Row-level security filters

When you share a dataset, by default, all the data is visible to all its recipients. However, you can add a security filter that allows you to specify which data rows any assigned user can see in the dataset. Restricting access to data in this way is called row-level security (RLS). For example, your dataset contains sales for several years in different regions, and you want to allow each manager to see only the data that is relevant to the respective region.

To add a security filter, you define simple (one-line) conditions and assign users to the corresponding subsets of data. Each condition can have the same or different recipients assigned.

If you have multiple conditions for the same recipient, the following rules are applied:

• If the same column is used, each condition is considered independently (as if there was OR operator between them).

• If different columns are used, only the data that matches all of the conditions is available (as if there was the AND operator).

The following operators are available depending on the data type:

Operators for measures

• does not equal
• equals to
• is between
• is greater than
• is greater than or equal to
• is less than
• is less or equal to
• is not between
• is null
• is not null

Operators for dimensions

• contains
• does not contain
• does not end with
• does not equal
• does not start with
• ends with
• equals
• is blank
• is in list
• is not blank
• is not in list
• starts with
• is null
• is not null

Prerequisites

• You are creating or editing a dataset.
• The Step 2 – Refine page or Step 3 – Join and preview is open.

Procedure

1. Depending on the context, do one of the following:

   • If you are in Step 2 – Refine, select the needed data source, and then click Security filters in the upper-right corner of the page.

     

   • If you are in Step 3 – Join and preview, next to the data source name, click  More options and then Security filters.

     

   The Security filters dialog appears.

   

2. To create an individual one-line filtering condition:

   1. Click Condition.

      The condition record appears.

   2. From the first dropdown list, select a column that you want to filter.

   3. Select the condition.

   4. Enter the value against which you want to filter.

      Depending on the condition type, you can click Display data values to select from the values available in the dataset.

   5. Click Assign users.

   6. Specify who should see the data with the condition:

      1. Groups – Click Groups, and then click the appropriate groups in the list.

      2. Users – Click Users, and then click the appropriate users in the list.

      The selected groups and users appear in the list of recipients.

      To remove a recipient from the list, click next to the recipient's name.

      Click Apply.

      

   If needed, repeat the previous step to add other conditions.

   To duplicate a condition, point to the corresponding row and click Duplicate.

   To delete a condition, point to the corresponding row and click Delete. Deletion is performed without confirmation and cannot be undone.

   Note: Ensure that you share a dataset with the security filters to the assigned users or groups. For details, see Share dataset and Set permissions for a dataset.