Skip to content
Documentation

Admin Controls

Admin controls give organization administrators the ability to enable or disable sharing and access features across the entire organization. These are the guardrails that individual users and workspaces can’t override.

Available controls

Section titled “Available controls”

API key creation

Section titled “API key creation”

Admins can disable dk_ API key creation for the organization. When disabled, no users can create new API keys. Existing keys continue to work until individually revoked.

When to use this: During security audits, compliance reviews, or for organizations that need to restrict all external data access channels.

Section titled “Public share links”

Disable the ability to create public share links. When disabled, data can only be shared with authenticated users within the organization. Existing public links are deactivated.

When to use this: Organizations that handle sensitive data and need to ensure nothing is publicly accessible, or during compliance audits.

Embeds

Section titled “Embeds”

Disable the ability to embed Querri views in external sites. When disabled, the embed SDK and embed session endpoints are deactivated.

When to use this: When all data must remain within Querri’s application boundary, or for organizations with strict data residency requirements.

Deny-by-default mode

Section titled “Deny-by-default mode”

By default, users with no access policies can see all data (permissive default). The deny-by-default toggle reverses this: users see no data until policies explicitly grant them access.

This is designed for organizations that handle sensitive data and need to ensure that every user’s access is explicitly defined before they can see anything.

How admin controls interact with other security

Section titled “How admin controls interact with other security”

Admin controls set the organizational floor. They work alongside other security layers:

  • Sharing controls who can access data
  • Access policies control what data each user can see
  • Groups assign policies efficiently at scale
  • Workspaces create boundaries between departments
  • Admin controls enable or disable entire categories of functionality

Teams and workspace owners can add stricter controls within their scope, but they can’t override organization-level restrictions. If the admin disables API key creation, no workspace owner can re-enable it.

Next steps

Section titled “Next steps”
  • Access Policies — Per-user data access control
  • API Keys — The keys that admin controls can restrict
  • Audit Log — Track when admin controls are changed
  • Workspaces — Governance boundaries within the organization