Row-level security in Visualization
Row-level security allows you to limit user access to data within a single dataset.
In this article, you'll learn how to:
Set up RLS on the dataset level
You can limit access to any field type on the dataset. You can assign a user to any number of fields.
This access management looks as follows:
'value_1': user_email_1, user_email_2, user_email_3 'value_2': user_email_2 'value_3': user_email_1, user_email_3
For example, to give a user with the email
cto@your_company.com access to the
Company-internal-ID value of the
company-name field, write the following configuration:
To provide the same access rights to multiple users, enumerate them separated by a comma (
'Company-internal-ID': user1@your_company.com, user1@your_company.com, user1@your_company.com
You can define all the values or all the users with a
* substitution symbol:
To allow access to all the field values to
*: user_email_1, user_email_2
To allow access to the
value 1field to all the users:
Set up RLS on the data source level
Setting up RLS at the dataset level requires editing every time a dataset is changed. To reduce maintenance load you can apply the same principle at the data source level:
Add a new field for storing user IDs to the source data. All requests to the data source will be filtered through this field.
For each row of source data, specify the ID of the user allowed to access this row. If multiple users should have access to the same row, you can move the access control logic to a separate table and
JOINit to the main table at the dataset level.
In the dataset field with the IDs in the RLS settings, enter
userid:userid. You can use the
useridvariable together with the regular RLS type in the dataset:
'value_1': user_email_1, user_email_2 'value_2': user_email_1, user_email_2, user_email_3 userid:userid