Row-level security in Visualization

Row-level security allows you to limit user access to data within a single dataset.

In this article, you'll learn how to:

Set up RLS on the dataset level

You can limit access to any field type on the dataset. You can assign a user to any number of fields.

This access management looks as follows:

'value_1': user_email_1, user_email_2, user_email_3
'value_2': user_email_2
'value_3': user_email_1, user_email_3

For example, to give a user with the email cto@your_company.com access to the Company-internal-ID value of the company-name field, write the following configuration:

'Company-internal-ID': cto@your_company.com

To provide the same access rights to multiple users, enumerate them separated by a comma (,):

'Company-internal-ID': user1@your_company.com, user1@your_company.com, user1@your_company.com

You can define all the values or all the users with a * substitution symbol:

To allow access to all the field values to user 1 and user 2:
```
*: user_email_1, user_email_2
```
To allow access to the value 1 field to all the users:
```
'value_1': *
```

Set up RLS on the data source level

Setting up RLS at the dataset level requires editing every time a dataset is changed. To reduce maintenance load you can apply the same principle at the data source level:

Add a new field for storing user IDs to the source data. All requests to the data source will be filtered through this field.
For each row of source data, specify the ID of the user allowed to access this row. If multiple users should have access to the same row, you can move the access control logic to a separate table and JOIN it to the main table at the dataset level.
In the dataset field with the IDs in the RLS settings, enter userid:userid. You can use the userid variable together with the regular RLS type in the dataset:
```
'value_1': user_email_1, user_email_2
'value_2': user_email_1, user_email_2, user_email_3
   userid:userid
```

Overview

Access management structure