Authorization by dashboard

[parente]

After settling on how #123 is done, we should think about how to support authorization. Some thoughts:

• We could start with simple access control at a whole-notebook/dashboard level. Can user X access notebook/dashboard Y?
• We can go deeper with output-level granularity in which someone tags certain cells as visible to certain users or roles. (Or, better, tags dashboard output cells with automatic backtracing to ancestor code cells). Can user X see A, B, C outputs in dashboard Y?
• Both of the above require new UI at some level to perform these actions. The UI could live on the notebook side or on the dashboard side. I'm hesitant to do anything specific to this feature in the notebook UX since it seems to overlap with the generic cell-tagging feature requested numerous times by the community. It could be that these refinements are performed on the dashboard server. But it feels a bit weird to have such a hybrid: layout in notebook server, security in dashboard server. Both should probably live together, one way or the other.

[dalogsdon]

But it feels a bit weird to have such a hybrid: layout in notebook server, security in dashboard server. Both should probably live together, one way or the other.

Since this seems like an authoring issue, I'd vote for both to live in the notebook to maintain the distinction of notebook=authoring, dashboard-server=consuming.