Skip to content

Latest commit

 

History

History
74 lines (58 loc) · 2.06 KB

File metadata and controls

74 lines (58 loc) · 2.06 KB
title Row-level security
description Covers applying group- and attribute-based filters so query results only include rows users are allowed to see.

The data model serves as a facade of your data. With row-level security, you can define whether some data model facts are exposed to end users and can be queried via APIs & integrations.

Row-level security in Cube is similar to row-level security in SQL databases. Defining whether users have access to specific facts from cubes and views is similar to defining access to rows in database tables.

By default, all rows are public, meaning that no filtering is applied to data model facts when they are accessed by any users.

Managing row-level access

You can use access policies to manage both member-level and row-level security based on groups and user attributes.

Here's an example of how to filter rows by a user attribute using access policies:

cubes:
  - name: orders
    # ...

    access_policy:
      - group: manager
        row_level:
          filters:
            - member: country
              operator: equals
              values: [ "{ userAttributes.country }" ]
cube(`orders`, {
  // ...

  access_policy: [
    {
      group: `manager`,
      row_level: {
        filters: [
          {
            member: `country`,
            operator: `equals`,
            values: [ userAttributes.country ]
          }
        ]
      }
    }
  ]
})