This is a Portkey Enterprise plan feature.
Prerequisites & Availability
- Enterprise (Hybrid Gateway): Gateway v2.2.4 or later is required. Only logs generated from this version onward will be considered for user-level filtering.
- Airgapped Deployments: Requires Gateway v2.2.4, backend v1.11.0, and frontend v1.6.4 or later. Only logs generated after upgrading to these versions will be considered for user-level filtering.
- SaaS Users: This setting will be applied to logs starting from 19th February 2026.
Overview
Data Visibility settings in Portkey enable Organization administrators to control whether workspace managers and members can view all observability data (logs, analytics, and traces) within a workspace, or only the data generated by their own API keys. This is useful for teams where individual users should only have visibility into their own requests.Accessing Data Visibility Settings
- Navigate to Admin Settings in the Portkey dashboard
- Select the Security tab from the left sidebar
- Locate the Data Visibility section
Permission Settings
The Data Visibility section provides two permission options:| Permission | Description |
|---|---|
| Managers View All Data | Allow workspace managers to view logs, analytics, and traces generated by all users in the workspace |
| Members View All Data | Allow workspace members to view logs, analytics, and traces generated by all users in the workspace |
Organization Owners and Admins always have full access to all data regardless of these settings.
How It Works
When data visibility is restricted for a role:- Logs: The user only sees log entries for requests made with their own API keys
- Analytics: Charts and metrics are scoped to the user’s own usage
- Traces: Only traces initiated by the user’s API keys are visible
- Workspace-User API Keys: When a workspace-user API key is used to fetch analytics or export logs via the API, the same data visibility settings are applied based on the role of the user the key is scoped to.
- Service API Keys: Organization-level and workspace-level service API keys bypass data visibility restrictions entirely and always return all data.
- Visibility of Service API Key Logs: Logs generated by service API keys are not attributed to a specific user. If data visibility is restricted for a role, users with that role will not be able to see any logs generated by service API keys.
Limitations
- JWT Authentication: Requests made using JWT auth are not attributed to a specific Portkey user, so they cannot be filtered by user. If data visibility restrictions are enabled, logs originating from JWT-authenticated requests will not appear for restricted users.
Workspace-Level Overrides
Data Visibility settings support workspace-level overrides, allowing you to configure different data visibility rules per workspace. When workspace-level overrides are enabled for Data Visibility:- Each workspace can have its own
membersViewAllDataandmanagersViewAllDatasettings - Workspace settings take precedence over organization-level settings
- Workspaces without explicit overrides fall back to the organization-level settings
- Enable the Allow workspace-level configuration toggle for Data Visibility in the Security settings
- Navigate to the specific workspace settings to configure per-workspace data visibility
Related Features
Logs Access Permissions
Configure who can view logs and log metadata within workspaces
Analytics Access Permissions
Configure who can view analytics within workspaces
Access Control Management
Learn about Portkey’s access control features including user roles and organization hierarchy