Add filters with user macros (RLS)
When you share a dataset, by default, all the data is visible to all its recipients. However, you can add a filter with a user macro that will automatically filter data depending on who is logged into the system. Restricting access to data in this way is one of the methods of row-level security (RLS). For example, your dataset contains sales in different regions, and each has a respective manager assigned, and you want that a manager sees only the data that is relevant to his/her region.
Prerequisites
- You are creating or editing a dataset.
- The Step 2 – Refine page or Step 3 – Join and preview is open.
The dataset has a column with unique user information that is a part of the user profile in the platform for each user, like usernames, first and last names, user emails, and so on.
You can match users based on the following macros:
${user.username}
${user.firstname}
${user.lastname}
${user.email}
${user.groups}
${user.tenant}
Procedure
Depending on the context, do one of the following:
If you are in Step 2 – Refine, select the needed data source, and then click Filters in the upper-right corner of the page.
If you are in Step 3 – Join and preview, next to the data source name, click More options and then Filters.
The Filters dialog appears.
To create an individual one-line filtering condition:
Click Condition.
The condition record appears.
From the first dropdown list, select a column with the user names who are region managers, for example.
Select a condition to filter data for the username, user first and last name, user email, or other attributes that you have in the dataset. Do not add any other symbols or quotes in filtering conditions, but just macros.
Example:
Manager equals ${user.firstname} ${user.lastname}
As a result, the user who logs into the platform will see only the data related to the respective user.
Note: Ensure that you share a dataset with the filter to the assigned users or groups. For details, see Share dataset and Set permissions for a dataset.
Comments
0 comments