download the report. +The default `file_format` is *CSV*. + +[NOTE] +If you do not have .csv downloads enabled for your ThoughtSpot instance, select either `PDF` or `PNG` `file_format` to successfully download the report. Using any other format will cause the API to return an error. + + +For *CSV* downloads [earlyAccess eaBackground]#Early Access#, * Each visualization is exported as a separate .csv file. * If multiple visualizations are selected, the downloaded report is a single compressed .zip file containing all .CSV files. * It does not support any additional parameters to customize the page orientation and `include_cover_page`,`include_filter_page`, logo, footer text, and page numbers. * Charts are exported as tabular data. Downloaded reports may include columns not seen in the visualization if they were used as tokens in the underlying search query. +===== Sample API payload for CSV downloads +[source,cURL] +---- +curl -X POST \ + --url 'https://{ThoughtSpot-Host}/api/rest/2.0/report/liveboard' \ + -H 'Authorization: Bearer {access-token}'\ + -H 'Content-Type: application/json' \ +--data-raw '{ +"metadata_identifier": "416052fd-ad22-4d48-be0a-e43b53109957", +"file_format": "CSV", +"tab_identifiers": [ +"bc6d6fb8-1e06-4617-b02f-51745e6933a6" +] +}' +---- + For *XLSX* downloads [earlyAccess eaBackground]#Early Access#, * Visualization is exported as an Excel workbook (.xlsx). -* If multiple visualizations are selected, the downloaded report is a single Excel workbook (.xlsx) containing each visualization in their individual tabs. +* If multiple visualizations are selected, the downloaded report is a single Excel workbook (.xlsx) containing each visualization in their individual tab. * A maximum of 255 tabs per .xlsx workbook are allowed. +* If you want to download each visualization in a separate workbook (instead of separate tabs), contact ThoughtSpot support to enable the feature. * It does not support any additional parameters to customize the page orientation and `include_cover_page`,`include_filter_page`, logo, footer text, and page numbers. * Charts are exported as tabular data. Downloaded reports may include columns not seen in the visualization if they were used as tokens in the underlying search query. +* Pivot tables are exported as their underlying raw data. The .xlsx currently does not support the pivot table format. +===== Sample API payload for XLSX downloads +[source,cURL] +---- +curl -X POST \ + --url 'https://{ThoughtSpot-Host}/api/rest/2.0/report/liveboard' \ + -H 'Authorization: Bearer {access-token}'\ + -H 'Content-Type: application/json' \ +--data-raw '{ +"metadata_identifier": "416052fd-ad22-4d48-be0a-e43b53109957", +"file_format": "XLSX", +"visualization_identifiers": [ +"254c6e30-680c-41ea-aa4d-bb059f745462" +] +}' +---- For *PDF* downloads, you can specify additional parameters to customize the page orientation and include or exclude the cover page, logo, footer text, and page numbers. + +===== Sample API payload for PDF downloads +[source,cURL] +---- +curl -X POST \ + --url 'https://{ThoughtSpot-Host}/api/rest/2.0/report/liveboard' \ + -H 'Authorization: Bearer {access-token}'\ + -H 'Content-Type: application/json' \ +--data-raw '{ +"metadata_identifier": "416052fd-ad22-4d48-be0a-e43b53109957", +"file_format": "PDF", +"visualization_identifiers": [ +"254c6e30-680c-41ea-aa4d-bb059f745462" +], +"pdf_options": { +"include_cover_page": true, +"include_custom_logo": true, +"include_filter_page": true, +"include_page_number": true, +"page_orientation": "LANDSCAPE", +"page_footer_text": "Sample footer text" +} +}' +---- + For *PNG* downloads, you can now define * `image_resolution` [earlyAccess eaBackground]#Early Access# @@ -271,7 +335,7 @@ Contact ThoughtSpot support to enable these settings for PNG downloads on your T ==== -==== Example +===== Sample API payload for PNG downloads [source,cURL] ---- curl -X POST \ @@ -279,16 +343,18 @@ curl -X POST \ -H 'Authorization: Bearer {access-token}'\ -H 'Content-Type: application/json' \ --data-raw '{ - "metadata_identifier": "9bd202f5-d431-44bf-9a07-b4f7be372125", + "metadata_identifier": "416052fd-ad22-4d48-be0a-e43b53109957", "file_format": "PNG", - "visualization_identifiers": [ - "9bd202f5-d431-44bf-9a07-b4f7be372125", - "9bd202f5-d431-44bf-9a07-b4f7be372125", - "9bd202f5-d431-44bf-9a07-b4f7be372125" + "tab_identifiers": [ + "bc6d6fb8-1e06-4617-b02f-51745e6933a6" ], "png_options": { - "include_cover_page": true, - "include_filter_page": true + "include_cover_page": null, + "include_filter_page": null, + "personalised_view_id": null, + "image_resolution": 1920, + "image_scale": 100, + "include_header": true } }' ---- From 7a1e7605869822b1f5e76de5a32c4fa4db155abf Mon Sep 17 00:00:00 2001 From: Rani Gangwar Date: Fri, 16 Jan 2026 19:04:03 +0530 Subject: [PATCH 08/17] lb report feedback edits --- modules/ROOT/pages/data-report-v2-api.adoc | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/modules/ROOT/pages/data-report-v2-api.adoc b/modules/ROOT/pages/data-report-v2-api.adoc index 30e55b4c7..1d1282b98 100644 --- a/modules/ROOT/pages/data-report-v2-api.adoc +++ b/modules/ROOT/pages/data-report-v2-api.adoc @@ -251,6 +251,7 @@ For *CSV* downloads [earlyAccess eaBackground]#Early Access#, * Charts are exported as tabular data. Downloaded reports may include columns not seen in the visualization if they were used as tokens in the underlying search query. ===== Sample API payload for CSV downloads + [source,cURL] ---- curl -X POST \ @@ -271,12 +272,13 @@ For *XLSX* downloads [earlyAccess eaBackground]#Early Access#, * Visualization is exported as an Excel workbook (.xlsx). * If multiple visualizations are selected, the downloaded report is a single Excel workbook (.xlsx) containing each visualization in their individual tab. * A maximum of 255 tabs per .xlsx workbook are allowed. -* If you want to download each visualization in a separate workbook (instead of separate tabs), contact ThoughtSpot support to enable the feature. +* If you want to be able to download each visualization in a separate workbook (instead of separate tabs), contact ThoughtSpot support. * It does not support any additional parameters to customize the page orientation and `include_cover_page`,`include_filter_page`, logo, footer text, and page numbers. * Charts are exported as tabular data. Downloaded reports may include columns not seen in the visualization if they were used as tokens in the underlying search query. -* Pivot tables are exported as their underlying raw data. The .xlsx currently does not support the pivot table format. +* Unlike the pivot tables that are downloaded for any pivot table Answer in the ThoughtSpot UI, pivot tables generated in .xlsx workbooks using this API endpoint are exported as their underlying raw data. The .xlsx currently does not support the pivot table format. ===== Sample API payload for XLSX downloads + [source,cURL] ---- curl -X POST \ @@ -294,7 +296,8 @@ curl -X POST \ For *PDF* downloads, you can specify additional parameters to customize the page orientation and include or exclude the cover page, logo, footer text, and page numbers. -===== Sample API payload for PDF downloads +===== Sample API payload for XLSX downloads + [source,cURL] ---- curl -X POST \ @@ -336,6 +339,7 @@ Contact ThoughtSpot support to enable these settings for PNG downloads on your T ==== ===== Sample API payload for PNG downloads + [source,cURL] ---- curl -X POST \ From be226697c22e21d06ff84a9b462e2ab3fb9ad686 Mon Sep 17 00:00:00 2001 From: Rani Gangwar Date: Sun, 18 Jan 2026 23:17:09 +0530 Subject: [PATCH 09/17] added api payload for security settings --- modules/ROOT/pages/security-settings.adoc | 202 ++++++++++++++++++---- 1 file changed, 167 insertions(+), 35 deletions(-) diff --git a/modules/ROOT/pages/security-settings.adoc b/modules/ROOT/pages/security-settings.adoc index 27f98ac27..14fbc0353 100644 --- a/modules/ROOT/pages/security-settings.adoc +++ b/modules/ROOT/pages/security-settings.adoc @@ -7,8 +7,8 @@ :page-description: Security settings for embedding -The **Security Settings** page in ThoughtSpot UI allows administrators and developers to configure allowlists for Content Security Policy (CSP) and Cross-origin Resource Sharing (CORS), authentication attributes, and access control settings. -These settings can also be done via REST APIs v2, by sending a `POST` request to `POST /api/rest/2.0/system/security-settings/configure` API endpoint. +ThoughtSpot allows administrators and developers to configure allowlists for Content Security Policy (CSP) and Cross-origin Resource Sharing (CORS), authentication attributes, and access control settings. +These settings can also be done via the **Security Settings** page in the ThoughtSpot UI, or through REST APIs v2, by sending a `POST` request to `POST /api/rest/2.0/system/security-settings/configure` API endpoint. == Overview Most web browsers block cross-site scripting, cross-domain requests, and third-party cookies by default. Web browsers also have built-in security mechanisms such as same-origin and content security policies. These policies restrict how applications and scripts from one origin (domain) can interact with the resources hosted on another origin (domain). To ensure data security and a seamless user experience in embedding applications, configure the settings described in this section. @@ -47,7 +47,7 @@ The following table shows the settings available at the All Orgs and per-Org lev [width="100%" cols="5,7,7,7"] [options='header'] |===== -||Configuration setting|All Orgs level |Per-Org level +|||All Orgs level (cluster level) |Per-Org level .6+|CSP allowlists | **CSP visual embed hosts** a| [tag greenBackground tick]#Yes# a| [tag redBackground tick]#No# |**CSP connect-src domains** a| [tag greenBackground tick]#Yes# a| @@ -109,8 +109,26 @@ To allow your host domain to set the `frame-ancestors` CSP policy header and emb . In the *CSP visual embed hosts* text box, add the domain names. For valid domain name formats, See xref:security-settings.adoc#csp-cors-hosts[Domain name format for CSP and CORS configuration]. . Click *Save changes*. -#Through the API:: -`visual_embed_hosts`# +Through the REST API v2:: +Send a `POST` request to `POST /api/rest/2.0/system/security-settings/configure` API endpoint. Add your application domain as a CSP visual embed host for your ThoughtSpot application instance by entering valid values for the parameter `visual_embed_hosts`. + +[source,cURL] +---- +curl -X POST \ + --url 'https://{ThoughtSpot-Host}/api/rest/2.0/system/security-settings/configure' \ + -H 'Authorization: Bearer {access-token}'\ + -H 'Content-Type: application/json' \ +--data-raw '{ +"cluster_preferences": { +"csp_settings": { +"visual_embed_hosts": [ +"visual_embed_hosts1", +"visual_embed_hosts2" +] +} +} +}' +---- [NOTE] ==== @@ -128,6 +146,27 @@ If you plan to use a custom action or webhook to send data to an external endpoi . In the *CSP connect-src domains* text box, add the domain names. For valid domain name formats, See xref:security-settings.adoc#csp-cors-hosts[Domain name format for CSP and CORS configuration]. . Click *Save changes*. + +Through the REST API v2:: +Send a `POST` request to `POST /api/rest/2.0/system/security-settings/configure` API endpoint. Add domains of the target endpoints or applications to the `connect_src_urls` parameter for your ThoughtSpot application instance. + +[s]ource,cURL] +---- +curl -X POST \ + --url 'https://{ThoughtSpot-Host}/api/rest/2.0/system/security-settings/configure' \ + -H 'Authorization: Bearer {access-token}'\ + -H 'Content-Type: application/json' \ +--data-raw '{ +"cluster_preferences": { +"csp_settings": { +"connect_src_urls": [ +"connect_src_urls1" +] +} +} +}' +---- + [#csp-trusted-domain] ==== Add other trusted domains @@ -152,6 +191,40 @@ Add the domains from which you want host scripts. For more information, see xref Add the iframe source URL domains. //// +Through the REST API v2:: +Send a `POST` request to `POST /api/rest/2.0/system/security-settings/configure` API endpoint. Add source URLs of sites, where from you can import images, fonts, and stylesheets, as trusted domains to the `img_src_urls`, `font_src_urls`, `style_src_urls`, `script_src_urls` parameters. + +[source,cURL] +---- +curl -X POST \ + --url 'https://{ThoughtSpot-Host}/api/rest/2.0/system/security-settings/configure' \ + -H 'Authorization: Bearer {access-token}'\ + -H 'Content-Type: application/json' \ +--data-raw '{ +"cluster_preferences": { +"csp_settings": { +"font_src_urls": [ +"font_src_urls1", +"font_src_urls2" +], +"img_src_urls": [ +"img_src_urls1" +], +"script_src_urls": { +"enabled": false, +"urls": [ +"urls1" +] +}, +"style_src_urls": [ +"style_src_urls1" +] +} +} +}' +---- + + ==== Add permitted iFrame domains Features such as link:https://docs.thoughtspot.com/software/latest/liveboard-notes[Liveboard Note tiles, window=_blank] and link:https://docs.thoughtspot.com/cloud/latest/chart-custom[custom charts, window=_blank] allow iFrame content. If you are planning to embed content from an external site, make sure the domain URLs of these sites are added to the iFrame domain allowlist: @@ -163,6 +236,26 @@ Features such as link:https://docs.thoughtspot.com/software/latest/liveboard-not . Click *Save changes*. +Through the REST API v2:: +Send a `POST` request to `POST /api/rest/2.0/system/security-settings/configure` API endpoint. Add domain URLs of external sites using iFrame content are added to the `iframe_src_urls` parameter for your ThoughtSpot application instance. + +[source,cURL] +---- +curl -X POST \ + --url 'https://{ThoughtSpot-Host}/api/rest/2.0/system/security-settings/configure' \ + -H 'Authorization: Bearer {access-token}'\ + -H 'Content-Type: application/json' \ +--data-raw '{ +"cluster_preferences": { +"csp_settings": { +"iframe_src_urls": [ +"iframe_src_urls1" +] +} +} +}' +---- + [#cors-hosts] ==== Enable CORS @@ -188,6 +281,30 @@ To add domain names to the CORS allowlist, follow these steps: #Through the API:: `cors_whitelisted_urls` is an array of whitelisted URLs. Set this to `null` when there is no urls to be set.# +Through the REST API v2:: +Send a `POST` request to `POST /api/rest/2.0/system/security-settings/configure` API endpoint. Add CORS allowlist for cross-domain communication to the parameter `cors_whitelisted_urls` for the cluster or for the Org. + +[source,cURL] +---- +curl -X POST \ + --url 'https://{ThoughtSpot-Host}/api/rest/2.0/system/security-settings/configure' \ + -H 'Authorization: Bearer {access-token}'\ + -H 'Content-Type: application/json' \ +--data-raw '{ + "org_preferences": [ + { + "cors_whitelisted_urls": [ + "cors_whitelisted_urls2" + ] + } + ], + "cluster_preferences": { + "cors_whitelisted_urls": [ + "cors_whitelisted_urls1" + ] + } +}' +---- [#csp-cors-hosts] @@ -293,6 +410,35 @@ a|+++Wildcard (*) for port+++ === Block access to non-embedded ThoughtSpot pages If you have embedded ThoughtSpot content in your app, you may want your users to access only the ThoughtSpot pages embedded within the context of your host app. ThoughtSpot allows administrators to restrict user access to non-embedded application pages from the embedding application context or selectively grant access to specific user groups. For information, see xref:selective-user-access.adoc[Control User Access]. +Through the REST API v2:: +Send a `POST` request to `POST /api/rest/2.0/system/security-settings/configure` API endpoint. Set `block_full_app_access` to `true` to restrict user access to non-embedded application pages from the embedding application context. Enter values for `groups_identifiers_with_access` to selectively grant access to specific user groups. + +[source,cURL] +---- +curl -X POST \ + --url 'https://{ThoughtSpot-Host}/api/rest/2.0/system/security-settings/configure' \ + -H 'Authorization: Bearer {access-token}'\ + -H 'Content-Type: application/json' \ +--data-raw '{ +"cluster_preferences": { +"non_embed_access": { +"block_full_app_access": true +} +}, +"org_preferences": [ +{ +"non_embed_access": { +"block_full_app_access": true, +"groups_identifiers_with_access": [ +"group1" +] +} +} +] +}' +---- + + === Enable partitioned cookies Many web browsers do not allow third-party cookies. If you are using authentication methods that rely on cookies, users will not be able to access the embedded content when browsers block third-party cookies. Therefore, ThoughtSpot recommends using xref:trusted-auth-sdk.adoc[cookieless authentication] in production environments. @@ -312,35 +458,21 @@ With partitioned cookies enabled, when a user logs in to ThoughtSpot and accesse Safari blocks all third-party cookies and does not support partitioned cookies. You can switch to a different browser that supports partitioned cookies, or use cookieless authentication in your embedding implementation. ==== +Through the REST API v2:: +Send a `POST` request to `POST /api/rest/2.0/system/security-settings/configure` API endpoint. Set `enable_partitioned_cookies` to `true` to ensure a cookie is set with the partitioned attribute for applications using cookie-based authentication . + +[source,cURL] +---- +curl -X POST \ + --url 'https://{ThoughtSpot-Host}/api/rest/2.0/system/security-settings/configure' \ + -H 'Authorization: Bearer {access-token}'\ + -H 'Content-Type: application/json' \ +--data-raw '{ +"cluster_preferences": { +"enable_partitioned_cookies": true +} +}' +---- + === Trusted authentication See xref:trusted-authentication.adoc[Trusted authentication] and xref:_secret_key_management[Secret key management]. - -== Configure security settings via API -# -* For REST API v2 operations, the Org context is determined based on the authentication token used in your API requests. Ensure you log in to the appropriate Org context from which you want to send API requests. -* Ensure that you have developer or administrator privileges for the Org. - -=== Configure Security Settings -Security settings can be configured for the ThoughtSpot instance and for the Org as well. To configure security settings send a `POST` request to `POST /api/rest/2.0/system/security-settings/configure` API endpoint. - -[NOTE] -==== -* When security settings are defined at both levels, the Org-level settings take precedence over cluster-level settings within that Org. -* If the configuration settings are available at both levels and are configured only at the All Orgs level, the Orgs on the instance will inherit these settings. -* If the settings are not defined either at the All Orgs level or per Org, the system defaults will be applied. -==== - -=== Request parameters -In your `POST` request body, include the following parameters: - -[width="100%" cols="1,4"] -[options='header'] -|===== -|Parameter|Description - -|cluster_preferences a|__String__. Required. A JSON map of customizable security settings for the ThoughtSpot instance. -|enable_partitioned_cookies a|__Boolean__. -|org_identifier a|__String__. Required. The unique ID or name of the Org for which the email customization is being updated. -|===== -# - From 1f37853cb5b449988419d163a9af65170c82c6fc Mon Sep 17 00:00:00 2001 From: Rani Gangwar Date: Mon, 19 Jan 2026 10:24:19 +0530 Subject: [PATCH 10/17] added api payload for security settings --- modules/ROOT/pages/security-settings.adoc | 121 ++++++++++++---------- 1 file changed, 69 insertions(+), 52 deletions(-) diff --git a/modules/ROOT/pages/security-settings.adoc b/modules/ROOT/pages/security-settings.adoc index 14fbc0353..ca4d8f4ee 100644 --- a/modules/ROOT/pages/security-settings.adoc +++ b/modules/ROOT/pages/security-settings.adoc @@ -8,7 +8,7 @@ ThoughtSpot allows administrators and developers to configure allowlists for Content Security Policy (CSP) and Cross-origin Resource Sharing (CORS), authentication attributes, and access control settings. -These settings can also be done via the **Security Settings** page in the ThoughtSpot UI, or through REST APIs v2, by sending a `POST` request to `POST /api/rest/2.0/system/security-settings/configure` API endpoint. +These settings can be done via the **Security Settings** page in the ThoughtSpot UI, or through REST APIs v2, by sending a `POST` request to `POST /api/rest/2.0/system/security-settings/configure` API endpoint. == Overview Most web browsers block cross-site scripting, cross-domain requests, and third-party cookies by default. Web browsers also have built-in security mechanisms such as same-origin and content security policies. These policies restrict how applications and scripts from one origin (domain) can interact with the resources hosted on another origin (domain). To ensure data security and a seamless user experience in embedding applications, configure the settings described in this section. @@ -22,9 +22,9 @@ To avoid this issue, ThoughtSpot recommends the following: * If you are using a ThoughtSpot Cloud instance, set up your instance to the same domain as your host application. For more information, see link:https://docs.thoughtspot.com/cloud/latest/custom-domains[Custom domain configuration, window=_blank]. * If you are using authentication methods that rely on cookies, xref:_enable_partition_cookies[enable partition cookies]. -== Configure security settings via the ThoughtSpot UI +== Configure security settings -Users with administration privileges can configure security settings on the Security settings page of the ThoughtSpot UI. Note that the following settings on the **Security Settings** page will appear as locked for ThoughtSpot Analytics application users and will require an embedding license: +Users with administration privileges can configure security settings on the Security settings page of the ThoughtSpot UI, or by sending a `POST` request to `POST /api/rest/2.0/system/security-settings/configure` API endpoint. Note that the following settings on the **Security Settings** page will appear as locked for ThoughtSpot Analytics application users and will require an embedding license: * xref:security-settings.adoc#csp-viz-embed-hosts[CSP visual embed hosts] * xref:security-settings.adoc#cors-hosts[CORS whitelisted domains] @@ -36,7 +36,7 @@ Users with administration privileges can configure security settings on the Secu On ThoughtSpot instances with Orgs, security settings can be managed at two levels: -* Global settings for all Orgs + +* Global settings for all Orgs (cluster level) + Cluster administrators can configure security settings globally for all Orgs. On ThoughtSpot instances with Orgs, the *Develop* page opens in the `Primary Org` context, unless you are accessing the Develop tab from a specific Org context. To configure settings for all Orgs, you must switch to *All Orgs* context. * Org-level settings + @@ -109,6 +109,7 @@ To allow your host domain to set the `frame-ancestors` CSP policy header and emb . In the *CSP visual embed hosts* text box, add the domain names. For valid domain name formats, See xref:security-settings.adoc#csp-cors-hosts[Domain name format for CSP and CORS configuration]. . Click *Save changes*. + Through the REST API v2:: Send a `POST` request to `POST /api/rest/2.0/system/security-settings/configure` API endpoint. Add your application domain as a CSP visual embed host for your ThoughtSpot application instance by entering valid values for the parameter `visual_embed_hosts`. @@ -120,13 +121,13 @@ curl -X POST \ -H 'Content-Type: application/json' \ --data-raw '{ "cluster_preferences": { -"csp_settings": { -"visual_embed_hosts": [ -"visual_embed_hosts1", -"visual_embed_hosts2" -] -} -} + "csp_settings": { + "visual_embed_hosts": [ + "visual_embed_hosts1", + "visual_embed_hosts2" + ] + } + } }' ---- @@ -158,11 +159,11 @@ curl -X POST \ -H 'Content-Type: application/json' \ --data-raw '{ "cluster_preferences": { -"csp_settings": { -"connect_src_urls": [ -"connect_src_urls1" -] -} + "csp_settings": { + "connect_src_urls": [ + "connect_src_urls1" + ] + } } }' ---- @@ -191,6 +192,7 @@ Add the domains from which you want host scripts. For more information, see xref Add the iframe source URL domains. //// + Through the REST API v2:: Send a `POST` request to `POST /api/rest/2.0/system/security-settings/configure` API endpoint. Add source URLs of sites, where from you can import images, fonts, and stylesheets, as trusted domains to the `img_src_urls`, `font_src_urls`, `style_src_urls`, `script_src_urls` parameters. @@ -202,24 +204,24 @@ curl -X POST \ -H 'Content-Type: application/json' \ --data-raw '{ "cluster_preferences": { -"csp_settings": { -"font_src_urls": [ -"font_src_urls1", -"font_src_urls2" -], -"img_src_urls": [ -"img_src_urls1" -], -"script_src_urls": { -"enabled": false, -"urls": [ -"urls1" -] -}, -"style_src_urls": [ -"style_src_urls1" -] -} + "csp_settings": { + "font_src_urls": [ + "font_src_urls1", + "font_src_urls2" + ], + "img_src_urls": [ + "img_src_urls1" + ], + "script_src_urls": { + "enabled": false, + "urls": [ + "urls1" + ] + }, + "style_src_urls": [ + "style_src_urls1" + ] + } } }' ---- @@ -247,11 +249,11 @@ curl -X POST \ -H 'Content-Type: application/json' \ --data-raw '{ "cluster_preferences": { -"csp_settings": { -"iframe_src_urls": [ -"iframe_src_urls1" -] -} + "csp_settings": { + "iframe_src_urls": [ + "iframe_src_urls1" + ] + } } }' ---- @@ -421,20 +423,20 @@ curl -X POST \ -H 'Content-Type: application/json' \ --data-raw '{ "cluster_preferences": { -"non_embed_access": { -"block_full_app_access": true -} + "non_embed_access": { + "block_full_app_access": true + } }, "org_preferences": [ -{ -"non_embed_access": { -"block_full_app_access": true, -"groups_identifiers_with_access": [ -"group1" -] -} -} -] + { + "non_embed_access": { + "block_full_app_access": true, + "groups_identifiers_with_access": [ + "group1" + ] + } + } + ] }' ---- @@ -469,10 +471,25 @@ curl -X POST \ -H 'Content-Type: application/json' \ --data-raw '{ "cluster_preferences": { -"enable_partitioned_cookies": true + "enable_partitioned_cookies": true } }' ---- === Trusted authentication See xref:trusted-authentication.adoc[Trusted authentication] and xref:_secret_key_management[Secret key management]. + +=== Retrieve security settings +You can retrieve the security settings for your ThoughtSpot instance by sending a `POST` request to `POST /api/rest/2.0/system/security-settings/search` API endpoint. +You can define the `scope` to get the cluster-level settings (`scope` as `CLUSTER`), or the Org-level settings for the current Org (`scope` as `ORG`). If the `scope` is not specified, the API returns both cluster and Org settings based on user privileges. + +[source,cURL] +---- +curl -X POST \ + --url 'https://{ThoughtSpot-Host}/api/rest/2.0/system/security-settings/configure' \ + -H 'Authorization: Bearer {access-token}'\ + -H 'Content-Type: application/json' \ +--data-raw '{ + "scope": "CLUSTER" +}' +---- From 5c09cf04da4ed1f22c4c2f357364489faea0df4f Mon Sep 17 00:00:00 2001 From: Rani Gangwar Date: Mon, 19 Jan 2026 11:24:14 +0530 Subject: [PATCH 11/17] added api payload for security settings --- modules/ROOT/pages/security-settings.adoc | 26 ++++++++++++++--------- 1 file changed, 16 insertions(+), 10 deletions(-) diff --git a/modules/ROOT/pages/security-settings.adoc b/modules/ROOT/pages/security-settings.adoc index ca4d8f4ee..3a6bcfcef 100644 --- a/modules/ROOT/pages/security-settings.adoc +++ b/modules/ROOT/pages/security-settings.adoc @@ -110,7 +110,13 @@ To allow your host domain to set the `frame-ancestors` CSP policy header and emb . Click *Save changes*. -Through the REST API v2:: +[NOTE] +==== +Only users with a valid embed license can add Visual Embed hosts. +==== + +*Through the REST API v2* + Send a `POST` request to `POST /api/rest/2.0/system/security-settings/configure` API endpoint. Add your application domain as a CSP visual embed host for your ThoughtSpot application instance by entering valid values for the parameter `visual_embed_hosts`. [source,cURL] @@ -131,10 +137,6 @@ curl -X POST \ }' ---- -[NOTE] -==== -Only users with a valid embed license can add Visual Embed hosts. -==== [#csp-connect-src] ==== Add URLs to CSP connect-src allowlist @@ -148,10 +150,11 @@ If you plan to use a custom action or webhook to send data to an external endpoi . Click *Save changes*. -Through the REST API v2:: +*Through the REST API v2* + Send a `POST` request to `POST /api/rest/2.0/system/security-settings/configure` API endpoint. Add domains of the target endpoints or applications to the `connect_src_urls` parameter for your ThoughtSpot application instance. -[s]ource,cURL] +[source,cURL] ---- curl -X POST \ --url 'https://{ThoughtSpot-Host}/api/rest/2.0/system/security-settings/configure' \ @@ -193,7 +196,8 @@ Add the iframe source URL domains. //// -Through the REST API v2:: +*Through the REST API v2* + Send a `POST` request to `POST /api/rest/2.0/system/security-settings/configure` API endpoint. Add source URLs of sites, where from you can import images, fonts, and stylesheets, as trusted domains to the `img_src_urls`, `font_src_urls`, `style_src_urls`, `script_src_urls` parameters. [source,cURL] @@ -238,7 +242,8 @@ Features such as link:https://docs.thoughtspot.com/software/latest/liveboard-not . Click *Save changes*. -Through the REST API v2:: +*Through the REST API v2* + Send a `POST` request to `POST /api/rest/2.0/system/security-settings/configure` API endpoint. Add domain URLs of external sites using iFrame content are added to the `iframe_src_urls` parameter for your ThoughtSpot application instance. [source,cURL] @@ -281,7 +286,8 @@ To add domain names to the CORS allowlist, follow these steps: . In the *CORS whitelisted domains* text box, add the domain names. For valid domain name formats, See xref:security-settings.adoc#csp-cors-hosts[Domain name format for CSP and CORS configuration]. . Click *Save changes*. -#Through the API:: +*Through the API* + `cors_whitelisted_urls` is an array of whitelisted URLs. Set this to `null` when there is no urls to be set.# Through the REST API v2:: Send a `POST` request to `POST /api/rest/2.0/system/security-settings/configure` API endpoint. Add CORS allowlist for cross-domain communication to the parameter `cors_whitelisted_urls` for the cluster or for the Org. From f420b36f6fd41cc8d7429c5d7c6ca75e28a1f031 Mon Sep 17 00:00:00 2001 From: Rani Gangwar Date: Mon, 19 Jan 2026 11:46:04 +0530 Subject: [PATCH 12/17] corrected level for heading --- modules/ROOT/pages/security-settings.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/ROOT/pages/security-settings.adoc b/modules/ROOT/pages/security-settings.adoc index 3a6bcfcef..861c4c4f0 100644 --- a/modules/ROOT/pages/security-settings.adoc +++ b/modules/ROOT/pages/security-settings.adoc @@ -485,7 +485,7 @@ curl -X POST \ === Trusted authentication See xref:trusted-authentication.adoc[Trusted authentication] and xref:_secret_key_management[Secret key management]. -=== Retrieve security settings +== Retrieve security settings You can retrieve the security settings for your ThoughtSpot instance by sending a `POST` request to `POST /api/rest/2.0/system/security-settings/search` API endpoint. You can define the `scope` to get the cluster-level settings (`scope` as `CLUSTER`), or the Org-level settings for the current Org (`scope` as `ORG`). If the `scope` is not specified, the API returns both cluster and Org settings based on user privileges. From 853d4cea3813d95c418adbb84682c7bfa6d3f1d9 Mon Sep 17 00:00:00 2001 From: Rani Gangwar Date: Mon, 19 Jan 2026 12:40:09 +0530 Subject: [PATCH 13/17] edited code examples --- modules/ROOT/pages/security-settings.adoc | 55 +++++++++++------------ 1 file changed, 27 insertions(+), 28 deletions(-) diff --git a/modules/ROOT/pages/security-settings.adoc b/modules/ROOT/pages/security-settings.adoc index 861c4c4f0..408ca4c67 100644 --- a/modules/ROOT/pages/security-settings.adoc +++ b/modules/ROOT/pages/security-settings.adoc @@ -121,20 +121,20 @@ Send a `POST` request to `POST /api/rest/2.0/system/security-settings/configure` [source,cURL] ---- -curl -X POST \ - --url 'https://{ThoughtSpot-Host}/api/rest/2.0/system/security-settings/configure' \ - -H 'Authorization: Bearer {access-token}'\ - -H 'Content-Type: application/json' \ ---data-raw '{ -"cluster_preferences": { - "csp_settings": { - "visual_embed_hosts": [ - "visual_embed_hosts1", - "visual_embed_hosts2" - ] - } - } -}' +curl -X POST 'https://{ThoughtSpot-Host}/api/rest/2.0/system/security-settings/configure' \ + -H 'Authorization: Bearer {access-token}' \ + -H 'Content-Type: application/json' \ + --data-raw '{ + "cluster_preferences": { + "csp_settings": { + "visual_embed_hosts": [ + "www.thoughtspot.com", + "mysite.com:8080", + "http://localhost:8080" + ] + } + } + }' ---- @@ -164,7 +164,8 @@ curl -X POST \ "cluster_preferences": { "csp_settings": { "connect_src_urls": [ - "connect_src_urls1" + "localhost:3000", + "thoughtspot.com" ] } } @@ -210,20 +211,19 @@ curl -X POST \ "cluster_preferences": { "csp_settings": { "font_src_urls": [ - "font_src_urls1", - "font_src_urls2" + "*.thoughtspot.com" ], "img_src_urls": [ - "img_src_urls1" + "thoughtspot.com/products" ], "script_src_urls": { "enabled": false, "urls": [ - "urls1" + "thoughtspot:*" ] }, "style_src_urls": [ - "style_src_urls1" + "*" ] } } @@ -256,7 +256,7 @@ curl -X POST \ "cluster_preferences": { "csp_settings": { "iframe_src_urls": [ - "iframe_src_urls1" + "www.thoughtspot.com" ] } } @@ -286,10 +286,8 @@ To add domain names to the CORS allowlist, follow these steps: . In the *CORS whitelisted domains* text box, add the domain names. For valid domain name formats, See xref:security-settings.adoc#csp-cors-hosts[Domain name format for CSP and CORS configuration]. . Click *Save changes*. -*Through the API* +*Through the REST API v2* -`cors_whitelisted_urls` is an array of whitelisted URLs. Set this to `null` when there is no urls to be set.# -Through the REST API v2:: Send a `POST` request to `POST /api/rest/2.0/system/security-settings/configure` API endpoint. Add CORS allowlist for cross-domain communication to the parameter `cors_whitelisted_urls` for the cluster or for the Org. [source,cURL] @@ -302,13 +300,13 @@ curl -X POST \ "org_preferences": [ { "cors_whitelisted_urls": [ - "cors_whitelisted_urls2" + "localhost" ] } ], "cluster_preferences": { "cors_whitelisted_urls": [ - "cors_whitelisted_urls1" + "mysite.com" ] } }' @@ -418,7 +416,8 @@ a|+++Wildcard (*) for port+++ === Block access to non-embedded ThoughtSpot pages If you have embedded ThoughtSpot content in your app, you may want your users to access only the ThoughtSpot pages embedded within the context of your host app. ThoughtSpot allows administrators to restrict user access to non-embedded application pages from the embedding application context or selectively grant access to specific user groups. For information, see xref:selective-user-access.adoc[Control User Access]. -Through the REST API v2:: +*Through the REST API v2* + Send a `POST` request to `POST /api/rest/2.0/system/security-settings/configure` API endpoint. Set `block_full_app_access` to `true` to restrict user access to non-embedded application pages from the embedding application context. Enter values for `groups_identifiers_with_access` to selectively grant access to specific user groups. [source,cURL] @@ -466,7 +465,7 @@ With partitioned cookies enabled, when a user logs in to ThoughtSpot and accesse Safari blocks all third-party cookies and does not support partitioned cookies. You can switch to a different browser that supports partitioned cookies, or use cookieless authentication in your embedding implementation. ==== -Through the REST API v2:: +*Through the REST API v2* Send a `POST` request to `POST /api/rest/2.0/system/security-settings/configure` API endpoint. Set `enable_partitioned_cookies` to `true` to ensure a cookie is set with the partitioned attribute for applications using cookie-based authentication . [source,cURL] From 0935080cee09d9207e5a4c810a2e37253e1b70dc Mon Sep 17 00:00:00 2001 From: Rani Gangwar Date: Mon, 19 Jan 2026 13:01:32 +0530 Subject: [PATCH 14/17] edited code examples and lb report --- modules/ROOT/pages/data-report-v2-api.adoc | 1 - modules/ROOT/pages/security-settings.adoc | 3 ++- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/ROOT/pages/data-report-v2-api.adoc b/modules/ROOT/pages/data-report-v2-api.adoc index 1d1282b98..4ab9e8084 100644 --- a/modules/ROOT/pages/data-report-v2-api.adoc +++ b/modules/ROOT/pages/data-report-v2-api.adoc @@ -272,7 +272,6 @@ For *XLSX* downloads [earlyAccess eaBackground]#Early Access#, * Visualization is exported as an Excel workbook (.xlsx). * If multiple visualizations are selected, the downloaded report is a single Excel workbook (.xlsx) containing each visualization in their individual tab. * A maximum of 255 tabs per .xlsx workbook are allowed. -* If you want to be able to download each visualization in a separate workbook (instead of separate tabs), contact ThoughtSpot support. * It does not support any additional parameters to customize the page orientation and `include_cover_page`,`include_filter_page`, logo, footer text, and page numbers. * Charts are exported as tabular data. Downloaded reports may include columns not seen in the visualization if they were used as tokens in the underlying search query. * Unlike the pivot tables that are downloaded for any pivot table Answer in the ThoughtSpot UI, pivot tables generated in .xlsx workbooks using this API endpoint are exported as their underlying raw data. The .xlsx currently does not support the pivot table format. diff --git a/modules/ROOT/pages/security-settings.adoc b/modules/ROOT/pages/security-settings.adoc index 408ca4c67..85bd1ba44 100644 --- a/modules/ROOT/pages/security-settings.adoc +++ b/modules/ROOT/pages/security-settings.adoc @@ -429,7 +429,7 @@ curl -X POST \ --data-raw '{ "cluster_preferences": { "non_embed_access": { - "block_full_app_access": true + "block_full_app_access": false } }, "org_preferences": [ @@ -466,6 +466,7 @@ Safari blocks all third-party cookies and does not support partitioned cookies. ==== *Through the REST API v2* + Send a `POST` request to `POST /api/rest/2.0/system/security-settings/configure` API endpoint. Set `enable_partitioned_cookies` to `true` to ensure a cookie is set with the partitioned attribute for applications using cookie-based authentication . [source,cURL] From c2ce152dff35cadfc93ba6a8ecda1656d90c7853 Mon Sep 17 00:00:00 2001 From: Rani Gangwar Date: Mon, 19 Jan 2026 13:34:06 +0530 Subject: [PATCH 15/17] edited spacing in lb report --- modules/ROOT/pages/data-report-v2-api.adoc | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/modules/ROOT/pages/data-report-v2-api.adoc b/modules/ROOT/pages/data-report-v2-api.adoc index 4ab9e8084..3338d9e7c 100644 --- a/modules/ROOT/pages/data-report-v2-api.adoc +++ b/modules/ROOT/pages/data-report-v2-api.adoc @@ -247,7 +247,7 @@ For *CSV* downloads [earlyAccess eaBackground]#Early Access#, * Each visualization is exported as a separate .csv file. * If multiple visualizations are selected, the downloaded report is a single compressed .zip file containing all .CSV files. -* It does not support any additional parameters to customize the page orientation and `include_cover_page`,`include_filter_page`, logo, footer text, and page numbers. +* It does not support any additional parameters to customize the page orientation and `include_cover_page`, `include_filter_page`, logo, footer text, and page numbers. * Charts are exported as tabular data. Downloaded reports may include columns not seen in the visualization if they were used as tokens in the underlying search query. ===== Sample API payload for CSV downloads @@ -272,7 +272,7 @@ For *XLSX* downloads [earlyAccess eaBackground]#Early Access#, * Visualization is exported as an Excel workbook (.xlsx). * If multiple visualizations are selected, the downloaded report is a single Excel workbook (.xlsx) containing each visualization in their individual tab. * A maximum of 255 tabs per .xlsx workbook are allowed. -* It does not support any additional parameters to customize the page orientation and `include_cover_page`,`include_filter_page`, logo, footer text, and page numbers. +* It does not support any additional parameters to customize the page orientation and `include_cover_page`, `include_filter_page`, logo, footer text, and page numbers. * Charts are exported as tabular data. Downloaded reports may include columns not seen in the visualization if they were used as tokens in the underlying search query. * Unlike the pivot tables that are downloaded for any pivot table Answer in the ThoughtSpot UI, pivot tables generated in .xlsx workbooks using this API endpoint are exported as their underlying raw data. The .xlsx currently does not support the pivot table format. @@ -331,7 +331,7 @@ Contact ThoughtSpot support to enable these settings for PNG downloads on your T [IMPORTANT] ==== * If the above settings are enabled on your instance or you are using a ThoughtSpot release 10.9.0.cl or later, -** You will no longer be able to use the `include_cover_page`,`include_filter_page` within the `png_options`. +** You will no longer be able to use the `include_cover_page`, `include_filter_page` within the `png_options`. ** PNG download will support exporting only one tab at a time. If the `tab_identifier` is not specified, the first tab will be downloaded. * Due to UI limitations in the REST API Playground, you'll notice that some parameters are automatically included in the PNG options JSON. This may cause your API request to fail. As a workaround, click *View JSON* next to the `png_options`, review the parameters, remove additional parameters, and then click *Try it out*. From a1cda59ee8e58fde4f9f95453dfb13538bc79ef8 Mon Sep 17 00:00:00 2001 From: Rani Gangwar Date: Mon, 19 Jan 2026 21:36:49 +0530 Subject: [PATCH 16/17] review feedback --- modules/ROOT/pages/security-settings.adoc | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/modules/ROOT/pages/security-settings.adoc b/modules/ROOT/pages/security-settings.adoc index 85bd1ba44..73695dd1e 100644 --- a/modules/ROOT/pages/security-settings.adoc +++ b/modules/ROOT/pages/security-settings.adoc @@ -40,7 +40,7 @@ On ThoughtSpot instances with Orgs, security settings can be managed at two leve Cluster administrators can configure security settings globally for all Orgs. On ThoughtSpot instances with Orgs, the *Develop* page opens in the `Primary Org` context, unless you are accessing the Develop tab from a specific Org context. To configure settings for all Orgs, you must switch to *All Orgs* context. * Org-level settings + -Cluster and Org administrators can configure security settings for a specific Org. Configuration modifications at the Org level do not affect other Orgs or the default settings applied at the All Orgs level. +Cluster and Org administrators can configure security settings for a #current logged-in Org#. Configuration modifications at the Org level do not affect other Orgs or the default settings applied at the All Orgs level. The following table shows the settings available at the All Orgs and per-Org levels: @@ -201,6 +201,9 @@ Add the iframe source URL domains. Send a `POST` request to `POST /api/rest/2.0/system/security-settings/configure` API endpoint. Add source URLs of sites, where from you can import images, fonts, and stylesheets, as trusted domains to the `img_src_urls`, `font_src_urls`, `style_src_urls`, `script_src_urls` parameters. +[NOTE] +#To be able to add allowed urls for custom JavaScript through `script_src_urls`, `enabled` should be set to `true` for script-src customization.# + [source,cURL] ---- curl -X POST \ @@ -217,7 +220,7 @@ curl -X POST \ "thoughtspot.com/products" ], "script_src_urls": { - "enabled": false, + "enabled": true, "urls": [ "thoughtspot:*" ] @@ -420,6 +423,9 @@ If you have embedded ThoughtSpot content in your app, you may want your users to Send a `POST` request to `POST /api/rest/2.0/system/security-settings/configure` API endpoint. Set `block_full_app_access` to `true` to restrict user access to non-embedded application pages from the embedding application context. Enter values for `groups_identifiers_with_access` to selectively grant access to specific user groups. +[NOTE] +#To be able to gives access through `groups_identifiers_with_access`, the selective user access feature must be turned on in the *Admin settings*.# + [source,cURL] ---- curl -X POST \ @@ -485,6 +491,9 @@ curl -X POST \ === Trusted authentication See xref:trusted-authentication.adoc[Trusted authentication] and xref:_secret_key_management[Secret key management]. +[NOTE] +#Trusted authentication is not supported through the REST APIs v2.# + == Retrieve security settings You can retrieve the security settings for your ThoughtSpot instance by sending a `POST` request to `POST /api/rest/2.0/system/security-settings/search` API endpoint. You can define the `scope` to get the cluster-level settings (`scope` as `CLUSTER`), or the Org-level settings for the current Org (`scope` as `ORG`). If the `scope` is not specified, the API returns both cluster and Org settings based on user privileges. @@ -492,7 +501,7 @@ You can define the `scope` to get the cluster-level settings (`scope` as `CLUSTE [source,cURL] ---- curl -X POST \ - --url 'https://{ThoughtSpot-Host}/api/rest/2.0/system/security-settings/configure' \ + --url 'https://{ThoughtSpot-Host}/api/rest/2.0/system/security-settings/search' \ -H 'Authorization: Bearer {access-token}'\ -H 'Content-Type: application/json' \ --data-raw '{ From 682d11ab14dcf4cfcfb3273cf40a3bf76eb652d9 Mon Sep 17 00:00:00 2001 From: Rani Gangwar Date: Mon, 19 Jan 2026 21:48:28 +0530 Subject: [PATCH 17/17] typo --- modules/ROOT/pages/security-settings.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/ROOT/pages/security-settings.adoc b/modules/ROOT/pages/security-settings.adoc index 73695dd1e..1df27fb37 100644 --- a/modules/ROOT/pages/security-settings.adoc +++ b/modules/ROOT/pages/security-settings.adoc @@ -40,7 +40,7 @@ On ThoughtSpot instances with Orgs, security settings can be managed at two leve Cluster administrators can configure security settings globally for all Orgs. On ThoughtSpot instances with Orgs, the *Develop* page opens in the `Primary Org` context, unless you are accessing the Develop tab from a specific Org context. To configure settings for all Orgs, you must switch to *All Orgs* context. * Org-level settings + -Cluster and Org administrators can configure security settings for a #current logged-in Org#. Configuration modifications at the Org level do not affect other Orgs or the default settings applied at the All Orgs level. +Cluster and Org administrators can configure security settings for the #current logged-in Org#. Configuration modifications at the Org level do not affect other Orgs or the default settings applied at the All Orgs level. The following table shows the settings available at the All Orgs and per-Org levels: